23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a

max time kernel
92s
max time network
101s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

493KB
MD5

937cffd4aed2741d390f12cdaceedfe6
SHA1

6e4053037c6fb57b01fb8aadd59f1b4bab4413dd
SHA256

23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a
SHA512

8296f202f1538be8425c725e8be4816e692aaec686c89b525c67d2911c4da968047676f3801bed62f7bd95f54d258d775ef42dfa54d93978981c5a4a4e58d444
SSDEEP

6144:5DoAwoAwKAwtAwoAwtAw5AwBAw+AwMAwpbQ:5EArADAEALA8AUAaAFAJA2bQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2660	msedge.exe
2660	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
4260	msedge.exe
4260	msedge.exe
2860	msedge.exe
2860	msedge.exe
3032	msedge.exe
3032	msedge.exe
2084	identity_helper.exe
2084	identity_helper.exe
1788	msedge.exe
1788	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 3192	2660	msedge.exe	77
PID 2660 wrote to memory of 3192	2660	msedge.exe	77
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 3468	2660	msedge.exe	78
PID 2660 wrote to memory of 2404	2660	msedge.exe	79
PID 2660 wrote to memory of 2404	2660	msedge.exe	79
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80
PID 2660 wrote to memory of 3248	2660	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1a5f3cb8,0x7ffd1a5f3cc8,0x7ffd1a5f3cd8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6144967980038972597,9524129675049892651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1a5f3cb8,0x7ffd1a5f3cc8,0x7ffd1a5f3cd8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,12510720649615676360,15429417088592912480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdede74f2de03b7255379e4bc671373e

SHA1
02cd96196233066ff4256737b2b17c021503647a

SHA256
22c12608f11bb39f06d1db0e9a5b70ab8b4ec151e27738453fcdab4c3cba86a9

SHA512
45967c83508caacbf52e1ac62656ef3093749c92cbf50529429062464a055202d187c42c4c1404ad93f150c3be37b520b36cc57a4032c5c812a82c5e139d04ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4272bcce02005e2aba02e02d427c207b

SHA1
5b194e66a7437027b4b2900501eb2acdfeb5eb94

SHA256
c32161846fa0c2328a34bf7fd07369d89c53df925a3d20be78e03baa5b46c2a1

SHA512
64e2c4e85fac0a62b223366bd6c5e50b23a797d6d6a9d860fe02c71976c269c72a25b925a6db3465495d67b70ac35c4f3c8821dddcaeca95082e3ee0ad4be37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3de4cc76214a4c40475e758b25ee6135

SHA1
38d579ec69792a43136d083153a973af7eedf07c

SHA256
167e5b43313fde2a9022d7e5c3c7682ba1c840332dcae7fc99ac4b766e190e4b

SHA512
7c95f60fbeacbe080e37ed3b0cbfc9fa382e47a8d0c300308f40388cb75eae60497c10f61567e84c7bf3bcc7cbf9b24ccf488145c42808bb974b3e9a8512d868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
63fa254cce83a06fe6919b343a9e2d7f

SHA1
fdd54ea3177411b8bad2f2925cf40df0d0b158bc

SHA256
290f9a5712eb453673fba3cb6da8339066a0317472ef41f786f10f25da3e7f37

SHA512
d3e7d702e46ecdfc8ee982c422f0e61bebd0f630bb4e64f55c9ea958f1c00582604916bb1f5108c3b0670ccb237dc35b0f27d4a356e12ecee6d34646e14f17d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
99d79a155961bc7cf2bee17ff0660644

SHA1
39aad8fce89886d48b7f61045e421d042b522e08

SHA256
033b3420879a7d01af770762f0600a7f72bc187ed35c7c3e76ef6f7d57f16769

SHA512
772883b08fa6b3e2a956454ab042586882431e8917d1ab6e758d9d991686b2c207f1a4b231ce166388ebb5c406ddd6ffdba203e95e7359d3dce653c5a9497073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
599B

MD5
2d46c52348fa4faa7cbe1485ab7fb500

SHA1
dd37e8d752dba6dc9f3498a0066691b9a5eac5fa

SHA256
b3f980b760dd0d3529221e418cb602fac26c48c97146a2bec67eac2295e62129

SHA512
f4d3c0c4c054b2a87b2f4d7d0445c6cabcce1857a4ce97d4191c01dab97e93207a2e407754c2b016c6743b9fd1df51babc011fc8b26db90fdd192f9f65c299a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
57d67e79946ef755dbaafd3af1562be2

SHA1
62d30484e452e5558b872e0904a2bcbd79dae205

SHA256
71103d4e8da6e21967a27dae967ad8e40be03a40b2f820a66b7f7b19cf7b6d31

SHA512
aa080c622cd4fc9056dd1615437270d3c7797a5e437407954c21f1e94bbaf2114a87cece36cd6fe64c1d53fa5ccba71e5c992426c087b54b5c4f912b105d4031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c3f9ad75a9510f187ab4fa36048e76b

SHA1
76eaaf5f194d73f6952f662614b420c1d03bef4f

SHA256
42b8fefce492570965157e85a42a0d08f13a7a42b0cf651211ef4a07456e1977

SHA512
c037beeb8edfae9b9adb2af2a83c9f1acf820d4b8dfe9dd791f782679e190d4f27cd292a68351bf87d56833ec707d867b1c1d252091e05a3156c77fc90702cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
050c6f3a67abe49e8059cc1e027a4ba1

SHA1
08f806b1a05c5c8b7eddedc36030ffe307572f8d

SHA256
01e5724f40d2c2602b2912c07fe2acf5cbf82f96a0ae780e3b71f622ad4ef50b

SHA512
6dae017b841fa0ad5bf5ed71b31b3299206189eecafceef237a4b8fa8636043733adea258c52494f9e4cbd8b394497aa3302b007b3f39f287ddd81f480e6c976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c05b87cc24d3fe17b3277931ac94d778

SHA1
cb2c4ec4aeb6a844763087748dbcfe3e24dbd601

SHA256
c14479409281b26c1dd78d6aa896f9f82659e1f8a722d896bcc0e3e9ce83699c

SHA512
228727e6f89d1aa5ccef0f7382b18c9942af9caccf1f3e0f5cb8d3c5777022bca11759d46fb3ae0873410bbcccf2113129ad01f1f7de43e591ca2c769822968d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fa260e8cf13f346d052eaaad3cef0a7

SHA1
5ad039a70f360a3a6969b3e637dc1cba2f48489f

SHA256
964c2c8fc0ef5dc6090f0fa2ab158f3a37becc60e8e8e923b3c8bd76e404136e

SHA512
d6c1131862b688b6dfb3abcd898d329c2684525035c6b1650cf7995821162a4893f89e4c9527db349828403774c9ad51ddcbe6e67d73e11f8a1428a253b120da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff81292b8c936cc6f6c1512b3143aa44

SHA1
49f5ee493fead186cfbce6d21e26fcc4eb8ac0b4

SHA256
b4dd22e23f1564efa264c9d5b843a828cd201045cade4ada6aa31f7b28a003f5

SHA512
bea3bc1c7eed8895e8070ba4a77a74072a9d597c2814b5d5fb9c07c2d97d642066e7ab59d2848a77971acd08a8d3bd0fb6e5aa8e409e3b197c4323f109bf07ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7767488bdbc5966d1b83c42f7efe3d58

SHA1
cd5c888764e2aa8df2a3485f4c741128a95faf2a

SHA256
dffd4fb7908c04124b36c4bd9d69539d4b6c3a045bdb1b2031744671ee673607

SHA512
5bf01efb4d1cf874b7c207a7610c89848009d89ed7fa3588d8b8a8d4c31afcfbebc9372b8cff51f336c1e444851e84f341b9de162dfbf7b62594214628b1c0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364316521102821

Filesize
2KB

MD5
1fa1e88a5b13569b58846e6d553849ce

SHA1
3d9c6e01b2fb4db9e52eef93fc9b2db86a4a3ee5

SHA256
360f06d125d31c09f3114296c97621fb81490e20eb3ae4b7a26eed424d9d16a1

SHA512
8570d14ec1c6316489e218341ffc1d52c4592722a440642e39657155c444d9c10da7b5bd0ae2babbe5da9692620c1fd3d04570b984ec307348371f311401fe5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364316521276821

Filesize
2KB

MD5
9e1f0a3436bafb6ab821f97f1ef88673

SHA1
192cf63c345005fbe409f915f462a8e4b6165348

SHA256
f6725592f045ce755461554a8cf2ba3f832d6e9d5c803fd28f656b4ca72f478b

SHA512
c8fe6ed622c7b44f81923c2141b2b3a98f84391378eb05dc5583e6f60fb27e31d9857b4935281db994eba9ac9b6aafb9f30d9cef638708b4287ff121d7c53830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
457317c51ed636e1e2589a339a7034eb

SHA1
eaeb9f4be7e1c09ceea9d2d0e96ddb11449b177a

SHA256
afa48e67c28c0b8d53dc2fec1bb1a57466599e0112a6e2780922d9a0e6247dad

SHA512
ec1267eb321ab14e12d0ff6ab54695e7ec09485414905fe26ba0f419299da34f91dbfa6037adfb3df15ad1dc8c2db11dc769b4f15cd1d7133faa6f86ad173fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
fe9292cfdf8a10b89a9e182a349cac60

SHA1
b36756191e9d57569aa25fba5c6506d457000caa

SHA256
705864cd8260836e7dbc1993bfc26c1370d40a590f2b8964e859db41229bdbfd

SHA512
b7fc8d0dcb341448664b23220834e9fc58f80aa8fa194e53bd7c1f3d9288a3dca47f96056260c99b2562c71f7e0ee8d4df175fb6e496081ea6e5c9563885c944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
890e1746919d27c167a6b53231cdb4e6

SHA1
b725e163140610c3aba588af583f76fb3728c5d2

SHA256
dd1b14cdc19fa01e9c5a0ad3a8ceeb6f843f2e07413c9b7827fa6ebed7a3b61c

SHA512
d65824f865b763343484afcdb24f041e1c3fc602441f6155ccddfb2c56c615bb73dd778037c315bb9f19071e16e2c7ca705903f08f9fe6c72565c62708118b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
04baf8363520ed290fed5483e99e9e98

SHA1
d64b87874bc58da5c6d883d1a6d6bb6ec80d868a

SHA256
e0b04ff50809f37e63f93dff551c519b73fb817a9994f14067b4250d21f88a67

SHA512
9452081c81b72146a27195961c4f7fc3f242d618bd7bba390181e4b8996400c8a0caf8188e7800c70725a03fd1df51efb5c8e9225d5597038504fa4be49f02fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
dbc5db8b6ade72db279220c6280d8737

SHA1
14d2467e3824cc0f9463f68eff63689baf63ef4e

SHA256
f85fcba63ddb29d835d4558ccd4709be3795a501897b0812243422db94f77098

SHA512
05a8104237128b4f545fe1e00286744a395a18a352bdde251fe33fc833be0b4c57a82844363ba6ce6ad00b1218818c746cddde98f018b826dcad8659dacf28c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
b2bd05db579115e8097d4a5ce53ab4b0

SHA1
111c623c350fbe34ab1e0990fe138b45486cface

SHA256
4b6649c45c671d88d69078c9b742625e1bbc37a1b4d2fc71706b42d5774ff9e3

SHA512
c32d72acc306286aeda5a078be74a7d527e7683a59eb502fddb6550661110c79daa1192cdd1dc3900823775af0f9fc77ce986c7a44b04a820742846c16c4871d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5bc0554d81206695caeb91ce60a91974

SHA1
f854c86d52a52ffe208817ae58660962fe9abdb4

SHA256
2fb4026fe19dbdd84170d96c2dd52b0ac9afa739ccbecc80f625330572eb9952

SHA512
61aa04adde3be8ac278c979f8f63d4a45265f4ddf33a5c1745b8e43a7c22a872eaaa3750eb80cbd67385b8a94c964e923998461f7eba016833cd89619d4ba78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9b9c15e6fb844232e1d02367454800e6

SHA1
8295b8bf124abf2f5d511cb9452b9e721f2555c5

SHA256
b5647dd68e2564c48095291c1ea2170983297383fa29b660d1878a48f9462f4f

SHA512
f709abe2fe23e3f561f2b79d085cb8888921a5a5792cdfdb126828efe1c0411ea1d74bd18cf9486d467595326ecc52ca3053be75325703acd86ef2c2fae9a6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2a8d58b8360f1a68e7c8a51f3d9abac1

SHA1
c20a6bfa71d5bec2517af63e845c25a4a987fc2b

SHA256
c3b83dd5ad80cfc42b87ac94d0e477846abc1ac9586f191adbf95b789380fc4e

SHA512
b6d8b111e230ae7850a47de65988821c7b3996b4240d61785fe6e1a039d033e34d781c84d08df046880f1da2450e2b61627867bd91cac6388bca531de81c3ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9d4b35185ac350e4abb08ea720db4f9f

SHA1
56b79074027d5b27c704d30080bc65e9ffb998d7

SHA256
56532e8cfab3c47a6ff88d70b3205c4fa234f825279bd751082b970bebf50de2

SHA512
8a7ecca9bf902b19626aba34064818dcb94d8f07b3eb025dcd6774e2b6570ac3f663d59ade507e4227fc58deb604e6dfc6f7ee3a0ec9a68720391f5cfb2d5ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0d97bbb6a870c52d584e62494d81314a

SHA1
195aad0018825092739729537b690d73849416c1

SHA256
665a5b96e627e61ee03e1ef511a70a546b1183725b601551fcd1d96aeeec1830

SHA512
78f9ef33f13e722a3f93f881cc1e2225f4d27f558259fb660f086dc4ab538ba491403cd2bd86634dfb094ceb8e937ede278a9a624d70dccc29f368a750b2bf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a35d6559cf5c5e32054293ab29b3bf57

SHA1
a0a31f514c9690e8bfe2f2bf79b7d54c80d80880

SHA256
463ae61997e8965f2d5bff3e871520a0249cc6d7d64065a4873203534add0d1d

SHA512
6e4ecfa91b796bb835403c57d74876d582587d60331cb8764b90e9e18bbf13526b3419676bda94ad1255b799d06e81052f0e43c9c271507cd384cc0da5444020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
45d1785a0e2e473295cd0ad555de0392

SHA1
ce72717ef2f8f5839573a4e9318fbd72d029f440

SHA256
6d48a1c5de8507e1415d427e005d478af9de07ba54745430a5ec595afe3a6768

SHA512
6581d36a48ed8394b397ce108f0d9d83601099894186c0b92c84fe82a57249914cf49aedd2988074d21afb4bae10f0c55e41be96475203d0963b0b2c585a1d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4aaa07ce9fcb71a812402890862badaa

SHA1
c49e607ec4c09d36fbc72e5d383ee9b3956b53be

SHA256
5d8812fad3e87c16b8403987abec326af0213856be2345546b652f245f17e0d8

SHA512
144fb24b5d0e63a3c1a0d602bc3c58d1d8d5b34c76075ae5d402880d412d2d226a65da5ad59252c377a1ea446e7d6274b56df4497a72e48b8bf4ec14596e0bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e0c7bbf8921fc8a956e1bcaaf4cc0250

SHA1
8bc3219edf884e45b8383bf60358e4e0062f7442

SHA256
e99c0f02a6033ba20aefd266b2d609b17a8b465523abc6aa4d5f3821e348b443

SHA512
3381f0159643f010c7c6378f547150f7d4597584b3b3c608c5e7558bf5d39af550d629bd997edc6190539ad09d6dd74328ec91b627b2b35d491bfe0a9c79243c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
07f178ff80cd98d9b177c576d163ee46

SHA1
4d13b8292cf60b81cf1cd988bb7aeda03a4fed45

SHA256
8f5c3ac9f6a1d5357581b67a0ca793df67b244a8d192e7826f8254ad6526d783

SHA512
019133c0007c66a707ee96fba00e6dda6ed6d42bea6535e57120518b993643fefb499b16c29218d9f2a5c815744fe5a5a9edc67205f120988d89308d5a9277eb

Download Submit