23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a

max time kernel
47s
max time network
47s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

493KB
MD5

937cffd4aed2741d390f12cdaceedfe6
SHA1

6e4053037c6fb57b01fb8aadd59f1b4bab4413dd
SHA256

23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a
SHA512

8296f202f1538be8425c725e8be4816e692aaec686c89b525c67d2911c4da968047676f3801bed62f7bd95f54d258d775ef42dfa54d93978981c5a4a4e58d444
SSDEEP

6144:5DoAwoAwKAwtAwoAwtAw5AwBAw+AwMAwpbQ:5EArADAEALA8AUAaAFAJA2bQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
1340	msedge.exe
1340	msedge.exe
1300	msedge.exe
1300	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
1720	msedge.exe
1720	msedge.exe
1916	msedge.exe
1916	msedge.exe
3136	identity_helper.exe
3136	identity_helper.exe
2004	msedge.exe
2004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2420	1340	msedge.exe	77
PID 1340 wrote to memory of 2420	1340	msedge.exe	77
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4500	1340	msedge.exe	78
PID 1340 wrote to memory of 4868	1340	msedge.exe	79
PID 1340 wrote to memory of 4868	1340	msedge.exe	79
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80
PID 1340 wrote to memory of 2792	1340	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffb933e3cb8,0x7ffb933e3cc8,0x7ffb933e3cd8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb933e3cb8,0x7ffb933e3cc8,0x7ffb933e3cd8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d56e8f308a28ac4183257a7950ab5c89

SHA1
044969c58cef041a073c2d132fa66ccc1ee553fe

SHA256
0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

SHA512
fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbf6eaa2e4c4159e4bf9731ecf7a5fed

SHA1
5e7a69ea9ec1bfdd6a250b65b23c495136451114

SHA256
e0c90a18f02eef7813b39729d33043d1f938bb9af4d1536ac0dc5f66e336d0c2

SHA512
5334119699dc524e15bb2c104efac326b5ccb814d6f8d840550482bc232867e53ab1783666ca2dc5bcfc5945c5971f5c85b962fa7a0e08b16d9b185f9cef3778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f2eb94e31cadfb6eb07e6bbe61ef7ae

SHA1
3f42b0d5a90408689e7f7941f8db72a67d5a2eab

SHA256
d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

SHA512
9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
47291beb2f6339a007185faa2e793298

SHA1
07f753fc55c93abdc27bd04b68b88563d8b39149

SHA256
785eadd555926a17750e66c5a9e0f695867f575fc491cac3e0fa30a2a4b05c95

SHA512
4b0c1f9c39e3277bd70ba0ee63286c58c9368e435d84719d550a0dc420e017909c094276bb2da3768ee080c9c613aa6464d58b87fa6dabed2e71cb9b89f95365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3632fe2c23aba881bbe2bc776a123c57

SHA1
1a87d95d0e3d02144522c96256f6b52c80bead3e

SHA256
2a91f42d975190c7fe12d85ddf3b04b56d20cfdd1e0dc5da2a785acedb2be3be

SHA512
f41a054fc1760b41c8320e4079766cdc0fe052144f6b86bb70d376d94379973f5104a6ef68e717e9c7f103fc875a6c1ee8256e064842170df4d70d6aa60aa24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
4103bf8211e34dccd17772a129405593

SHA1
3ee134685eeacdfcc3c303b1f2f2f1bc256e32d3

SHA256
3f4ee1e2ba8f1361ffab43d990a8a02d5448c9ef0dd889dd088672efff37f0ed

SHA512
5a532f44f076f80af8cbbd0c98b2f1b2dfbf5110d1588791d2fb093c78907bee45b73f0b96fbe8215fd5e0d8d5c3a94375b96fdd6ea5bb92418bb15f2e716e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
985d3cb2194a90a9259e34c5749c2dd8

SHA1
1d1d1535e1504a3fe9fe479b2c778c3bb6611ddc

SHA256
1d1c553b7ed8182ff6a7b2f66f5091c8cced9a5f1c22677916474f2a6d4efde7

SHA512
d49d9ba8c518ea8538df92cd8ddfd9d80170b79cdcca1fabc75d3565fea8827179b401798f4da21d22ba9ddbe584b0310f45cc3a343a6740847f667c3c446958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
599B

MD5
9239d6fb85ac1d52ec2f51f840d635cf

SHA1
a359888b1bf23c6e2020a508d9dd32cdb3ed5b8d

SHA256
3c3c506cbb4c9f68f0185708528ad2974d064da91b7e7ca87ed34491f0d237f4

SHA512
c216fa83a0a1f655e623e658018e18a5c77fcfe7381dafeff76df6ee8feded88cedb9e3da838856674a24f05033ec979ac820e4262e20154ba36e9495b6dbaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
5fe99fc7d95473a48a4df11b1c41c0f6

SHA1
301fff40521a33138c2d84f92316d15e02040d5f

SHA256
03e093803840168e95fa5f085127c3af231ae06f91191418aa6a5278aa4d56a5

SHA512
cc85dc603a34818c8b50d9ca8d08764713408129907e355ecd1ff30c4a31980388126eae83d00ed2f1d4ee2818c449f81c42c259d9a93f84b58f5fa748a15da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
5d352a03280eba57cb274d27ba6c6b7e

SHA1
8887766642a81a1248dd5f93239ce63e93839900

SHA256
3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab

SHA512
b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f999139b32df34b01aff607aafdca986

SHA1
266dad8137b42d4f4ac51a6e2ba0d29cdb16db98

SHA256
650c3ca2ec941a54bef8c5d3a798a31e916e143db44e2d47bc8a40c9324bf06e

SHA512
cbe26e9acbcd3079f568376fe4d85dc1235e315b2d60c3209b3f76b224f67c28ba833eb1781872d8f5801edfdae6eaf57c5c07ccef0ba63f6c12109cc71246be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1650fdfbb79f9b280d940d0de6b9d2fd

SHA1
a7c6ac8464dedd8a1c1b95e4724e64aaee7e2a00

SHA256
98841f055fb75b6e92c1d3bafcb6c6a1a6fd59940346fc0062ae0e4e9394fa1e

SHA512
5bb68bd334802e09c8ce12f7119cc6754a4395c75e3e50b5cc74c67a00ac1721b4607a1e97e14797d920b5618f712642f7f44978e53839740deb15832d8fc6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46562d89456d7e458bcafc402833c8a5

SHA1
e7f62ffc44d5ab1281a41485e56fe8e552496db9

SHA256
48de834b28fb4d2b1f2e21f2206f935b78c372cbee3cefcbae28a9cf5818b1c9

SHA512
6366a265de11453e98bb7f1a3316a3e7f4399997a18b51a7238afdb58ac72aab91a603b7a481f2c757dc4a7f4601bfee3c08fa59c844d1b388513a798d674bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
822e9ceb7d89b40bd197832201cf8e4a

SHA1
4100aeace4bf4b9676277c5621685002fd2b7edb

SHA256
19b90d825b9e653071cd24e3c031200d99f0f103a9c3501d88e49fab5362480d

SHA512
69b9440a3e1edd6e9fee5bf6472a7d961b8087b57d5d03a369fe4abeba0979f66c3d33b93f49733376503bd3d4f779128a5711e8c863b085ab3c47915e3c10e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bed74f9c17eb2ac77407568e217f5b6

SHA1
e0c1ddf73e616f510b0c9a976763f5e0f77b010e

SHA256
cc472a8d4231cd1af5a6e903138a3dfc70e80462f61438a49ea17207ebc04ccd

SHA512
d8f9cf1da8a09ba2bf1d5e3439499c6a73db2f4de3980f4e25113c564df4d216db1c7545116f965f9efe7df740f67fdc6e7320735ffde6e8932f6057f69b66d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
8209f9847fa4f97c0f3cc09ae8973271

SHA1
16e05303119bb47de457c01c8293c5cb9a92453d

SHA256
1d6ff841c7688ac616c167222f0619350ac68ad4222949bc21eb7e972381f226

SHA512
fa2ca20df40c04986b0eee3ebf1fd9cfe70d476c55114150a46c6f369eb81faf20374efcb434b8ccce5a10af8babadfe694ea292a8006e354852b3eb2dcb246f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364317967118202

Filesize
2KB

MD5
a6204b056b4e763bfac86420b0c5ac17

SHA1
91dbd8ff6602d1e93248fb8b8e2e7ddebc9dc261

SHA256
ab200ecd9a3c773b9c6eaa580e7eba52db08dcbc0cd2042a1bf8484fb09aca79

SHA512
8aba567a84423ae62066fdc2585fc826c4d56709ad3ec229e338939f587fb530dc8399f3180548208a2da8c27aae09d62dff4e35b606666a2834af98788e6532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364317967306202

Filesize
2KB

MD5
acef27c4bc42f7384cc7b388fcc677a3

SHA1
4e17cae8f2d33511edef86713f5d6f3a4e23d436

SHA256
a85df90f796d2a0aa91885950d4d4b8a54e196ddacbea5de9ec05b6853f94843

SHA512
5d8eea6f06c4b5af40f8e64148965cf5430cb06bf3db7ff0989ea5aa1f88ef811180a2e990f3c69acb72c70f7908ad9498972106cdd16acd2bbb39a7b07650a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d717b5b60d5810baa90e7ef3d3524025

SHA1
8f13da754fdc7a7a00f69f91701490fc8168c75e

SHA256
bfea1e8fefc6e75890adee396ffb2b2f5f2d99ece9ae6ccc6326ee65bc348b74

SHA512
5ed04c84571c4b403f572024f286ed04a72783bb187de69a51b9f43a25f103722f5e8d05ec48fe929c32d539f24a5b8d7dc0c102c509c4e514825910950dabf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
ebcefaced656cd6c10a668fc5f9ce734

SHA1
8821b2b959aeb8871a16a9e461fd1f7c4471d5f9

SHA256
3e8c4baa156cbdc0c5ce8337abce8fdc04fb8ec3753a21c7512eaaa823c04a99

SHA512
00523b08ce9e2ba70be214bdf91403e0fd63b3ee00c19c5738b56a73fd4dea0282c8d187b68dbfa43ca3a917f398e2689241d6e5d197f61f53d8f71edd230d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
82fa78eeb58d67cc40664df6e9759b55

SHA1
a62a453afacbd6b2f3ac6196022d451b99ecf900

SHA256
d8c5fb2f8f9b9ecd4c40dacad3be2ccb6ab2bc8d93fc9760d8f949dbd0d6d156

SHA512
226e8b928ef94e2d16ec2d4752156f2337b010aeacada6c47cdfa5d59430ab505faa495c2a336eaf86dd8e8a94c0ff21f9eb13b15b9b8a6c516dccaccb0ae41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
aa5d44ae57cf989da45181060f00849f

SHA1
af80fbc8f12acabde9c832913358948590d31e1b

SHA256
d631916ad458b5a9430be275bea699219c7160efffa9aa9b78a2480aeabe1e9b

SHA512
1185915af6727b93bb4c917b50d65236e5ce1ccaf2ab745c24423b0f275265c0f9974d8ab5320aed771ccf49332b61e00ddfeedb1e8ea96bbf6815f6752bd1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
cb4b2031ba3cc5468fc41cb216b17011

SHA1
cbd68af4d52175e4bd268e58f0cfccb7267d73b0

SHA256
f7236f34d46820f8d828854d72de3579b4ac75a47f7be3a885af9e39c1cbc073

SHA512
b1584146e821b677fd3885d542fa66e099abd9969a4a6c79bc919d77987bc52e72a5202a2c8083081e2e00f8664664ca49352c9edb299c4bf748e1c33a8a90c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d57b5487379636d9d5d874b48c324a91

SHA1
15b9cddd7297eda6f7b315d32c529e4b14cc1618

SHA256
bd573d6af3cfd05e77cd8588705c8221ed884edf7d5e9ced212abf4ff8be450e

SHA512
f0d8ec5f2e18f70cffddd73077adf73fed29a2472c848f6a2fffd69b8aab213c25a472d693ec186ac34b463b9cc531e22e2b900d956c02c0d328a87fd9d037d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
07c7c9573cec4ae9cc350f754bccb7a9

SHA1
6465e507ab95f977605642fabeae79fcd5d05f47

SHA256
4869fbb00182abc2b5088ebe599e83da8f5c54d4bbfb49b82a15860d499f6b50

SHA512
108ea8324038a1257ab6a29f1e55cb50bfbe86ff2074b50af241491e3e58bc4171fdaa39527dcbd2c746898c53a5c1061086395e304ae2872b2d4d2ec7250d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a96f82ab7b8612997e13a5ca3437cc6f

SHA1
7a096f92bd0f63827fe680448a2e902a3746c6e1

SHA256
e0192eadc3c3c620b7638dc85a9f142eda03c70874159dafa8f62041bcb2fcce

SHA512
1f7d5d9719f2ee134d629238a662b1db92210fbb92acec2c6db4d37e396b7de404a442e58cfc71aa3b7e6d7049cb6153aa11b307b31ef712f27b93454c5483a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
909ff8ddd981ded3fa810faba3bf8ea2

SHA1
214dcfc1e1ca017155a0fd84c70c3c1a0d88207c

SHA256
136f068282ee6018bd7c130b58ee08dfa1c2c18f92f2ef6965ed060763b23d5e

SHA512
817cc02a6cf03f89c41e4b91d04c53221ce56d6b4c4152c7fcceef1ad29edeb7faeebeeee6c483b56926f0a18afc055445f18d6bf398478bb358b4ff3fdcd4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d8afcabec18a5250ca06ffd6c63b32cc

SHA1
1d859d81b56ffde6c01828fcf6b6bb3bb0a3153d

SHA256
9781dce6270ca4b59898fd136f8ea76b7fb44dfa0b6c43aadc65bfdec9634cb0

SHA512
b1f0db68b709753294f69c443440188418f5b625cd294dfd89cc1ded457a2e3baf94033eb5e27efc7fda0a0797a106ce3add89de29f899666a5277fe6196bc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0d97bbb6a870c52d584e62494d81314a

SHA1
195aad0018825092739729537b690d73849416c1

SHA256
665a5b96e627e61ee03e1ef511a70a546b1183725b601551fcd1d96aeeec1830

SHA512
78f9ef33f13e722a3f93f881cc1e2225f4d27f558259fb660f086dc4ab538ba491403cd2bd86634dfb094ceb8e937ede278a9a624d70dccc29f368a750b2bf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
17e1dfe89fb1fd017b7b1959bfb2e9ce

SHA1
3cdf6a6e9719daa5d33fd69f67c493498bc3c7fd

SHA256
40c9279242f61ff59db4b723803b4efea64ab0efeeb6e5bd5dbadcbf96c815d0

SHA512
ca0101067fe95f3b29ed183b2d8a19f0667b85d3d956da2a59226901122b4f92c2b4945cc507911d7dad4aa0153ee9487fed92ee0bc97b0c5b7ec7d5f9676acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7fe4c1087c983619eb0991106aa5c582

SHA1
f9edffd9835c28dcfc72703ae0fd78d0e0044f3e

SHA256
8bea6ce878228e3d92c6685ae5a7078ab7a29b645745073401aced5d2ef1fc94

SHA512
7d69676003711ee2c776e539238dc3650abe6cffbed91e88e86ef6d9824ede7e803354a222b8f9b255179ac424712ed5cbad542bc526fed6c25c1b13e11a0997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1ce5301fee17f8f82980808e6d69f702

SHA1
1448489abd4f7653338fb46ac5056772435989b9

SHA256
9cb2aa46863dcd30562d0dd9ac23308e33c2660576cf8de6f5f39f5bf4f695c4

SHA512
3131417be17110e0d6a76a9b231bd770179135cde841d0d9b7ba8e168abc23748073248bb935beb7084894c76aa1f0a13382323ae36ada449e7c50f255186c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f124a29be651231a38ca44ffaaac14cb

SHA1
7c7bde38b0449c4393be939fd7844c9baec5dca1

SHA256
b644e747dc8b023e4829bb45b0b2d4fda23becb06261f570f5eb16116ab8536e

SHA512
a86aecb58fd4104cd656eadc18d30de9c11ba41fcbca641aa5688719e12471a36018c6785e904fc500ac068455f03ff5d9059be8c415e4d3c58e3a5c361a77b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
3734e11aa364059492e9b7d188caf72d

SHA1
ac8d8c83a49813f52a7078793b4287c9d556ef23

SHA256
69ecb8cb153da1e77f361da10997810a5893815271592e60cb488c2dca62812e

SHA512
82d5050ed8c3d281e35146af7cd811d6923371a046303f7c0946677cbcdb2ac613cf2fa6eadf31be240f73612626c8421f720c97a9f8303df2c5d49874106b4b

Download Submit