hxxps://tria[.]ge/submit/file

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
19-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/submit/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{BE1586ED-54D9-41E0-9659-75E81A9B3B60}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
3112	msedge.exe
3112	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
3940	msedge.exe
3940	msedge.exe
1588	msedge.exe
1588	msedge.exe
4084	msedge.exe
4084	msedge.exe
1376	msedge.exe
1376	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1780	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 4788	3112	msedge.exe	77
PID 3112 wrote to memory of 4788	3112	msedge.exe	77
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4428	3112	msedge.exe	78
PID 3112 wrote to memory of 4608	3112	msedge.exe	79
PID 3112 wrote to memory of 4608	3112	msedge.exe	79
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80
PID 3112 wrote to memory of 3644	3112	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/submit/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf4323cb8,0x7ffcf4323cc8,0x7ffcf4323cd8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,8102147812100377337,7620556852562418552,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf4323cb8,0x7ffcf4323cc8,0x7ffcf4323cd8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14539947036062719666,9599176348469838618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b93e7a3e85e5edffc185b271f3d8d6ce

SHA1
da29b9e9e5087a54089dc4b0d9d0b2c1c2e8e2c9

SHA256
938c618698073136c56241d989b9d619645784fe6649b9754b9ea3ef80be71b4

SHA512
87d8807a4a0ab71f50371115af93fa621099fdc9e2dbfe33ff259d7fe7505990d3c9f884b7891323541ee118cb81c9c20dcae97135e985876888209a7d25b548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8962256ee620d9924416bd432ff3f0bf

SHA1
947ae0913d81463764ba86c2cd00ca1aedbd1a83

SHA256
2fcfacf40ae20379c061bef8f565607c4335a58540f0c8feb858a34bd890ed55

SHA512
57515889972816bd909e486e64bd66d56bfa6caf67235acbecd13f3c9788800650afc18613b0d89f4e862bc80a82b83554e5c437ac4bc165aca8084b73f8a9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
64e710905e037d2bc67278b5e8fcbf46

SHA1
62a0ba7010dc3f3f1e95bec3925d6ffb69ee06d0

SHA256
27f9bd65c900c0eb6c934e714554872491a388177a582c694792f52a71a53615

SHA512
86dd879315f0b800ecf48b512b79b8044e4064ca435bff798d74d9a4ef56e4b875a11e3f00df48d7b2bd0af14302f05e6541b745f74f4b1114dc7df56ab37886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
e65d0af5a2e6ce6a331636695c250c85

SHA1
25951f739b1043657e0dc3ccc7ed560b6efa9365

SHA256
e3cec63f99a08db8bbc537dc5263691c52967c49946192ed952262defa257056

SHA512
2c2e85011f4c582073707c3bcf43cc690d6298d6b42ab70c23239b901af3023f6dc831ff10475c131c4cd923709a025c320aa92f9006806aea2921191a10bcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8a37763117b01513a1c67eed7a6fece5

SHA1
c1d56b48eb28eb6c410046335af068f5ee9b91d2

SHA256
bd94cd03134c508c022d0b6df62c947ad3519771097d2a903687fcae63411d0a

SHA512
76672325e2abd707be295c5c82752636595d2e9577eef1d4d0c4e3eb07e33c0524acf48e3c90cfe5c6ca1f66fc86d2276355baca1ead45bec49c0fb1e400f234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ecfc1c6e2ae5b1f7975b09e9f79a6eef

SHA1
1ef73443fba844b0a1d4b1bcadefd3db7483ded5

SHA256
4e1d18bce91e180deb568e28d6d060b3db0119a2e5a835a673d39e993e6ba8a1

SHA512
106eb425ac1cb31f53936cefb18e215fb58d8653afa32ce539194572dc33fa78451068ecdb9b25e60fb97ba61bec3bc5e1140952454bbae5a0766e048d6c1f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
b19e61e70d80d61685487024415afd87

SHA1
cecfd4cb897bcecf6a50f35823615c2e2c9fbf37

SHA256
daf0612078787efc4bc6149df5134a1fa8208f14511088b132eead86ffa8517d

SHA512
106ce57a400c249a71d7b8f39ec77bc2d679d430f21a35ff58fff16b73f2396286e27a4ffbfb49fc56976f2a2d0ec8ad1793303466cb52e5622fb43f44f8efeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f083b21bc0acab22c999d704f7f517e2

SHA1
ff2a9675c4562c68bfbb34c3f8a71a7762f29846

SHA256
a210a6402c27e0391cfaa30b4534aeffafde08402d35e20544d244c50624b97a

SHA512
3bfd68c9b7792b913857ac647d7e1836038fb54443fcd254c221095da72964fe8cd77773def133267e83cb6f088cec55403ab47b5bae3afb74adbd9f0d63bea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
69294e2040ecaa6229a3a18e15d34d4a

SHA1
7257d6632282b8ea705fe9b404fcbbca5def5e40

SHA256
85e40c9c8d9d68abafc83e58c949838d6229bed280ecbaf567c70c4ceb6294a8

SHA512
fc120aa2c66d988cbecacfd3a1c364d5f4863c755f5b027e24b60ce60e9a04fd29f008cb6a49b0afbbdb6ecbbbb108e87df9e12296fb841bfb0ab31329531902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
133d246ee69939944f06cde4cb971682

SHA1
7370dac9264b262389b9a5edb285b0ab297fc16b

SHA256
06e19f1f4681e809ba21c6359c056fcd8fcb5221c718222b26cb4fa78a3acb97

SHA512
6c24c19fb7f001c2243d6d7c85569f15494d2a53c5854d061cb94e3d52ef5681619748522be874dd5a70b2f01341b2b4d828257022f90875ce223a309806db5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
41e0ff20f9f0306e636cbb66f6fb6c55

SHA1
f8db1057676d28c7b2a4522c8af4922a0e911e9e

SHA256
1aea553d1e3efd39660749063b0931480972780d17b2d84d19c2f7cbcb4dc716

SHA512
4bb3df3148802cc4f137140629c6c5df67fb0fc8ceb47443c396030bb6ed56672edfa4d17b04ddc61487a6082cedc3d560402e2bf457ff631071535f58727d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
e59cdd8c82bbd72c42e0d69547587987

SHA1
f6bd64bfc3c4c462e47cce95731c488baa597f8e

SHA256
940b82fcff67867b75f90529351cda901ca053e4bf9f78920a092ebbd32e2f03

SHA512
6de5c483f39b54867623765084fdc608c5f133fd45e80e151bbb93b46fbf07f21d390eff3c7ef75cc9f0346b820f3470b38a282479ed08272235d8c22141c412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
0cbb65fdf44f9d4886418f2af126dc9a

SHA1
24a319befc8109a3680903e74032b4051f8c5c7c

SHA256
d5b0dec33632f202bda0e9b9f5a703e6f780ecef1313befd2d0366e8d30b53b8

SHA512
21acb315df3ce086f208b087d4d950c9d389a5234405379612884e6ffad847161a2b197e0f308550564e1a25f6068ca9703547397242ed87a941d6d56b91c3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fdf63362cb243f8d218f81291ff3505a

SHA1
7ae4ecd1c06c08831e2a5c158e0b36e10fd52a5c

SHA256
5deec1a1d27ec850e9689730ee6f16c3c4181fc6a239d8d69b9770015e196fc6

SHA512
c2e9cb60f63f4b16fb7fbe293b0bb1761b5a7fd92fda1e5876b010472d2f0e87c2324d5b2f973c36da8f8910a8b6d0a260ba4acee97b3178db7ae078bb9df72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
318ae4ef43b4f571d7976f967a5da37f

SHA1
00940df34d773b607cc1a1c67f63cd7d35209c8f

SHA256
50efa7b9b65714a5fe3cd087c48296dbf470d83ae20f1ef7115d63f6f57c50bd

SHA512
570f4d8091619cd3598ee62c962e23fd2e3bfcdb842ccb39c0513ee653289c73ebb8b413d4bdb6883d5ade8a9efd894a3e29a9ed578074d646f3ad587b51a3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a3cd14799ca73e4b40248caf41de7d07

SHA1
6052d309fdfac9595bd6518157b1932b729f0b50

SHA256
f7697b69d1b85214c86ed723228d65bf174407c3d42cb7a5eacde41ed8567a2b

SHA512
c0967d14ca2af5bec3d83cb0ae6316b0eb00cb0db4aaadf52b69ddcba734ab4028d3e01f2f453375c2a362c2ef5e7af9b83459192c49a385dbfb435b9d16dc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
381b050a705bf51a6d29039f8ebdfc55

SHA1
180815262dd2ce6de56ae6a6db99b8195c941ba5

SHA256
f5efae7f338becfed91cfbe5e96079e96dcd44cea105e758d7d7b320d6768357

SHA512
1e7e02602c6e9dcf41b89a64d05602f2a3cf330a978cb38319dfb4e52d3ca2a1ce12b5c4438f196d8d231f57272a79d17d99249b6e9a38357e2ec91f1139a860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
829e4a0e5eb63c281b3bd5b99e8eb8ae

SHA1
97e852c0d8475dba86b78fc09032433f4ede203a

SHA256
ebfeb0c85f384ad914d5f4d128f4723e081aa1a1183c785e776db3f2ddfd42c7

SHA512
fb38e72d8fabbae04c448687e45adca43bccc214c4b13dd38963ff2d116814175a585572f45311fe3cff9e6e0b2d102c9d07d70e5b2d0d03a6207afba34e9269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
227025552dca81fbb61e2392a11f56b1

SHA1
b265118857dc293248e863e8afc3c3bc6e0cc6e5

SHA256
59c7168cb25e13c37e1c14eef7498463fb93715f9186f7fa6e7751e2d0cb7da6

SHA512
287a54427c9591719faf735ed4b7f5176f9745916feb46c927e6339dc614cc0268fe113e52c9af93e102f16048442101fc78120b7e4ceae8477d9f68572f192c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdaaefb1494450af612b5d5993731278

SHA1
3f4f16c74979e33e180023a2dc77566feb850b00

SHA256
ea4972fd5f5d01e09d9ace89a9d3df442a267bd769d328742caba4f974124f40

SHA512
3885776825c5469b53f14c0bf0aeb7c0ce3779203e5eb45dd6835760066ee5e2ca1a7051ed48ef72d30903960e9b5f712389afca2b58acac523fe37238eaf263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
993e282c5a3d75410ed207c508499c93

SHA1
fe7c99033d68a91f2e4bcbe41ae64ea8156a9f28

SHA256
c07fd78d575aea358a18bf65729226e18cb0267efac281855356117b90907ce6

SHA512
922863330b9af422c1a301ccebdd28f9019faf3a0e0a710ecefd930f0aee7b369d107dc84ccb821996804bb3b2948482495eb25d750ebaea46df5adeedc47c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e84dc8c620ba87d583d25a1fb6917280

SHA1
987fe1bf3bae32a6d0a6cd79aadc855a627b89fc

SHA256
700ed1122138febbb1f2ffdbdc36d731f0dffe8a16af0bce201a8b53d72673be

SHA512
4b2408defc5be23823a8560103598dd0420e66c4839a43ed81f7f40834aa2c5ef764b2a10bb3c546287eb00320c3da6a3cb6a52fc1e6cc4233f4f2b5b73c5973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afcf3389125241e4f90d5523781394b8

SHA1
7d1239d4e6db55d5240311818ec4f8192087a8ed

SHA256
1f5d418cc70e26daa4111b0b26fd5b8893ba23da42f6be6ceee2b9506338fef6

SHA512
b5693664897f4c5c56bf88b7e38b903d8387c1ab3c16ce4853dd4e7192aeae41b112dba7a48834219bce4fd085f82f0937eeb141f1d881f29fa2eeb14d91ba86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
697B

MD5
442ffbcd37d379275ab0c1beec285f8b

SHA1
214b2d7ad07086a45508b9ff9df809d1e67edd55

SHA256
faa2bb772ee9a4b0aceef9c06f5db411edd53469c8428ff9f1b9ad190b05e119

SHA512
25380fdb8e6e2781f138094a1764db107680b8d054d01ed7d0ebe972cd7d00fa82b6bd98938a20c11fac4379345fe4c09e05ad0710c5f4b34e7a17dbcc73445d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
e442fba0e82c7b0d97c5b260613ea5e3

SHA1
f8478fba18f036977e8c5cc7c512443fea1aed42

SHA256
241c66f1d0b5e0d7adce09a6d534711ae6a072bbae03d4e1d21d9f26cf60ea20

SHA512
7ada1f6e01c3a3b84d5cc2db679dddf2597c3d7aab2b3f4404041376fbf87b48cf6b33a38b7036b0c106114fb1b23ea64194fffc3832f71b270554b4617efcd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea3c11e0352134d11b8f418ff3d9805e

SHA1
cc7f264aadc3b5861722012447714c3eed6858e1

SHA256
ed4b72d4d1f201b31ef14c5ff7e13be7351a1de9248cfef4fdc13e6b31473e67

SHA512
daf30bf6bd9145c828a57eb219812b163e3339b42c4a116ebc939ecb731ed5547e525bd3490e8700c0c94aa345de68981cc835272e153419cbdafb62c2c49fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dff0.TMP

Filesize
48B

MD5
b0e243509fabb6741f2b8b299981f079

SHA1
3811d790d05f9091889e91179d7e152c6c112c46

SHA256
288e4ee56e37ce6c92e0c3ea04e156260cfeab80e368088b895554353fabc777

SHA512
09c31678c5d625af23b2a2d7716ad07fd582e0ec8876826eb76e896b16ebfc8df558c8549b6c7eeb45bba66f0a3720b0fd967d0c3b84394b2f4749f2e4a2db54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
8c1e91bbd4c2b683f0d98739aaa992a6

SHA1
b65dddd06404f8c52cfb59f48abe4b8dc0fe5970

SHA256
becb8b1b08d4ef30fc03ce94ff9cdefb1e2b11a67dfdeaed00c1fe6761bcd506

SHA512
26dc99b69e95c443bc1534a815ac310cdc449c13be1c38325df0794f3f3d7ae6ddddf4f18e0fbee1bb447c22330e36942383c288aea18152ee571edc25d2353c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360624885398254

Filesize
3KB

MD5
66d3d5b84be44027c27f4b3e79a080ad

SHA1
b85d60b63bfcdb4e99451d9b5386e9eefa7e22db

SHA256
a2faf5c759c6f973de3340b2c1de343c74e2d67e149c803b4bd7f7a6ba263661

SHA512
b30b447c0a91340f0b740a4439d66b16b21dcb2022bd6c36ba43e83520646a89f58257fe55252df03f5da401caffe05e6939a514df179070e44f160b695876f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
f1da6696d1ac750c54e7568766fbc08b

SHA1
c1b73c708896c6a4739b1fc7e3584f4ab9dacd93

SHA256
41c97b0294856d630ed49d33f99e08c3f737fa8936b25ed74f5221a16702691f

SHA512
6bdfbd368dbd0d0915bcd92e995f4ffd80365f2969ecb69200b7febaffd52babeb62a40d3ef9f0b97fc17fb70cfccc1289d2f5bbf8e7270c253732a7dea7c469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e4df8ab5a1d28ee4964c13550d09c6ae

SHA1
e2a33c2a94881a678c0256f2a44fde1980da91ad

SHA256
630f99387d5ce837a8e68e6526b4cade9863143fa3a14a7c632c3a026a61cacc

SHA512
c1885288bfb44be9b6cdb44a013660a16521181ccf06143f0fd591714503b3a94d30c453fc7a33533c96e5f1ac3a928f82c973cfcd2803ff07c068d5db5a8279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9b2b7cc5d4b5dc5e41b6e6c961211148

SHA1
30466867f588ca4ea2e468386b7270b696d5004a

SHA256
86b3035f78601ac9fd189059756206db4fbf636d664a4c33873dc336a5b730eb

SHA512
51c597971b1879a4a792882ee8ab544ddc1b62e6fd74f856e844b70b2736c491caecf53dfdbc650793b4f5dc4f40726c76a513f92a46964fdc981a4f47eb1dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b1608dec6d71e3b2d820078389c4e814

SHA1
3df59f0860dfb8bd0169554eb76225459aecd71a

SHA256
96a68d42cf507d9fbbbb13d6d31b0c463c3c7535b33f42fb7dbc5b9032e295fc

SHA512
3ba75e46302abf3bff399b1932577c20751e952272aa5f471e368967e99e058284642f54a49754636360046ff94a90f2aad2c22e24b366bf1eedb8e67af1721f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d530039d0eee3a89615a0e73a05aca3

SHA1
33eb189d27da2c669e0edacf128bd320ec9e768c

SHA256
45f3a86e06c93dedec99456c7e4d5fd6d709e6836cf1155acb23fcdde49b6388

SHA512
6cab47849c84ce548504c03bcfcd7049017ded05c243991caa21a0c8b8827c2e5b74e6b6246ffd3bb4cbe6aa707549eb3cc7812ab3c0abb58145290bbb281aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d61c.TMP

Filesize
204B

MD5
1bcb421adc5ac0219c981a8c1c006a81

SHA1
850e66073d95adb31ee751bd718796efcd3faec6

SHA256
947b5e011eaaeb86686fb6f24d4a2bcf9a9b162c6f230adc2a8c0cf2e1e0b867

SHA512
e9d2afe44f1637f6a538f5767296e9ea4deb219093299f115ce8d75bd77b7f516772a5fdc8bf8f9b063ff0e8ec74b80dc624e0f35486e781a6e08b660f4bc7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
919000ad471de7b7808a539b92209770

SHA1
c9ac655b4398f75399905886ee6a1dfb58bbd8b1

SHA256
14c9e5fab6b08dcffe860870192d288ccefb8fa0f75fe0a9639bfae18dd85363

SHA512
07b62062726f036ba4b70822562fb199ae5b553b135daf798441780d3cec39c9b61ef6ddcab122295810ad3d5041194b9e6911963874f7780807424c317d3a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.1MB

MD5
24263cb14d9d5a4551d06241ac2b00ec

SHA1
48e866637a2867ad809cc754be611e87aa822326

SHA256
7c231f97e0ff6b1f4f7be54bdacbcfb6becb376790d4aab6c345e6db85bfb235

SHA512
a7d661937da70b62108dee4e00d217f95d451e612cbd4214cff5185f96633eeb13adb4ef1ad14aec872584e749a34ea92adcd4b3b30526f88b63efc1fd960a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
7c131cfad05cc00244cf2a7d49ac98b5

SHA1
39c99667b1072c4c0f9f894fb551940aee9a33e6

SHA256
ce685a90212872d118b9344dd492dc06f1971087bff463deebf572ffcd221ebf

SHA512
4437c87471106429b21b114631294822399b9b670a646bb064750404a32c3416b8ef028c7571971d55d1ec9d515a41f2bb122355cbb33c86d0d0a986d2931ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
53809c5b10bc3702ddfcdb479402c551

SHA1
0a8435aa6b64218b3e57feb7a70ae2cd523af8fd

SHA256
95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8

SHA512
302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a492e1911d6737cd08a4ee4b848d998b

SHA1
49983b30c2069b04b25fc35e528a8eb98988c465

SHA256
0e6b7784dbe4d142db1d86753f662fd0bc1d429e281ada6865b72d43b74f89c3

SHA512
3ec23d523716da88e95fc5a5aeb7329ea146f97f9038e6fa7746376dfdf8edc22dc1ebb8626bea14b990ff7479efaf631a93738e2edd349f7ba06253180cfe8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
740abb4308dd7a32383e681a6a98d252

SHA1
b4b6fb39a6e786ae840ced8955bad7e4bc0d24b1

SHA256
45a73dd857d1a34112f76c56bd485405615565ae4028f9350c50cb3e32bbf8b9

SHA512
604c165f86335a80c58519b5c45979fcff3cb7be36353ab30f67d5cf984114de1293bf1a991d8ce8eb4b40ad259d7f96599e9677977cf123435c82ed2ce413cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1e9182192e6ebaf11c25169cf84216cc

SHA1
35d6733177072a20019f89101aa74e70d4dacb34

SHA256
273b85a18c80dc8dd39f855e86cf8aa4330145cf1327e4a63d521844e8a744a4

SHA512
36c1af7c7e8d520eafe6ee0fa641855705f8e90aab1ad2906d78b6853ba2701bc48022ffc1d72f4f419a5a8d2db404b96922025a02880b28dcc8ae5a26cb1b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
d37fa89497c0ec5095377a1e3c1bb328

SHA1
f7db3d1fd2960eeaaf26d0d45a9a873406e0d2a0

SHA256
1bf8b77797d49582bab17807016250142f3c4333233a4b4f56e6735ecfa33fbd

SHA512
a57c7d91c6f787d1ae0c0358298addd50ece8f03527c19511b1ec0b40f3495d74dc8bba58b231fb82854e646f1e9715b7139b5f229ccb1b421c0a895d3be869f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
d9a68b04c3acd7ae8b7ab84b30dadacf

SHA1
15fa5365fcb7f850c972a49bd8e4d17e1555b676

SHA256
8e0551ab1f33d2f58d48228f918a1bd13ceb2f9837d3210e498be756681ddc5f

SHA512
9cd59753e3a8e750d37fbdb4de27cb7a4255180e85c9deff601a1824f17dc3d2bc1a0cfffea565d825cb27e6304987ba9456d733ab7af11fdbbe5b4460a1b6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd8dd28c1ad90c59a205539f89102429

SHA1
56c5c3f7589b8ee3b97e99829da728169a393438

SHA256
bc2ddbbf7979413a70990867bb38f62b8334b0f73755802d775568af646fa386

SHA512
f4bd6da34e1f926f65d4d92a9f61021d517f9fa2f00e525c18d2658ffc64f2c85a37f2217e24dcd8d99b8de5c5fa4e9eee60d9a76aa7758cb0640184ae6516a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9b859452b4f3c18fd3e1b9a8320692f

SHA1
14820c5815fe7d5cf1a72462e0ca012549f7f21c

SHA256
7779259a17965e23f17f924748921e79657f2720cde22fa9e1b539e94255bc4f

SHA512
df4ad7704da1391a122a1e0a218ada456e1e03ea472a51c9091a38c319bc2bc157777602aa05c9b5c1614c8338e767d63acae10eae28e84a244b1e89b4d84853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22aebea2cf913ef89329ff86c574ec02

SHA1
5110c975fa8341c194477ebdbc8441841b77dbea

SHA256
3d610e43646bfdd039ff6df59a5d8ad077f27eb593c33631f3d6a2ccb7270abb

SHA512
be9241190aa5f2428969fec1e2a9a1dd0f41e58869e604b68134f418ae730e17fd7a6e6fef3afd086b98310bfdd9fa46c878a95f3463c8b684d07dabd109a3b5

Download Submit