hxxp://google[.]com

Resubmissions

22/07/2024, 12:25

240722-plkmqaxcjg 4

22/07/2024, 12:21

240722-pjcjbsybkn 4

22/07/2024, 12:18

240722-pgm72syamk 1

22/07/2024, 12:16

240722-pfx1vsxaqg 4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4948	msedge.exe
4948	msedge.exe
1032	identity_helper.exe
1032	identity_helper.exe
5100	msedge.exe
5100	msedge.exe
4760	msedge.exe
4760	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 5048	4948	msedge.exe	85
PID 4948 wrote to memory of 5048	4948	msedge.exe	85
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4404	4948	msedge.exe	86
PID 4948 wrote to memory of 4828	4948	msedge.exe	87
PID 4948 wrote to memory of 4828	4948	msedge.exe	87
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88
PID 4948 wrote to memory of 4976	4948	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffa43b446f8,0x7ffa43b44708,0x7ffa43b44718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6573675387904165351,18194635789824458533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch -contentTile -url 0 https://powerpoint.office.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa43b446f8,0x7ffa43b44708,0x7ffa43b44718
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,15603277955480768572,5421056941020902025,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0052283edcc193f821ca2697b98bd155

SHA1
528918c50f63c863c06c08f5833bca4ec185e448

SHA256
8214c9efc81c2571ab99ef37c615c3239e0df45e2963bc2549eae8ef4e7413ec

SHA512
d5f6c81c2623f3d201cc2a21ca795fb41c8242de3f285edfb92a9795d2608a8390b159c46bd61e4027054718d682d3265566cd771d987d78f26f28093211dfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
82c8617b3aa01218673fe8e3f501964e

SHA1
32456d3a8b89ca68a71a7e9a85f5784959985663

SHA256
0ce2a646ccb93bba10da44d3f67f5fc504e271411d89522ffa9311060f936867

SHA512
7cefd7c9558073f850ed2170ba6d34a1746490e37f0bf86ddaf61d1f956e8a1f88a08a1d313231bd992a50dedee1bdb700ac05bf01d0e2ac0fdbf16857d22125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
4d9c564c4361d52f99aa949c8e2a7f79

SHA1
e6265a012d6154029801edd1036e754f5ab37160

SHA256
c718aedd23dca9ca84098ba0b13e2841b7cec187411a3b5f557cdf3351132995

SHA512
6f49c4fc0af4067dbc2a9e0f2de622de7806921d6dda45a5e92f73b272d26f385d6c4b7390a8ba234947fad50ff9bcfe5eb2c7bb838071bbb5293dcca06b05cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
3529e24fe6a8c8318298e8cb7fc60790

SHA1
0c4c32bf3908c620cedaa97df71caf6deaacb692

SHA256
425b5f76183846752bf62d4a74d4e3820b6cf791d0c19b15de204c0f08a36644

SHA512
a886543b112380f17e9a48e9ca92929744df88dbf4d49ee62ba19659a1902272cf4b5c57418d2e683866f7079b1375a46bd67b4d099a1cfb08dfb7bc659fec0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
c16a541063ac82da93e6ded58097b5e0

SHA1
d224b9d3fdaa6037697b73f27eddef20f503663c

SHA256
76f1e7a93c82e4e8efd69953c409656c9e5eefd728e926ed5ca5754768eb24dc

SHA512
11569bb4b7c00d36b7c1c9f1342f525fdb20d3af4b5594b4750cd5b6429750c22be120a7920f18c235917700948d7a341ac3d5067ef7978e67e366a6d3f3acd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dfeb00fde24e362f6a23f474b5c1210c

SHA1
49566098e2b00a17fea42e765da9f1dbce395903

SHA256
47a58375ae32fd4255d21a2e2fc8299183e32b85aab5f22439674690b8aa9047

SHA512
73b40d907a112c8dcb1f18ed20aa9c350ca8b9f649d45d2313b5d3677ffc574bbe84d490fb46c7d5d7c09514cd424059f499dd6883ef7c287eabca2c9c3eaa7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
29738482115f120f0161a570d478ae23

SHA1
16049d4389711bc3b44d76fe21ac5f5960455af5

SHA256
eb99534604980c032530d99875f8f775c15ccb80f5a713a2fa37a7ca333ff072

SHA512
553691faa9b3b61c76a900f22231f551d7158d779ea7697ead3db018cd24cacec0442835803c7ec46735134889116b37133159f904e59cde07baac668d7b940c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
2669abeef54a20f918654d5160eb26bb

SHA1
1ec1c86b45a9b05b86eacd1328e1db9e9141b7ad

SHA256
4ccb1cc621e303b8d31b4e2c085fa3fb621cf522e44d09aed8f086b64040eee7

SHA512
4e1b66ebd462dd0fa6a4bd73891d3ade2942542fbcbb48ee20327ba616d4517dd120575e68fc097b8dfac5679de68fec5a7a8b9b664a950b756f79c93663516a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
74f6aad4802948e1132bb7e327a18931

SHA1
2c9c11935c647647427d283450a91cbf60af3027

SHA256
b515d99e8913292ae6c0d349de8113a9a5b3aa79ca56f5c6b1f989579fc04f13

SHA512
766bc40c6ce9d853d218ff9fbc39ad70d04315aa3187be61a881da57c3db498990f6ddcd70310711d0fe73be65b39f3ae0200b025e230e067bebd3bf63c85784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0eb5fe33d3e1a00df1346046045ba43e

SHA1
588bdecf8928dd178861fb8f9972392f7f435d1e

SHA256
d6cfcf9073a7d98b563cc08d559e6813af56fe50d6fe99308db0ccf660b48c37

SHA512
7647c78cbb29cbe0dbff203fec7843e364b38843d22d0167880961d0f55da0ad33a283eced5fd3deb92045743f23b584edf6dbb2ef1f124b304947afa007912b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2be16b25917f9c3b597f239e5e706440

SHA1
892f68331106351b6b6bff1c984806a91438a6ad

SHA256
dea23b223a180ef955aa2f1788c20c0048d31010d0cb3a9e04e307c5a4db8d74

SHA512
644bdc6bf84098ee9da444988de7d52ca3a4f7ca559f60e66f429708530720deef94c428b5bcb1d1b82ac6eb09422d159f79ea825f42e6ccb2e06e29aa8f6836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
8ce8e03d151107167903be339ac7cf18

SHA1
72752373ac45d4e57426afbb6b45d2e7afa97af1

SHA256
fb9368fcbcf20c5b5c6748061f3de6f364f1244e8e7a1636a8faf2e8a282c901

SHA512
afc8e23ad418bd7bad3b4668f2ae3aa931e71225768c6b61a999b5b7d9f54cca6ab9583340b49817723dd7265381a99a2ed6c9e63595419d2ae1def8bd489913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
edf535f74de31ba4d840b262996ee083

SHA1
798470b8bc2011a8c3dc8edd1832ad7634c1025f

SHA256
50aa9d6c97c924df2dd99dc45a1b271bdfa9351bc46d4bd5324c989d34ceec1a

SHA512
e91d81046cd4debb4068d7218f641c45de7f1bfa7bb175e2e837c38f1ee0898818a523cc3a9abb31794ee78a5ec77b6b1169c9714733cc5e75fa94239f7adaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7456c3b245cca55cf0f33e232753de74

SHA1
77b4638545277255dc2c9f9e644a373997182c21

SHA256
4a5f3ca691195bd3acce3ff125e99c6aea2e6e1f47272cb7ec9e6989a7f7c407

SHA512
e095023b8852f1ccca5f44861f719719f15b039bbf0a232a69b0e94bd337f6c418a54bd2d0b4e3bce9017d744558753dcaf70fd4c4ca8a0b9c498ee262aece78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17aae24742c5f72eca1537c326d283b0

SHA1
ee0dac814398500ef210c05d0b2ed988fadfc6fc

SHA256
aaa1ac486807927c281b512d3ff43a06a84d3fd514bcc943564a6a6385fc84a1

SHA512
c53043254cc821a2cac9fa300d223c8a0f0e159d547d554eaa70d6d0d15ecf03b45bdbe0d589894ee5e07087481c58132f6ffca20b7c2a739b251c4e67a8e21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
cd0bdb502482af2c299c37b86d377c74

SHA1
8086a2fea4832b1b94d07768c1b191cd306e8a96

SHA256
f5e9e0c185abc4a2bde7507d2507a697693c6d3f637e76038d8210ceb0adddc0

SHA512
f5988ba81b1033fac2a296dac589d96bac64dd282f500c7f64c39c7229f43704f42384cea21b89c0ec0fbc6dcbf7fde35f441942ba551dbe83285bbb276cf501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12550a79e258f0a2f5bfd44862a612c9

SHA1
6d136984c2a2dddb0071ad791f5d0b53d779bd9e

SHA256
5cfd9ded184ce840bd70972c8c4daefb9672915342eb4ff71fd29b18bf810e74

SHA512
caca7326fc4141e53ed6dc7fe7bf6620f9d8ae08f590ae1ce430d26c27edea368a73066e7e690f444d201d1d4e49b8ff6beea1699684d9921a1c26d83baa38bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be55bce6dfb1ce7c4a79b57cbb270869

SHA1
6794b4de0878babf7ddf379762d8e0578d4655f3

SHA256
eb0b1be9a2e79239c82cb28300fc7b50ee4c3f53c2dcb0daccc247accb4d371d

SHA512
dd399dd09498a8f7003b2dd2543e2a513361b79b5833a59ec83105808575a26b0769e9abf81716e66fe16ee07208e0a7355db2cd966f1aa64c36ff899f893edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a9dcc1970acc9c35a8bc47628fda30b

SHA1
2bf0d04c3e59c770eac66e2675d44a7620d7708c

SHA256
810e1568e708ab689338d0544c137654207e2295074b900db9afd4d9ba4c040f

SHA512
88cbd7645bda170c12e58a07633cab5cc57ed19bc8f47ea1e56393130a0ff75574d3287083bcce73a7dcd1bdb2262353042b08047f5c1c0ea94e86375cb7f802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
886a7c8b330d31509deb129e7c3373a2

SHA1
cc68ca74c5955d6a4d96587a081f317ec681f333

SHA256
33922b8cc048a2a619b80d66fa3fb1e4ea5d418f4895577e412bfdb0e729e622

SHA512
027e2c3abf89f1cc27da89dd9179708e15b9bcfc34e43f26cce691556f567fc5218776c73ef45382d0d65a41c2f481c0654e8e913d9c0b7614e768d319cad9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cb796c03a382eef37288ffeb013e8a1

SHA1
2955e0e23c3b061afef86829ce77f5de474ab9be

SHA256
c3660370cf1887d0075b95348b549b4d15b7844c7004fcc806403800355b7e18

SHA512
003afe97c06bd74298b919c35bb8cbcb3638d16b6aeddf90ebaf2ee75a5a631e3d1d7c4665c945a559b887e428686be93c3665f608abff9fc987ca9132fc7522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
021cd54b4a1bd21b60dc47358ccc783d

SHA1
4e7a6e0f4eed6e83b440dc27b40fa67778c8c880

SHA256
4510905ad8ea6c0acdf522af4ede8bc7b1d630f248876bc7b6a5912ee8ed5d69

SHA512
d5702c3e214712f51a8e45e925253c7b437ad4989ac86cb802141b6e15545f96b9038a8e6dae0f267b600361375a672af05a01a6108a79727daaa868abb0c8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
c9281c7860f6ba2451639aa3b17a212a

SHA1
a9d62b2e1d2cd7a999acf0c02c1d39228be50bf2

SHA256
47b0ff4ec4aaf79646c1c0c0e5c21993a79ff77404b857d042980b88a1ed5ce4

SHA512
d15f1009c4d5fe54a1b7891bd13d36529e5a155e4cc422a14fdfb621904f50d8a50e8b66b84c00e3e919ea35e88c97ead984e14034d547d00f699f6c7ec865d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
215c978891d8938b8e7eccab3b345745

SHA1
be83ac2194ecc09f24b7ef1c139e9b636afc2b99

SHA256
2ef172deb19023816382476d3a96ca9e844ff18a07ce4f9a4f73ac9ee590dc7b

SHA512
12b340d565fed43c232948f1b6d5f38808398a69620cefcd4681f9e345599b1e786bf08de651f4f84a07132ce503134fc50299399f155955675b8da6a1a9119a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
0d128940fc7ead9eae6ea10aa58ecaa9

SHA1
77bdcd3c1e0b0d615ee250d52e2326842e990da0

SHA256
d5b059b7d49677006a10a60641e6f833f6f14c836baac627aabe6ab65fb8ce30

SHA512
5c117b6aefbb6d8b2e6f85c2b08e75c7d6586fa64ef44c9dd5eefcb4b0e7553ff5a0ee8fa7e5485d584fd789c5b1ef8bd53c2b7aa0a369701c308dc8743c08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366124309289599

Filesize
9KB

MD5
49ab8f58a7131f98a8bcfc8810881b48

SHA1
5f27aa3f0822e4e882d09318926447a34ae43b50

SHA256
82fbd3414f27d7cfae53df61004dbab9435a0bd3b7a1066353623c45ab28ada3

SHA512
61a4d602cb01fb91c322b053f90d5ec4fb5edc1dd7a16de8d365ce63f01dc6bb809a2b39845e66fee73ba6a8a26c6f94d501c008cc43f539da3dfa0e660ff6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366124309502599

Filesize
2KB

MD5
f44e6f03bee4d8282b90aab004b80b0e

SHA1
c784274f1d093b0d36b29d831f85cf1e9e72c3e1

SHA256
f25b9f7558ba0ebd5643daa8fec04b467aba5a4c4b7515aed48f89f626735385

SHA512
7cbfe7057983e8944e6e5545656e800383604ff5b8e1e9a3d088ab68393247a1848f5274bb5063ec3175d20598f6824ab36cf332786125e44a8f90874e7e1a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
45ed53854051f460eed284efea6faddc

SHA1
2fd19a2994d0fdfb5e659c5a1b7243c879184829

SHA256
7718bb606d260f7e543a4ea784d4160ae8253851eb4bfc47e20baa6a151df44b

SHA512
42071684f7e8f6b8eb2a46a31775da2561ab821da92a2209785239d22bea36918cae9cb2eefd450b78fc60015b5e2b0c22e7c1422086c3acd23ef1608cbf1c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c9df2444fc5d1c35f147e5d3d779c3ad

SHA1
f681aa64ec2c8e4952dcb1ccd13f68ebfda8e33e

SHA256
88fa8738f84a578b7b91bee7e86c34d4a277ce1607f178f6bb2d618cedc91954

SHA512
02a5ca408d5f0caa4981f487c33ca6488c64396602de9feea870db3ee7b6cc656fb566e4c952a526d27d746947f49248870d2754b8acabcb9d03b9c128234e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f653e2d8b71c94fe3fbaaeb159258d55

SHA1
47727eb26f1c1137c6e894d4cdac2274b35015c4

SHA256
faf3b01eb65e76abd06b20523e4bf7334a22e00343b4ad0d2ace494f4394a571

SHA512
970608add7aafd1fd26195e7e1f359ea56fee0f57ff0869c9fb50725455006f900753e4da8d9dfac031ed7d5bb6ddf97f2cb21a9325c4434cce4ef4c5799d536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
21bbba03bc798307b93dd98916c69776

SHA1
bb5630054f4ead6c73e78372cd5154c238f085dd

SHA256
7aef70720c0c91854791ceaff768e84fff2b1420452ac9dc1d7d8e3f215d6bf1

SHA512
515a73b27fc363309b6fd345849123676bad9abe27e0c5a87f147cdbf957db5145378d44727f1d1819f6d64f2029066e9fdae409f77718f1ece2a1a5dd8660db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
f8ee94d4c9c33f5a9adab3b46babe429

SHA1
561d29e2853c7cf7c20ac9ce17bfd32f49a43275

SHA256
f66c75142589c4afef97932f8c0585f3eadd68780b00f3c4a50049151088de6e

SHA512
8595e1e36c483f33a6cbc96cfac8fdf1d9ca591c27d1707ff016b7f50e67536f2a6e11ef6d950d4b8e90ecc9ccd5725c5663fddcb469bd12c6878730b675d95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
812fea2ecbd90bc53d6d632b5073dfc6

SHA1
79cf64896da956a855763defb33a0f74732b6362

SHA256
0c25aae51cf0b84ab810281e5d06f19cb298953a41bd5247d6840a4052012b5f

SHA512
8998348ba044166a7307880c611b93ea64ddac0f79a1e0d5cbefc6400a5109cc46ed9a2d97d41c8c83066adcfee84d9a539694395a062a5959737cdd8421cc43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
95422daf37a4bcfb512a4e5af86bc34c

SHA1
f2e94b79d3224100cae6d8f10796056a292696b3

SHA256
5022ce72f65ea19831a13a7dba78b331adc213ce919578a0c47a2d5ec5409fb7

SHA512
be443048a58859b954c188884d35577f56960f7b5d630f21cd044a3176543cc6d71743b309b2c5c4d9f3b9ca292559768b6d99b2a1f8ea1cd97dba3bdfc2973d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
f01811d0c3f54def3d1ed9c7df51849a

SHA1
0c67de4548ce4dd454448556a5ffd0b01f1656d5

SHA256
332d0a71f9acca20e00163788e7ac114f5a1868a46cf56dbeb02429f98646338

SHA512
6002011d13f7490b63315fe294110a65af3d51884680b6b9fd7d379caa3d6a1524aaf8c00f89e815db1d19f39b82686b2eaa7576a4f4322145f765dc987f27aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
9d9a38e514668e331ee407dc8c56eb27

SHA1
512fc8b6aa87f93b1e64e18cc17460d75021dd1b

SHA256
bc07907271cee30b205dbd52833c9650c7b4444478f6e33969680a8f53a6e64b

SHA512
506899bf3c869165a5532d9c1563882e3c49364bc1837b791d765d459da8d41039752b50ae3186f36533ed67cac94913e0d833aa89ca832146fbdb8cabb6cda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
1b7d209eed500e3fd2d3fee300af6e50

SHA1
eec56ab09ead6d2150c84ffa76bd7c1bfdb9afab

SHA256
ba1195ace104854e15975f6e383222e8202d299ca1872c53445e7cc915f2f6ec

SHA512
79763bad6f901fffda0239437419228578b874973233678f5f36161e0a305fd3e7d959f778c6bc58abe60bbe636beeef230cd11959b9ba50190d89a0f5305594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2a221b94afb58b88c539ee612b577f34

SHA1
84b01855bc045327eda529b783529f7b020d7651

SHA256
efcc8bd58aa448ba4e696816b50d1498f7e246c9fbf1a61299c4006c69515529

SHA512
d2041963aaabd1afa9c8a1c760d39c4719dd921ac6336a339057da793d57b9b5c8c5aaf2b0126403f8a89806d0a407cbc8529c5f53c0e9a2083a8512ec7c1065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
92e31d7c41c13746ec5d3aace97f3f56

SHA1
273242878c2d59b9b2b74733637523d8d23b9f09

SHA256
c618f01f4e7e6ff54121295a64c4af6c7aef626abc7bb1d1893434ee3b79ad14

SHA512
f4d8cb636436d50b485255c0b1d353ba08b433d52b94db39370a9bedd063dbf4d9371695138ab14f705dc62adec7104abac79ed9f68833c7400fe088c53dc2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a9a65f5f39a4ecc5d86bbdab3dbdd0aa

SHA1
d194eb394b145df776745d3be62a410cc438b6f2

SHA256
784068337014de09f018998e8772129d47140df444393cf1285ad4cd5c7b252c

SHA512
8cc9672fe5c0eb87dc99a42f8fcd7c462d1e3b5d56a1e02bad85d2654c9b17addf29c50170ed6d8d167e8a92d55d200491752d2ca3aeacdf79f81ff31b417a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b791edba1fdb2edefdc3969f0c29bffa

SHA1
2cae11787a2c4546626681edead53f30e10b7bff

SHA256
eb17bfeab70d86a9b163a97de1ba871342dcabe3df83ff69c17ae0c36a8b973b

SHA512
592ff467b2e871323b696def2285a927ef8d03436c595d56b063010b29ab39d4f2df6527b1fa5052803f669952e45b7681fec26bf79548c4e653f31d3d53e70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86ea3dbffc8638f8b0bd3983aede955b

SHA1
fe6bdc94738121e843df19b27b707e638e87bf3c

SHA256
76bd2cd3c4a6d9d239b0c85f9120bd9d1dbaf7f9235504f32dadfbbf9fb80aa0

SHA512
4a5fc4d42c5c243f16eadb278c80fba663605af8c191dff99ca4bb8be261e685a1b37ae515f2d90799366759f9d42e704c69a277cf65eb609f040d023109fd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1db6876192990871af1d87850a78255e

SHA1
9e7da59b0ab21ea6f5e421a33b48078992383c02

SHA256
fde71e02eff2cd272f83834e19bc1b991d3b886a1d60f87c0a03d9a91cc29cb1

SHA512
108eb4651db2cfeba2901480b68f715c59f8f736d37aa30b83e9da6fb6e26694c3dafff80069538fa9aab18d7357f150ba72350048d1e766add11e9330b55230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\be0393f2-770c-4a18-b44b-424c5af2c74f.tmp

Filesize
12KB

MD5
1b6e364f70190d9679ba49c4434a02f8

SHA1
7f49b81b96984bf797df6fa820de52467b511103

SHA256
e41371ebdcb4936b348cc55cabf5bceddf027bae88cf99e6d2f4931b2491f541

SHA512
965599060daf22cfa9acb5fc0df83b181aa7ece585717bdf3568508de3d9442148a7cfa83dca844b344cbdf5dd2b2ca677cdaba8ce4ffc943c353a7a7abfbf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
a8ae844c613f5ffaeb3fd452b056f49b

SHA1
9bad0bda780d33c831cf83dbd13718399bb68594

SHA256
f0163b047375b6860e493ed088bf70c586acd18b79a9a4539194c9c8f3ffd6e2

SHA512
d985b6acfaa3a4208d4751d9eca0c1552517b3e15f756af8203d79040c98f58b3fad7bb2edce27c0715eee847e267b530810b5425150e290ec4d0b00e3de9bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
4349e6143621778c91c19d4765904f79

SHA1
9ce477bfb24a55bda99fb82d7b8f3d26cb80b2fd

SHA256
e7db70aab0f3eca136d383f36f7a0173e291c0500094635396e77794e3e7a835

SHA512
c3ec878892f11b9a8ba31fcfc292e57fcb0f5fc8efd504eb0a9cb60b2cdb3800444342b966abd6a888da3807bbac4d60bbb9ca11aec7935b8f6d44a8fe4030ec

Download Submit