hxxps://skmedix[.]pl/es/downloads

Analysis

max time kernel
63s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 03:49

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://skmedix.pl/es/downloads

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
3112	msedge.exe
3112	msedge.exe
2860	identity_helper.exe
2860	identity_helper.exe
3680	msedge.exe
3680	msedge.exe
4008	msedge.exe
4008	msedge.exe
2000	identity_helper.exe
2000	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4272	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 2344	3112	msedge.exe	82
PID 3112 wrote to memory of 2344	3112	msedge.exe	82
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 3056	3112	msedge.exe	83
PID 3112 wrote to memory of 4400	3112	msedge.exe	84
PID 3112 wrote to memory of 4400	3112	msedge.exe	84
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85
PID 3112 wrote to memory of 3152	3112	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://skmedix.pl/es/downloads
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15408387019324254197,4924848713116404342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8408734798644282185,16100535337653165914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3958855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f50a091b253172037dd77531196b8e6a

SHA1
7b7f973390d1ca3ab838fbadd952031b92cf2f2c

SHA256
518fbb4abc9695517fc23bc4e93b866318f41deef16b265c3d3d11e3a4855225

SHA512
0f650bbaa413b1a4bed72de2420104e9d032e47bd3a06e8a7c9b93d24ff1770d1dd9775d09931410da99e6c77ec5c5f0982dec6fcbd77d4939f413aeee447856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2faaa11034edd0d81beee6377aff2b9f

SHA1
d0aca39ec44d8cecde5445fe02cef5e244f5363e

SHA256
3ebadde532b30c1991c23c7e0fe06e81e8c990376b499fd0bd8dba2bce2a9ba0

SHA512
e9215cec0ef29fb9ea4a426436a857ce8609642efaf6a1b20ecf02b27749ff61ca66276a4e7aa43173700245cb770023661e7b0acd46082656c66e3de846b1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
74ce29851a4f02f219c7569020617ee1

SHA1
676fe92e590a56c308916f61adf0cb325c41d923

SHA256
c136d3f44944df6bf7d9afaef8d36f4bad29bbd096860bd0bec93a11a9571522

SHA512
1ab75d0fd3e6ce567d43d0a26ed2aee59af702e2f3dbc6527f02965ed84e7a14ae4b83d507d8abbe0ecd9420b4ea3228230acdcccbfe7d5052db95e32f4a952e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
123da092682ff797e251efd07a0d97ac

SHA1
7a9a08f0c5c4df1ab4f63c9730a8d225bf7b241f

SHA256
f39078b3ea9d0a369ea097d407662774ec413bcf8788e540b02e066f05f43239

SHA512
86225c65d99ae5603a1ac61be87808152c31c28a4a119d05220dcad38bdff78eed34dc14e3ff133b5f6bfc8cfc479ccd56babf5d84c2f77f2935df731463d7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2c120535fc69f6436fb574686fccd24b

SHA1
e4a6ff9eb6fb370f7455963769f81b126fcbf203

SHA256
80132ea8e6511e79c87609652e14532fca71cd461c71a0b2ef5067b2365b3ed5

SHA512
93c380b06318d0f52747a751c195b56737ea90e49cd5c471855b9e3790f7c2f3b5c5336872cafc13e1857d12854b71873fdc59dd44a7075c7097708e65a7664a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6efcadd164f0fd2c932fe617d2a94d1f

SHA1
5bcf7b85060c7c33713df49b4ff270b69b816b94

SHA256
1e6cfad069c57a6ee6002e1c91d8c76d67d23b7d383f536c5805af9e6473ca24

SHA512
990b4f0b4d9a73d018532572581ca021d02bcba437116bb1f37dc239a35884d8b7b1359b3b7843acd83a8a53a41df0d25ec7b203ed2147618340626a6c3d7581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10be09f396a2d20d6237d713efcca0f1

SHA1
005408abb2bf2cfb3e9ddce48ad24eef2997ddde

SHA256
102984330e0f01f7738691f02735d66757654347415f5a7756a73824734b7d43

SHA512
6b9b3365ce698829d83e7d49dec6497b9597b86cd8bf413490ef23e7415f947fff366ae49e2d11fbff8a341ddeb43af26b87dd0a10d75c971eadb7b66d44bde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d7bfbe55474e7ca1a7bb2737f134896

SHA1
f829c8060954c89a7a47b82ac523596d527ef745

SHA256
8ec224b8aa5abfd43cddb6671a8e1b73dca7dbd6dea7da7f919fb9e69503c3fc

SHA512
308c65f9f6c2d9fc91e79e8393473f108aacbe9dd633888f5c24da771839523d88c7ef5d87bf04f6089ae4fb34927f616cd3fd8bfa8c064df31517f562c6eb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b62b7b7d389259417998e20b7e43304

SHA1
0cfb1f992f8f22c3b8454120786cab0610014717

SHA256
7b770b5ed466005309983d9ac69a735703c5ddc326a8f15118fd53e585040642

SHA512
0337cd40403fb9bbd63a6ad61e5ea6080844978984ad6436c152943bc0af045fc6365a2b3d4a4a187fc9f32fab1736f6cda00a687c0067489a90625f192d8b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdee46bb9afb34a76bf5d9f6554d27f3

SHA1
e7c5aa3dfa18c47f4eaf5cad3e3c60a6d17db589

SHA256
2308df129ee4d5aae1967cee6e51ca8255b686035c7c87f41f616ecd693b01ab

SHA512
cfe0c6bdb7a5f0f8cb42536b91540ecb65b9fd6d2a6fcc645c7a4fec0205a268bb8f395b782cfacd308fb0a320f7c24f0b34b510da109d5d689b1567f3734c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f7f8fc3824c2e7d308a40fc9eebb886

SHA1
179cca367d2d9fc3c8fae8c4c50625b772341e02

SHA256
b3e3485ffc93f3c800dcdfe9d824ea778ec2cb914c3db4f9efe2ffe7dc47e9ef

SHA512
e6c00aa7e388cf03e61d8bf9dc0bd1a0bdc695869c046c722673380cd840a831a0d4d0bfc600280e4bdbb8da3c63e5ef14cc755a687a25251c1145af8fa5a850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a465f2d07ac51e839e6fdfb5aa931a3b

SHA1
8a83183ef3cd1c4719d6d779ff24712d33adb288

SHA256
ca46958b44cbe95756d421ca334f89b9f56a05d671e874b29721281546b83cd0

SHA512
a97086869e9ba77bab6cc152b5699adab2e68576b556060b85ef1a165d193b9be69a0c6efdadb078c87d271310350a0f2e78e07c5559c7cb6fad43cf97fd9616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f8704f30ae3643973fde24b7b3a7f29d

SHA1
99d2a204250cd8d73757d78ff8909805d503f657

SHA256
d5523048e49aa44d46b32eb7c7bf346efd7b8641b754464e490eed06b858dcaf

SHA512
73a1c48b5923d4dd1797d1d240893b6e097e57a69654d899d99f216921cc12dbfe3e00484bcb12043a046433cb716fd3682f5a3d3b28f42e23a995d6177fcceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362983411121381

Filesize
1KB

MD5
598262e0c14b1a3a1af497c17ebe405e

SHA1
4fc6d650c0b898e7905f17258568963be100c4a7

SHA256
72918d78bede54cd4638bc07fafea90adfe11e9b778b96cc9cb6e28e4a34bf3b

SHA512
65bd453749bbc9f348acd0a73710495985638885ca87eeadceb7d37ce3655a75f7e496d169ad48f9fc1ca39c77a6b9e5a48190b905d057239f122f28ae67d5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362983411282381

Filesize
2KB

MD5
91f34cc241ae57d04269b89e64d3ef80

SHA1
9090f92c8dfe1beacc9e5e434ee7ede39af4b37e

SHA256
0a79721f548d463f72da673539a7ab877edf855e3d915da4131c5c97b8cb41c1

SHA512
4cb1ab305e6a021179bf79db7be422e54465a19c841f40149033fe070d0e502f6397d06c4cb855716da6a1ed794a0cb298df4d03f8b6eb82f8466771de488563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
14e28cbb6b91282365ad5c5213aabbf6

SHA1
457ff5892ddd7a2d3cd192252a06d5e1fc5f5bfb

SHA256
11d027a5fab7e25b6fbe990b4a6fae9b028a1093477fe705341d8d56c0ab13a0

SHA512
53fd749df27c567766bd124793ad3b635a123e6250d818f0ace6a7a3d265368d11e5f4bed06019bb3471d4097f8f315280a74a661a62abc6c014e73d55d2a0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
4a043187ff5260e5e4a2817d7e1e00e0

SHA1
dbf399a3454a297b55573683b4cc8332a17658e4

SHA256
e7595cf45a2a0898462a9acdc23f7c493049ec28f3624fef159551498a79d106

SHA512
e68bbecc55c498cdda8d45e98bf8a238ffbea206d2e072f5197a8a72833e37655eb016448b171da60a30fbd3654492a4a540ea842bab7dd51648d6c9bc28c78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
8c3f23baefcbd5e31132341dca32ebdd

SHA1
664c5405f143498144817f5ece1ca05dd548db89

SHA256
5fee422cb7f156c78fad2afe2a96012fbc3137c8be7f7aac6e9acd6d610a5136

SHA512
b72f88a61ff48d8999c166514f267440d963ab85c49f004855857a6d21ee11ac9bdc0e6d5164ace439c668d40439fef1938615006af2354966622c659df4ed00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
198B

MD5
a583bdb9f18d70e13bcb4a38d18e1d84

SHA1
1ffc3a2b37134f5f527366cf7bffb330ec29d998

SHA256
251311bb0275fc98b0de8349d190f0d22c9f76f3c3398b9f7b6f0b64d7290296

SHA512
9088841a97e44f93b4130f6cf7ea581214b48b94929812cc2d679148ebe3d5c52a670c8d299d6d4731e371759141a643c8bf66dcb73d5def1e7dd685c52a97dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f8c9884f44e1d2d8c1d2f8de43cdf41e

SHA1
13e98d9a1a3ec3914ee9913e7fa476bfa4f083aa

SHA256
ce8d776201f3a40685b322e8cb3b183cc4ea4013e7f03585f07e53d8b877666b

SHA512
d2b7c2a05e2714f594092abfccb53fe2c0b9d36cc465f0354a4e2fe5b1df8061133e1274cc498d0d0c9cef037b7a1abe58b7a9f12cf7428e0a8b24c3e76356f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
bc89739d438948594e666c0aa92dd9b1

SHA1
92149113d03ff51da6ff2bc56e3f463179369ac5

SHA256
cdc0a01dbe8a77600867f1bd10d7dfe3aeda590bc337cfb5aa37c5a2452413fd

SHA512
ffb2ae132313249249309402bd329d7339f60e58581193bce8a41d33192a21f10cc6b29ff1f4206a980e2ee21e96e78c7b21c531084265efefa0592598c320b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
d535ecfb09b6785904ff6e5fc093b557

SHA1
48e16659e186c0fa7ca68e83025c0f177f45f22b

SHA256
6d4cf7eec204568b90bce69fe2941acb2332ff47c5035bc2477657aecd3e04d0

SHA512
14117b00b4d026e52f62e43ae4ab2d8abb8186fd095fb79b4b283ca1f7bc79b2e3048a55a34fda84a095f9e58b84be0c5fdff44fd1d09909fcfb718a1f0728f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
6c76f9a009aa3fdc72dc0ad38bc8ddf2

SHA1
b4a453a92e413bb874a62ab11f09325605ce10db

SHA256
2706989c50aa929e834dbd80346b043cde4b47b01031959049b0e2d3627d2f9f

SHA512
abae3af69a04f907056337eb2c8521af69b35621c636d3c2c242bcc8b4539b804d854910dd78c1775b786f1709b3f84f35256ea167bf1da5f2e697c2a970f073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
732ea9c67780a0dcb9e8cb825f25468f

SHA1
d1325b1cf65a57b012e020b5d4371d9c4f2578a8

SHA256
7cd6f1d7330fae18d3126e9495796bcd6c2c4bf9c121d5236cf9d5fccd2465a9

SHA512
2a5907252f0183147fa6299a837eb918aaa3344ade5ffaf87e830ce72a2d0ca74d700331182d574c04ddcb4ba704f21f15d030b20056822ce23b4573231e105c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7896834e58163baaf0ea73a1d2fc5808

SHA1
8977d258011b49c0e9e28a3733edb931c108e6cb

SHA256
d126c9ad297e9b98112ef87f3791082a2f1e23a07b3b9e3b9a077b88534bfa07

SHA512
de4d2199a7b6aabe624fca82d0634146548c76361a79875b49594cd275b7d5d401337417d117fdffdddcc5537285168975d61ed64d73c2ba4b5157b03d5c3e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1d62c40ebd44b5a20266a0ee83421d19

SHA1
02246aca8a4b0a3ba01f2439c02deefdad3f6397

SHA256
92167325e0bedaa661fdae6a2ccbf961505c7d15ff6883267bf9b20d0205874f

SHA512
cdf4ece924e1fa458b684a71750a8cc0ba5134f1dc7a97a4d0cb5c534bafbb6f845db78f855d044662579ddee64601eb9ad006cf134559e1bc7bc11f9eff5bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
48e5ac4711a54ec8bac8ba00d650470d

SHA1
73f087f69a764358221710ef123cfd3994489fe2

SHA256
300cb25c356513ade0697642f1fd19310c5234a8ec97e29807d91e488c11f86b

SHA512
6ed57ce4ca1878edef3e50836febd0978850a29429178e6f4cfa61acb6fe18dee55d142d2c8314d70619248278fa4d0ba8b9640a20a990a870e1eaf7ed2a06b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2c3817f7000d1ac755328a530cc92e11

SHA1
20fa20be363a79f8514235c9ed66a139ff379df0

SHA256
f565e76942128044ff53d427681856adb4eb706e2637c637c7b55dd59d9231bf

SHA512
f307ede763595e9e790873ec69bebbc5bbbb173e4b0cdb4c6c40b04a904f4f88e43b1773e2c11b02a24db8e1967de4af60f04b6d9c8d81c898315617bc4c33d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3a1e961b8f5d72d7f2009b4708ab7b16

SHA1
3deb550e114ee01f51d4f7e7bbde91a1b2c446f0

SHA256
9bccd805bae04d84f25663f437f103de97fa42201ccc9048c88c6d9379149c47

SHA512
529bf86399a6e08c02b304f0932ebbabeb21e0aa7fcb204594306d3aa1a3a5294d4c833ce6d5cc00f56ed86b0f92a8d273737c0b69ca766363c930ae9c955a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a65bd4edd9f30a288e1e048f18b4c2e4

SHA1
ad4b5900608a3d1eeec7b50c063039591204eb47

SHA256
cc888fba54ebf6928b29807b772d667c89116a21b2ebb31ef45d597f22752a23

SHA512
b7161c9be5b49af9d66d356c26f0b1c673efb1ebe92f2a0edf37d80937f87192d612d93dfa6adad4b4a02ce1621530eb822ae89e060e6435d93de2175a5a9944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7060708b4fe07f499edf723f1ef72f8d

SHA1
8d2852e09685c330d64388b3e2f655af9bbdac5b

SHA256
b6acdf11f287e9918dff8e88b0c0452c84acf47b963cb4c5d90b1fa34b50b19c

SHA512
78d72a768381526908f268e86f1eba1211da3d3ec8717a622ee03683f6fdf6cf12898ed5d30e1d757247cf1af088ab7e37a3bb49ba743cf7e2cab8330ee4bcd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
1b0cb513f2ac66101ba793bf6072d1cf

SHA1
c54e9c30011b3201d38fb98c3fd76fa8efb065ff

SHA256
ee0821d1b8433ed22d0d739b16c0fc1759f0afcb8597f353e4d9a0268dd47e3f

SHA512
f498f1c3daba7f6c6103c35dda01fc777a894b650adbabfba1bfc19ce7731dd6eec79af9b0fef626cd1dc1182001cbbcda9156db778935c11fcc19f35bdf553b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c8167d7407252f28c259671fd09afe60

SHA1
de4f217eed1d7490e00bd6c33d980f2e15243050

SHA256
7945e47d5abf4a66abafa6f95f4ca24b13178326ae3515a986b38d33a9c2502a

SHA512
2b88f5a931d989326c7610ada3fb1ff3a08b8530ea96cb77eea4ecda1845053ce2326e25fadbe942c128d36f93cc07ab1a6cbfc8dad901c44336cb9dadc80b2a

Download Submit