hxxp://Google[.]com

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{13BEB83E-CA29-4D37-8D30-9F47BCB72B35}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4724	msedge.exe
4724	msedge.exe
2660	identity_helper.exe
2660	identity_helper.exe
836	msedge.exe
836	msedge.exe
3912	msedge.exe
3912	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 3380	4724	msedge.exe	86
PID 4724 wrote to memory of 3380	4724	msedge.exe	86
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 3504	4724	msedge.exe	88
PID 4724 wrote to memory of 4660	4724	msedge.exe	89
PID 4724 wrote to memory of 4660	4724	msedge.exe	89
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90
PID 4724 wrote to memory of 2192	4724	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe97da46f8,0x7ffe97da4708,0x7ffe97da4718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15597708574968335888,258185307754958412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe97da46f8,0x7ffe97da4708,0x7ffe97da4718
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5261263486685631254,17485626952554886444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f445c4981482d67d3c2c8037ee9d8b1

SHA1
5b2fabf127b1efe3d32718afb85006cd1c680999

SHA256
3da4ce858fe015cde6c18d89bd422f8053a132831ba55b9ffdec1c60c0cc4840

SHA512
3049df14bb353728473c399528de23f4c68df65269cc4c051a0582c57036b3431b3fc1a19f94f2e022a4aed2380ca8544e8018bf16228abee5ceca9281af5d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c33cd65aca951c6e531f34bce26a4703

SHA1
40fdfe99d2258dc22aad9b5fd3e2765055d19153

SHA256
ff713888a09bed99a2b1cd8a72ada58fbb05a567efe76c537f5ac01f4773f725

SHA512
5e1591ce3b1821a8330c27ae9e4706d9f7d4d3359352c09ffe324185876bbd25f0718c8c30e1d5b883442e956e59743ade9f95921a3b8151a17951721cbf632e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6c565a458bb4344575c631bbd5f625e4

SHA1
a2ab751bdb0e24ff2b4cbdd6f7eba7b4b28a9a5d

SHA256
e6a0501afce8675be02241846236f88ca1c8e1ad43345a942b8a0460c20aa671

SHA512
2e00e6904eecda7900429cfc616ab238cebbe47b8e801247512325a4266c403e66c5f0044a7e5bc5659ee624fe05e6ad3757fb764ff85ab494f04b7a096af942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e2c0dcef42c27b86f5612a48ae79847a

SHA1
81e13afa812f6bbd31e0870f5c0dcde96ef6ba66

SHA256
73dc543074625475d03f6b236c0769b330355a1ef6c5d289ed4c5053029bf391

SHA512
4f4bc5aa18f9521234d94e2f7a7e3bbf858f46ca544ed45d218028a6fd59994912b31f6520297343987024b226b8340359d9beab29813be8c6a9bf26bfd25c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
120a16396d02f6d1080365c0ceebf370

SHA1
d910894bda7f79915b25944cf747c06471e8e64a

SHA256
0bd82a940cb0109cfae9d4700124b8b39a7f4bebf2764ad59817146d220f7407

SHA512
d689b3a7402d6a7fa43022aa8dc0f2980c2796b0606af6e6801fd5f7ad2c8139bf8158e08ab745181394638e036a638f6a8a3902625a3d0fd3f8eadbef97035d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
edf36f19abd0878c58357500a79b82d6

SHA1
90d375afc1ad1eb02fdcbd506550ec0f21854d04

SHA256
095d4d0df440df6bf92cc529d3a7967455f069ebf26cc51f33c36f8e572a1142

SHA512
8a57afb54347e2295f96f7bf7c8f5374831c52b42b8e6a59ebe7851a01a5f9e6273ab33b524222d5ca400666421e3f77839baf050ecd3e5c0205ef9fa0e759a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
3b08db0b64fb963a066fdae001ec0eaf

SHA1
b34df1132526cfd68f7c60fabd8d38a1bfb55d78

SHA256
d4fde60285370c213799717839a7ceabf7d6ae2ad3882184370276496fc26a9f

SHA512
9b65493a4027024d4e01e7ca3b3d3fed120ccee3e201688213e64deb4ff90ac69155efac05fa79a55992a29c871fe26e498dc78aa36fcb4037fd3970c7582f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
158d936d0892aaad49effb32752febc7

SHA1
750458e4637e121b09e7cb2925a26e5515bfa5c4

SHA256
3c307fc33b688e23d640e01736f2e4d81a6a303cd416d8e47b1e588329050433

SHA512
a283174ade9c07679cb3cf32da6302b4058978aa089e746a3f2178fa0ad39a01104f9d25fe808b9c9c2ac4a382db0f08142a63138b04e4fdc2832314dcf7a3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
115f010eefdbc9deae164fe145c2977a

SHA1
06c464c3027e83272bb62a4034efe328fa58f158

SHA256
fcb9d7033406b260f98de546e5e7bf31310c20c827d168f63ef724211906a71e

SHA512
097b0ff3b266c8b93aaa0f342c562c902d747a255300dc12d2e9b87ea3a50fd2d27a8cb01b9b8e1d7174759f6bc08f930276a71974967f2ed941a45deb480b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
5717db3baf7470f07a968ccfd24626de

SHA1
ead4e5264584373a5331e7be7f129179c64c1f12

SHA256
e1bbd6f2da60d022e4127ec0323a21634aba4e89321c830abe4f01a5facaabbc

SHA512
071ac7aa61a26df68e17a09c024de31a6e4aac3151a3384d21120a140c0285094b430ea1b64e036487d556e3a17f29b268d1c15c92e9a12c3b5718d3be70378c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
06191489eda2bfdbd68765747ef37817

SHA1
d16b98a7a6fa6751c600993e8cecc6a18e80242e

SHA256
c470ae75af6681304a01ee203e515bea1480b8373e5ad1eab6c86c13a8b8f5ac

SHA512
d541ced3a1808feb0da57db91e002383ff2101d4614c4813d7f5884663bb056a33ad004e1fb9af0249e965c4f9e2a5cd4c7cf02e50e53c31e9ad0811528346ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
0841b7cdda67d3d1fba6bc3b49e6f7fe

SHA1
a3d778d78c249cac8dce549db7354a4c57a7a1bb

SHA256
68e4280a4eea73de8990763aae5914ba78eca595e226705d7296fe82fcfd8c97

SHA512
c035a4255455986fa3c97de13eb4ac562eaae6f1427ec11f6729539ea392e22bc3649bd355cdf447be1b76a6c4890e1307c8fc6fe475623e14e713e3f8bb5438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
e0fa8900a2e7ce35babe4a346431d3f1

SHA1
62784dd5167b7bbb1b41730d5452376cd0491ece

SHA256
a631dab6785d1e14e633dbbef4414b7ce1178ef55e59d09dc6312aef8c2767b7

SHA512
f294a25a04ab83e330947d0c7c1293ea83099fb5f152095f8436d9576aec364ae01439579f03d4a73127950e0dd89a9449cbe8fbd8977f39fbc03e0cccbda2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ebfa4b4fc7abf740a47add47d086046

SHA1
d9700dadf2277f036bbebda426c6401b02b08ba7

SHA256
0e2a54dac0029db5b31827627575f52d922b624e71adc6ea237aca6b202b3ef2

SHA512
720634f1ac9a5ea52243d9039f181a5286514b72f1a097343064cf0beeda9f5df471f75edc04e79bd198a892a31a646b1b6419e381a722422038755bd8883566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa28d8a31455840715adf89f0d4fdc13

SHA1
8db9ede8f9da8aba50a5aff8d22fa0457afdae2a

SHA256
c779b97114e355b50de19aeed92f6e85c58c940f15d3090830d71542f152ad18

SHA512
fafa2bdfe9acedda91ab1c8baa1e0413ca3ee20341ec198775914848efc9788486dcff8c2dedc28285c4095aa9b87c1b021d007e5324e7cc5d7c1e323b4c1c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cba67ac14f7d327745a8f9f0311155b

SHA1
728686a8dd6ba3368102457cf2f329d664f83b40

SHA256
a55bed267f65a371f33397faa88196f257b9824092801c58030da59d0e368c12

SHA512
e5843475a2da33148f1401980641be48f0d4d3d225a4954314963676adbdba10af8caf9f62c1205a4dbf07f4b9ef42790a993cbcfa482da55f7411123c1947b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23c2b3fc2ebec2e63fb7f507544621cf

SHA1
159843699d2915c920d56944a9c648093a6880b1

SHA256
0f4aad0e2a1cd91bfa2834967b6d04e807b933210aec5eccc3ddbca39cbf98fc

SHA512
dbc5e5b1cc4310c7b855b7cd726c124d7bbe91165435c0e96b8b3a1de17e7b44e1afd95d56952ccb1f41b4f882e11b3912f216cda0e4699797d0a54ded74c126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98b87d9ecf681ab2322674874318cb4e

SHA1
a978c983dc0b5a9684a1c2dfcac48cb8ab5c171b

SHA256
d510839aea6aa6d4cbdb5b707284010166a95d561f60ab29338b907f7d3383d6

SHA512
479077da0aed5259da885921ac2dc067c42743aa784ef16328b64bce72220bfab85e4b0491347edbc8f09ed5c5013d1c4e474931cbe322630d5c1ac0823ad7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
938cedd017db0b3bc174f6f0e26e5133

SHA1
92ecb77eae493c5110600c9174ff36a1d8619646

SHA256
ad147604a7942f9acb42dca8c91e1af6f96d895230b09828c9395fa9a93ced1c

SHA512
2252c94f6e67fb56584dd0e73702c4aff6317a60b78254bb8ae9f5d2eadc2618caa65d0aeec47c5e40c6d3a53eca75ac50d6c85defdb3c4c8d52f5a9d4ed4e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
92f9f834b940ca9fbf5a5a41e76a72b1

SHA1
6cf83ff78f6139cc3daa7a6c1d33660506104fde

SHA256
d54c732d50ba4901c454c2a300832e0b94491ab1a7f1046c1d0d3614095ab8e8

SHA512
2ec85e96bbb6457333a3e5bdf5c2ae6c6d266ae2e5d825ec20e58978587154d9034b19a3b84d8302b000aacd9865d15b3ebb25c2509bf246589352738871a319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
538B

MD5
8d28b5e1d798e86702ab74436cc6f38a

SHA1
d586d98256ca61964a3e7599c48658450c6b7b73

SHA256
9b90bf238b5b4d5e2187bde8e695b0f42d6605a6b1a8ee5fd9be2058da9834b4

SHA512
3272b714d13f367153c6803f31ae33263a5790d238cdc5755cd192cb70e2824a53468a6ef19337021b700b2cb9ac4c3dced29c4d2f7d4dfc5eab4d81ba10f340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
16b00bdfe6c0f333c0fc51ba00595ca1

SHA1
43c2187eab8753a4742ad10fb6811951d4da68c5

SHA256
531aba28ca54e1db548a949c5517bdd66833fcdc4a3d08d7f70c49ed4ab8312f

SHA512
7bfe9479c7448b42c944bc80cc9eb1cd816a9c63a89e67b09c9224e46551e8c200e78fc670787da31f2b63e4642fa9911b494d111b1afa59c5ec5f1df87c4f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366180960154815

Filesize
5KB

MD5
cbfbabaef65a48931b822e1cc7bf6f56

SHA1
29884deb2348d02a7f4a5e053a8389120511a0d4

SHA256
43912e372f1a0e470824057422019c53d935c2558ee113d7c11fb117d4892a24

SHA512
64f737525bf46ec152bdb25b1d5ec226dff6aeb601d8d5aad2479a6f1f4aaba74866da9e11d8e344b7141f1a372c2d9120cc11ea2f4ed7e78019d29915d34e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366180960363815

Filesize
2KB

MD5
0577f12513f0f9bcd7b2a649b6386312

SHA1
e90ff646622fa8e0c7e743e9c679ee6e95bce5ee

SHA256
986aa8c3eed9f5b5fffa163f78ed048a7a697832691af791d9ef1a0d48d74954

SHA512
0081bf71f9fc9fe3ed30f84a283be93259a2cf9fbf3042f254bd6cc1a6104f473a9dc348f1111736cf3e0635b292834b0a1e220685f485ddedb8e9f472aa1f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
9926c7f00b98c04eeca8c70b94b10e55

SHA1
fea6445f97ef930d212b50cf25830d43c1408303

SHA256
151e05b26d2def742af80c9fbae86bb1e7b591e676e467d703e4d377d30dd3a5

SHA512
a115359f2851d4e85ee7fa4b8c1cd283ab0817e705e6a20aa3d3bc9134818cae5c13d3e4120e6543d6a682b3a62828ff4aaf7030cebb8d43ed86d51c0ef386fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
59b48c946239e36cf74b952fc9321f47

SHA1
6eb53f882ff84efc56722eca3fdf2ff0cb2aa7c2

SHA256
d9fb55a8dd19f8ffe8b561ac2e378bd008fcf667827812b4681670fd2da8ff2e

SHA512
a04e25155bef8f5d24e47944a935eab3e0abbba6315455c451b1fb3dace932d1d95a1e4edb8c38db84fe88fa9029576bb2b9cf59146bf78d07fcf6c1526a3e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c844eb0564ee4986f781c808ae674163

SHA1
0c30f546ecf71d1808c3dcca1e259a99ef08ad04

SHA256
69c4864eda5489ca0c4bc12935aeaf344e1d7270ae54f78d764e127f225b70e5

SHA512
4ac9fb96418fbb78294a4660a78e92e1bea77ef4d7cb1e4b41976994a1266f4dbbd8a65fe9ae0c5a00515642418b24f047000024015225841af57d74cc6fc399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a0905e803d0f0e661f62830769ad033e

SHA1
92bc451a99c41bf672ed3ad2d321456953efe702

SHA256
fd51bb750e7b76f3fdf084e0d8deff0a9a083945e848933aa50b1020b198eab2

SHA512
ea53d9bc48b9190b385960de348c74d581eb3e9b9aeb608f5e2b40ade2f340b46c03d6a2512a1eb5237bb3d1b1f1236fc64761b115a769c195cf5e1dc9a5423f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
5a043f730fb930ee269df0c432b302f3

SHA1
b44afd79dee88d4134c6b6340d86c80fa7c86d0c

SHA256
741b3eb9fdcfc8c6db7d191f34cf70ff9fc4b2046831dfba6b74132ac7987c6b

SHA512
fce2845cbced0499e58313764cec7a4067e1df6572406d2e2fd706112c3f8cc0d71c16744e6cfb120ff9bdb16aa046d731381eb91d72aef917d7e5fb7c55d92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2ea46dc408631a87085e0bad34eae02c

SHA1
5e23ee3f3fc240bb4d7c20b9cd30d7a4adf47932

SHA256
19b02f510eb3731d8bef46e6b51f95d4b1590c23226770106ca1000787fc2017

SHA512
94b5e3643286e388a3bce00d88b1364c7c1fcd3296d37d8ab4a4e85d398d62b2429a691780f569ab17f1eb375a99b73fb4dd21a6d5fc7f5d0099fa98b10492bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
c3b5efbd127d7b3e3100c130b3392379

SHA1
1b85db3eea3707d3885fb3ba7c4135a3e06f819c

SHA256
bec10b599f3a81f255f75a43dc65623a2df01e190bd4446ae4f0408bb11bb0d1

SHA512
e7cd696d72adbd293575900ee60a8cabfa9d293eba07dc90e3a3a2f7c93a3b00d44714c0b7b66863d42c25510170f96b41cafd1da2d0ebb22d4b2f27c2b31569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
012ba359e1bc01fc09ac56129c919036

SHA1
563d404798788012f2997561a74641986d108d5c

SHA256
e0586f7406cb8d2c8156a6fdd0cd1c62021298973bd99f9883b12bdf48442972

SHA512
868237770feccac989ca229ce606c37aa8ecb4394e75df57a3090c17c2866fb32f18b41ac27642f9970ae4f8de0935a8f95ae7ae707eac5fa409ad0ffb729930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
536B

MD5
d04b04e69436ecff20f0cd37ad312dec

SHA1
cd645ac48fcbaac3d1633dd136771790a0b88b6e

SHA256
3449002252fa36f434cdfd84fda02c6280fcfb5453bb25a0864dc80cd7cd7ef1

SHA512
5fe65cb21f6d4523977a766e8946d35ffda7eee34d0fc5eb07bd0a7ed0a3e86addf08d30eb658ab36a6bd1e95826f6305200fcb242470380db5c1369b32be5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
7af8cf131dcc2e41e31623d676fecdec

SHA1
9b0678b5f4b2be5b2b7783f792ee427c62434ca9

SHA256
c00db6391f1ec31b343792dab7317fbadcbaaa49b3735e6850f62c410749e68b

SHA512
8dcb01c1853d5059416def6b8a33ab826c5356323a2b2c0f70da5bef953b09b5faa3e14ea7da7af0dca5f40d3285ae97c9f4f3b50886db47614432cd40a34d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6b8f4ecdc01574c905f41bb3f3ce13d3

SHA1
8f09f48a5af538eed42cccbe1cb6f9fd4e32d628

SHA256
b7545f5ecc255c7403958d29b2a21d7a5c98ed939e2147048d3d90bee915a312

SHA512
51655ffa82bf2222b75186997eed86db58796346af0111fab830e11a6bf528f34b4779cc5a1b075f73bb0c5b64b9fed11b4c6605725c3acf9449ad36cef43e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8f72b1e0caf06675b5287d5b64f76941

SHA1
ecc9a473d67b6cb3be714af728562ad9f1f021ee

SHA256
bf8f7fd4113f09b0bcb6603106ed55ec5bb08f375581a555d6f6861cdafbf58d

SHA512
91ab109e14f5c37ebbc04d9710bc74c13a505de5801da88bd72f20342d26fd1bc9d337a5be91422fbb8a5f8dff3a74e3273201415613005e42f6f85cfd43da70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
dd7a82086ba2cd9818153175b5aac5aa

SHA1
48d20a0a701ccc17cfe2e1a16c8c0804e0ea2893

SHA256
6872be9a874fc92af700c7b52622e5e5f86e53b912785c796ca9f47e72e03b22

SHA512
03432f6f9ac9ec1439735c004de4bf8ea1688946c2f1b1a3f065d4cd64346b780c5921120d753f17493d9fe36beb9adfc553a65566713ccb9c962fbb2eac6add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
458c8e2808a55aecb22118e048be794e

SHA1
185d808caa27989d152ad9b0a3d3ecbea22b5fc1

SHA256
14100bdcdced56af85aef0a57e13a2f639f0f5bfa322a23ac0392138c7aa8119

SHA512
3645e121a67fc11b295837bd42729fdc706e9978528da73c48b9385d22bd5537e40ee1edfb3ff215936937f268fb01122223dcbd9dd730790c5ff1d491eb26ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d2bc8b24a6dfd9db54a1677e7705dac

SHA1
6073cb9d74bf0a9d84d734fa6d7aab32d1b3ad3d

SHA256
a1a45bf66e39c9f1dde6842b1839c4ff54826f5375ce04188afa5260b2de608f

SHA512
78e7ffda8be148f47d4c226be49a2c89c2e8b143f3eed12f60113e4c6c54b4db3e14dcfca64099710485d5682992bd76b9fc27b992787ab782376f4462f06a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
196c38a8bef338ac67282dd066f81023

SHA1
fa2b488079d4f943dcdb118d30f60fd93917a6b5

SHA256
9d492402de3c70876afb253c7e832dea027f5ad12d3af6c498305793251d723b

SHA512
e549ac147135f5724b121f460d999cd3f854c93d3862ca70286a7e8bc24b96ef44d4679ec899294f1fbcdf7ea3e1c27db900ecb0a61488b35d9cdc3d07e683a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7c8ac4c0379c58f3339e0558d15e8a25

SHA1
d4aa7d80c23e55894f1fbe2b55b6051a4f9d9ea7

SHA256
59973235edbe751c672bc4b32ba9e9925a01b37e53df05ea5fcb2b9954b84353

SHA512
31ad5de4ae4721f6803a62d5060f52a673a71c0c5204fa13c600e1b1d4476be53fe8b1286c37b5cabba6026c5dc1e73ca5b82a41a5ea5b17bb99ba377eb2bfc0

Download Submit