hxxps://youtube[.]com

Analysis

max time kernel
58s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1304	msedge.exe
1304	msedge.exe
4908	msedge.exe
4908	msedge.exe
1460	identity_helper.exe
1460	identity_helper.exe
5100	msedge.exe
5100	msedge.exe
3076	msedge.exe
3076	msedge.exe
5528	identity_helper.exe
5528	identity_helper.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4780	4908	msedge.exe	80
PID 4908 wrote to memory of 4780	4908	msedge.exe	80
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 3700	4908	msedge.exe	81
PID 4908 wrote to memory of 1304	4908	msedge.exe	82
PID 4908 wrote to memory of 1304	4908	msedge.exe	82
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83
PID 4908 wrote to memory of 1500	4908	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7886979249714665657,4453295767264098348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5642217018414454747,17880037100401970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:6116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
57681da3552a97dc7f23cba8fb3b8aac

SHA1
02d5396a830d66b578f4863a162722f990406212

SHA256
2ae9638bc4c15d85abf692dc467d6fe94bf5823d51013da02c376cd9c6256d19

SHA512
e6ba42e2baec92348648b231cb4ae37a94dcb029cf7a133e8d7895f64d1b05fb14bda8eedad51d1df546d0b06459ba2c085d823ca21077fc15b8add2111cbcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\916768ca-e3fb-4e2e-87aa-c8839044c4ff.tmp

Filesize
6KB

MD5
bb07f30c0e397d1864b2ed0e8cbdd454

SHA1
038865a1b65a15e7cf5aad5e638a4365575a854f

SHA256
b2bf3ff81392defe90af79566c9f3f2f3b34be46ccb14e226000b6f17caaec1c

SHA512
3cd6ce27c69d9c266548d4c762942e9e44a64459a606b3e02e4319cc7ce0474e31d238a23532f1582f8d8436eea7a775642c573b253812d6388b99b9b717ac59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d1b57fca3e1253da161cc1e47020ec48

SHA1
b61b87c7eb349fd66a44ffd2809330e691b768c5

SHA256
59839aff9484487012bc15821831f4fbfa8678c4e53a3354e46b22101638c17e

SHA512
35a453063aec41f6a2683139eab0adacfcfe8e541d584b979e92607581e91ba60c747863ba194ef1e7e93e414b0832bf6d639d5a8e7dfff1c5efcb4ba3428e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
2d45e5de9c7d6c02c999cb16958ae46b

SHA1
38e317dfdf778ca9634c8ea551e9c5c566abaa18

SHA256
1886f08ffdf469faaa87fd6384754fa140b257d9747d6be456d2e1e3cf183b0c

SHA512
461691d3eac73e8db5f65c2cd502e481aa509dd5b0bd7ea590e4f625adaef36f6d817cc3e261c1e2f7cdfa24fab75f88755d641d736dd642da3e38c8c2387e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
e070ca7a41f59511b1c5106f934c4e66

SHA1
25feefbed848232e21b81f2a42d86888ec899537

SHA256
ad8fe19763225749b025e6b85ca2c5da54330682c1a663ff1db990758e7d954a

SHA512
59d024bdf387cc16ea3164fe2e8049f10f1c62b05c5af8aaf03d8234770bf49d1221ab8a09afaa81ef1c268afecaaeebe21fdf08d33084d65cb5b0473e36e50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6d44082ca6fd6a731b14102e81e649aa

SHA1
e3c081d086072f92e9cd39ea1072c1ae24dc46f9

SHA256
8d6bb0d23bb44324877942c591fe8f79c7613e61c74ce7df2531ac5582dbebe1

SHA512
8a24ce7aa2e74c32318181bcad37172066c3b55dac52c2edd2201870f095291fa65e5fa8dee228b7bd7064cea452ccb78ead21329e28f4585b457dfd356e01ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
1901a803d85e0aadf709194c297849ba

SHA1
5b1b20f1d3f1a304f33aa21169b870369dd1a7db

SHA256
8ac979700a56b74b7c268d3db9e72c143e7ef9ecd8eb2b02a2997602e64cd490

SHA512
e1f08e004cc9fc84f3cbe81ab3bab9e0f9f57afbde589b8bf551732c706742d66a60230b77751d076b178b572e632f9c4bab0518c7f275d596f686a86dcaff04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ac9c33751612efdaa4b51d9241cbba0

SHA1
4c34bab8321fa7f2159d929e504926bbbbcdf108

SHA256
2b5fa0c4b24a29c8ba7b5a589865a664fd1391b4e2aaeea08e9cf0d4d7c91a01

SHA512
9b8ba3f628dd559290dc6550a9d917e6bb390368ec4e2d448acb4bddc8f3224df2c8ff90fd5a6add800246946842a95e8689fbbe1baced7077141b3fbf4107a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccc6fe792378a2113f54589a7d905f3f

SHA1
f369602984886eceaca9d5010ec206bf6202f1f1

SHA256
56c8fcc4f41f4a864aba9a8c42fcb25cdf1d8cc7600ebd10ad12480d5db5643e

SHA512
553a86e3eee1d0925d3c89b5ee5ed77eeb9f7991da57ce192da9a31255738cb71111ff5f9db5d9c4295b1a1dce62e2bc3a17f240a722786e2a4cc80e4e93cd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c475b8d1ccf879d46c23f4164294fc8a

SHA1
f4218d3173597bda99b29c88a5d9c906bc6bb857

SHA256
d9f28a36a2587496fc51710bf19baccf1051a27844d5cdc05192d9d105798050

SHA512
f56f7fded0336c21e3d03f545752403b38b251f749c1e679c3c1548cb7b084bc4d7092b7fa65effb4c4a8bab4dfe88244c357bf70effbbfcdd6eea97698621dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a51ab150bc4f575844f0402236cc978f

SHA1
d6755807d336627c6ddebd48436f6f28e09d5c0a

SHA256
0c272c398291311a0f445ee79e95d2a69245ab041a839fe5ddd7636d98cf6ebc

SHA512
111d856126f1c119e927d00ff04d103fc540ea637238206a8b153e6c1da81ca650046d2b35c5062fcf54e961cfd45c68794d64908afce205826d0ebbea08fab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
8a95d32f74eb8478757ec122eb1129c3

SHA1
bbd033ea638d50889f6065983ef05e98a7f45e5d

SHA256
e1f775eef67f04c35daa1d03511571682e3f2a10a9b95ab1ef1f143f25e4ede9

SHA512
44d239e2f9d71d8b0e3d9dbd9347bbe552ebebf33bffc03263b3f9b29743d6cdfdf7f7f3383976fd142a6cdb57ab91e8d9f9b2fc06bd52a30aa11524bc44bcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364489037033375

Filesize
3KB

MD5
9a4a474348eb77f967da56db53ac1edb

SHA1
0e1abadc2b504fce5aa32161f916ec450566061a

SHA256
b578912a1617739a0650d4fd9a3b4cd506d7cbbc99b1c8be969cf282a0a61535

SHA512
a198b245a6ee1f354404b8fbb713c11ae9259081d643ecfccad3339e05383c05dba705985ffff35ba61559b32bbbfc29676daf8862f7a2b7219fbab3c0ba4dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364489037252375

Filesize
3KB

MD5
b87525ed6b9bc834dfe4e4e0ab5d6b69

SHA1
75cf07139a2509dc04681fa64a53b5bd7b9ca3e7

SHA256
3fd29c3a1af1b6f66f45637c10ed0db141b55d0aaa368ff8d8f6ee68d316ba2b

SHA512
14cef0cef7180a72036a026aaa32fa3ca0d678bcbb37102891b2079ef7320c05306358ad0982a274a9f35fb8deb2ce7af5a313162c6175b83c6995f2145b945d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
595f35564581b464e10b7bca78a3bd08

SHA1
19fd0e537a7d2a1c3a90f08682212909edb45662

SHA256
f4e2829f9c5686901178d567b0c573a3ebbd41c348fcf950e37707b8eda5d46d

SHA512
f0d674104975d6bdb0c687fd74724cc8467e0e0099434a6451826c574366115ec25f31d1f172b1390991b8e67154e0b021077c49bf0584768943712c5bd46df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
992bf45319d83ecb341c8183265c7a40

SHA1
186e4801032539962da6f622c3733d67cc10bcb3

SHA256
9265a08415bf91e1e5825e371a071aef9c0b3ec02672990fb6bbc94718b311f8

SHA512
1794c38e8247042cf15af38b22d045bf425031d10210181b0ca3614f440f4182df4ca59f1f7ba9356e4ba82577e7a5603553130f7340915a448f35393fa09fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
198B

MD5
eb4fbf2a05ce2bbf3fb2c6dd134ddee3

SHA1
fa664b79dd57e2c3491971f73e859a1a9df8b530

SHA256
50f41b724e705cf224ffbdaf76abab4384669ec099bfd7b1b26d11ed71d77af5

SHA512
6be57592baeb65a75efdfeb93e33b9eff3e6374e921e26fa6a205ea4dd4825abc60b45594db821ccf411ce52e46300f79385d7dd3b2ee582d816d021c0f5a48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2d95bbc2821da1ab1d29c00fd3558d29

SHA1
04d460167b2d594b86c20a1db40a601c64944dda

SHA256
83b2020a82bd1e7df1487b3a6e88417f7162ecec77e19b5398391a81d5efeaeb

SHA512
0ee8a471a5458c2069e0894d836e86aa1eccd36e34de6d7e25fae8494f661ebbb17ae13a4a04871431a6ff3d1ee705d325d962b8c2618b7ccff3e4cb09c2a13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
0a0b5c2ed890d62d5b88d0482904de3c

SHA1
9d9ecc3deb14a7dd937789f9d59d8278c5638c74

SHA256
fe52370def597116b913da5cf23776026a44074b16229ca645003ea2158fd43f

SHA512
c9cbd8ad3c41df0513e57d2e0d3cc7203b9f8f5f0bcdd7657e9003c6662e5ace39c70ad16bb4525d153fa57c843341b34f1eb4173700b28d6451409aeab61503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
b6e4cc5f045cecc0e44f2cae7019c51f

SHA1
e7029b8be8ba19777435f818cddd7dce120d82fc

SHA256
fb968744b482db1ee11fd8b147ee709733619c9a0a43e1d4106ebde7983173a6

SHA512
31c03c694f74efb9f32f164777d816b9e6625b9ed69ff1ed4c4c63f0c7c0b2fa6ac7d6dd6c477cc7dafdee7ed18054a54874f7562cba775807b4e7b37edde6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
c4f2f1455c306a2e501790656183fa73

SHA1
531b6d9e12c1155d3520fc26bcf40ea65a5bb83b

SHA256
d1112f50995df4c4af21769418da8cb89a65ec7c483c0780858961013c4e2c33

SHA512
689c8a42a3b78b4743322a905bf638a8a370a3f9e81f0b33a6ca242261a702c7fdc13b40e20b89f596c03e5ca842574a23cfef8b1f4c142efc5fd033e601ffe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
b8f4c032de4bc555443c879ee4e7dd55

SHA1
c307efe20e54af9506cf0afbcae71f0a4ec4a35d

SHA256
21df04ee91287bc3e40a5efe9817960f4a9d8760808bf83b5a7744308bd6ac18

SHA512
8151164af5ea370d651786d6b3a768e3c827a57ebeb3063856e5833b23f352f9a7d7300687d7238629ba5c41386a5007fe673cc28b4345ca744017ce8d70783b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ed5713fc247ba6010fe60d1fe928b415

SHA1
5c2c7cced35703bb40bb8738f2e26f5d483bb146

SHA256
416bda4cf2c1dccda274fb4a1c97c442ebbc54e4f1ff1aafabf3edc3962e5014

SHA512
91f937af604b48b58e856f285fc0e220f7879cc3622b67b12e8025111c71bfc1630191cbd153993956419a89c5263cf7b533ac42452ba9985acece257d3ba662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
be334f6749f6fb38fbbd4a44780f85e4

SHA1
4826b373abae69b280ca6392e710b9f8d4fb4d6b

SHA256
4aaaaba4b91cf9be3284752881bacd8d0b331621aa400b0ce11345cc2de4d7d3

SHA512
6532f6215af02f0d248fa8a9cb097abb41e3474d246d6c7db9d361885b9b4069aaf9bcafabca105b1914975c500932ef77bd972e7993599ac64aac486dc40a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5b197e9330f8251e7057c180dddaea25

SHA1
8d9eb13809025c8c9fb12d01b9ecc403d17dac54

SHA256
bebe944736ecc4c35a92a3ee15ff5b56a4d0c96b5b1480e3e841b665a0249058

SHA512
06e33d41d7525f1a3bb6fec399870cd733c106bfbe0b1c7330985c2ce72d928b4bfd77e5dfe8da54a093e8056b9dcafa7113e55e807b2f27496befee4d785db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
69e94e4178665e183b82aeb339be74dd

SHA1
989ee609c38863adc8cc7e9b0eac9f56483740c2

SHA256
a6e26981c02f878697484ef415902ca387ddbbe2cacc0d965b93dbd662a77e2a

SHA512
3601dd589ce7258677a0de1176554649071a97698bc87a8db30741b44935d4a1e859ad9607952613e3da60d75b4e003c00d9aa9b7a115bbfef6756ddeb1c95ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e780071d-18ae-423b-8fd7-9782a84914dc.tmp

Filesize
8KB

MD5
41df4bb54509e01d48defa526e011891

SHA1
5ad5e839a83d9b5821a0e1e5d872f83cbb3f090b

SHA256
261c3ae9a4ddfedeeb2b6531ba7a60c649792e086383ead39474510407130a43

SHA512
e2e0c68f8d19b96ceafba2081526038fe03c432deb5ef174bec9e9cffaad407a3be11369c592e27b4ddd6c73b40785bcd98a45d15e1e31e8e9878f6b96fb7cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
213ca1e40a593e9afc0bbb04eba83afb

SHA1
434e4f142547d814ed9473fbf9cd808db078893a

SHA256
253517b2f4284ee32e55898a91cbba76cde6fd75f44c2c02b6678a43de326740

SHA512
eb98af3b1ae251eeacdd4356a87c54a09ed62cc8db03a163cb36bd3a317144f51619bc39f9b4fcdeffe1d7275e290476738a4813a0c0373ad660fadbde55dfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
a3a2b6f363e3c21ae25801cf6736f4e8

SHA1
b6e5aaf1897ed67c4e03adfa11e42435a7ce25bd

SHA256
cc2274092f49aa6ea60e7718900740f4350b5b664e82c8b7a6f7ef8a3ebdda2c

SHA512
81bf5a0267a578ddcbc30227902b9e31e9d82d89172f1efb07432d9fdfe4ed84ab81a75f4fee1c1a1cbe62413fc8e371d4d4b212a7413eacedc869fcbdc4650a

Download Submit