ccdbdc7e8e807ced8202166730ac4e602fd2a3316f83d805f87dcb233615e918

Analysis

max time kernel
136s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Orbit.exe
Size

6.1MB
MD5

fe319e98639caf5b1f885cf3627094c6
SHA1

0b5a5ea5486e0d02edd249cf9e7842f0f59ce07f
SHA256

ccdbdc7e8e807ced8202166730ac4e602fd2a3316f83d805f87dcb233615e918
SHA512

a1eb4e116ff68bde28a09d74ad5c12673cead3e4baaba539e45f214b3dd65ded71cb0524c1d5c42436fbf31b58d425b1e11c0646aa4e1c55bb34076954edb394
SSDEEP

98304:r21N0oAdwJlZTodhdM7nColP5rKkN6FIUzHq6Ay4Nf4VXyR1cU8bty:0m9dwJqI7VN5rzYlzHYy4NgpyR+

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
28	discord.com
29	discord.com
30	discord.com
14	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5072	Orbit.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{13FBDBA3-FEF1-4D30-8F3F-FECF85287196}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5072	Orbit.exe
5072	Orbit.exe
488	msedge.exe
488	msedge.exe
1132	msedge.exe
1132	msedge.exe
1020	msedge.exe
1020	msedge.exe
5184	identity_helper.exe
5184	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
3272	msedge.exe
3272	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1132	5072	Orbit.exe	90
PID 5072 wrote to memory of 1132	5072	Orbit.exe	90
PID 1132 wrote to memory of 4272	1132	msedge.exe	91
PID 1132 wrote to memory of 4272	1132	msedge.exe	91
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 844	1132	msedge.exe	92
PID 1132 wrote to memory of 488	1132	msedge.exe	93
PID 1132 wrote to memory of 488	1132	msedge.exe	93
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94
PID 1132 wrote to memory of 3692	1132	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Orbit.exe
"C:\Users\Admin\AppData\Local\Temp\Orbit.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/oauth2/authorize?client_id=1249396591333212170&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fredirect&scope=identify+guilds+guilds.members.read
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff9efb146f8,0x7ff9efb14708,0x7ff9efb14718
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:8
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4764 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9080985831785420701,16960879423181057892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf0f51f0dh0b91h4762h8224ha5483102a802
1⤵
PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9efb146f8,0x7ff9efb14708,0x7ff9efb14718
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4506015280830917268,11548742641643808744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4506015280830917268,11548742641643808744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://run/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9efb146f8,0x7ff9efb14708,0x7ff9efb14718
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14228907744199590714,17157791784740333436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14228907744199590714,17157791784740333436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14228907744199590714,17157791784740333436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14228907744199590714,17157791784740333436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14228907744199590714,17157791784740333436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb7d9ad910061309bc3f8ed845182081

SHA1
37bfff11a351d46e44bd4358b679b45a8ce4498c

SHA256
779135e85a2d961f3dba5690dc54e49e57b4a008edc0b487f0d8de6a01a5913c

SHA512
f2e6e8c4df7d57cf01912b2041c78c3070dee1a9e3043b7a8c808c2c4b27eb3be52a1b8f0c80e1a2b800ec48f412bbfca76eaa54575d99448aa0a5d08dfe8976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2b36bcbe0b9522375bdbcca6cdb8249

SHA1
d3081677b01cd1e6879cfb34c98ed82a6e9c3cee

SHA256
2e6fe03daf2cda49400149ac21a595583b46a6a647df24a1186d9a18fd7e6164

SHA512
1b0d3a65984565c50e54a91769f83c041d0ff775ef53e6772ec9502d721c548a6afe489c6ea0b108ff74654a7bdede65905288a323c0cd51dea414cac46f9ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d1e3a8b0a54ec3a494d590ad82bd3195

SHA1
c3c3c3c7d6405638c57e216dd8888aee00b11657

SHA256
0ad5767ba046c2709f617e2762dcf39b06ca4249820d62b96ff4c709a40318e1

SHA512
1b4617724b136b89917ea8810d7831310dda0f51df1b8b9eb752966583eab5cee1ac44bb34b53e86b729bae42dd5a6673ccce67bbfcc3a44b0d529930fd8fd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
74983e98d82e0fb2994c038d2e10e44d

SHA1
89af4e2349d96abc0f199bbd1e556e175a02233a

SHA256
964671cbdc4404ff3f6d5cbce17a61670fff4d5df0447894ce24cada47457734

SHA512
9c52ad758810fcc2a975290fc4f84f8a8221733dc538af6a64d0196948ee7eb49878689c58b3e7943f6ec045b283a67095f45abab40141c4355cb0d2a054a58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9f91c4c9226d80f0b2a66489a7aae87d

SHA1
22c0ec4ccee687d0afd1b6039cf79dfdee94e5ba

SHA256
a04dfddf882de6dad186f4d25941ebdfa1be60183b052fff69d4fe5abb6a9387

SHA512
40d0eb13342fd0eb7073d1eec06989f6ddc5a6ceb83051af287b890697c9cf08ece8483cd96901ce0da015d35edd0b04a2796ce4badc29e0d0af2056311c71f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
2126fe2ccb38f19061bf272e8ea8c6db

SHA1
e56b5024f4de1523fbb7ed6c08cf62040623248b

SHA256
f1ea0eb31138468b3456fd13ec3ff4d109887f3b4235a5caa45a6190955807e8

SHA512
83c709c1ba166e51a9d9ef6b5a07893db1df815267e12010cea344241898eb86ee79497615c66a650190b3021dd299171e6d8f66be1035ea217da15d81438d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
aca2a7e1022941ee02260fd82901291d

SHA1
1f1ce4dc64954b118834894d345596ce8ad3ec89

SHA256
5d2d42613ae69427fd5fdf752079787c27688af1e43a11507d67d1f2ab39e41c

SHA512
18c8041630090149303c42186387571fde040b3fa763448ec4fdc7ed906bb12d0b21642babd296b8c859d4861e4f33d24cbe9e215c2dfdc3390cddba31104074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
1b09bae680aa32aedd3b621fe3a35a83

SHA1
fdf1dd8f77c653c3f789ca0621a32b0ccf19320d

SHA256
c4fadb6b8fb8901eebc973579c6afcfa4f7f65d1bd483a52a3eab48540b6e821

SHA512
546ead202a7af30348f8e8ad1c8c728ea45eda061a0000e443c53af93ade60ad2338a9439868a36513d5a165422d14f0c1330a30a50d2a35cabda8a7d59afc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6fb629f6530e94c39a1b097eaa7c199d

SHA1
600ef0c6b0b8cce00d3b02b4dd1aaa4a24bef3e8

SHA256
a1f0caa78fcba5346f0d46e005ffadeeeea7e712e6850241d2617353e9217e13

SHA512
e984ef51b42b702953bca90609e3f8952ef4611831963c6c4a64ffb52b7c8fbcb12b5d5aff204b78c69f1e70387eaf4786665e12dba09565ff65ead75c9d88ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
6332c903cf2a48aa1839af1663492143

SHA1
c65c3430992381833b68e756e2d35da08a7a787c

SHA256
57f40cb18615e43df532c6ad3bf0575063609c5d5dbe242cfc04d53e17502d48

SHA512
895b07503f4c38b8b8c4069e0c2eb736f8bca6ab696735ac3441e2b67eece5170ea03390881cf5ad4da9a644b7753cd1cb9b164698573887ef076fd8ca01e5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
617e4cf8463646bc8bd00a42bc23ccfe

SHA1
a5845c7d9b8c93db26870fcad6994190df2b5eab

SHA256
e0f3061fb35e93e1e0372abcca03430eb044983fa59286335cdbf4f0a1d0820b

SHA512
4b8574787e4fbe26db5cd110fc22a06db256e5988474284c9a0df5b941b6f5978065c9c77fd31ef5dfdadee6dd473f9743141c14696c8b4ac963b86ef7029a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
220e1b4b6b9f441278561dba887e8219

SHA1
d39395a80943d7fdc692d6da514fc3c976b78daf

SHA256
6e777f6bc5eb89312fa7d17454ec76775a59910b323cf2df1f754dcd26066d65

SHA512
f19b993045153273ec1670f35d548b7c5e912a6df09e7e8333c6d2969f5769195c834b495c9355f922c257c3f97f3c5ddbc5f1984e533afaabb03070d0cb1a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
3292b36e622087ce9fa5b5dc3b6fc752

SHA1
da2e70c8c503c484c418a321d9902b53ade8a9df

SHA256
afb677cba4c346f2c6b2a936dee96493603252dff6d7feb203f63dbca1cbdb34

SHA512
d3b460c5832e092ff6f5ce03df5dec0902ec8f2b524b3c03e4c78078ac1ead6c35df680f2cac10aeeb3efcd3af9db830682a757d00e2dced4ba2844796825042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fa91dd6e821ae44c2f48512d01598493

SHA1
432c9d3e2dc489f4506d96769ebf0cedf2d40859

SHA256
9d91c20b845a05d3e5c93643c5f824b8042a73be7846fc6d4b4f51cee1d09419

SHA512
2bd2e6541efeafb6a42f2cb0aa401b00a2e0c9365401b984b4f6d86797da69db536e7fdfab77674e804e204c70908452340b8704dffbfb2a0f75a71a1399ad62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
9c72f15f05af2a26aaa7d6c10676ffed

SHA1
eea9254588ed87b28438e6a421b0767467c3fd89

SHA256
ab8f6f425d8c603a0e76e7b88571fb155987a09a015b735a08e6cbd758f9b8c2

SHA512
de5354e77c0d6195775937ffa84d81a9fdf72bf2fdbf0226efe52e3f9a9466f5c89c096d37ee34556067804cc28ae2426d909b9244ac60b3beb2b607a5517f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
7050ae85c033797608422ba90f23933a

SHA1
45a45a7530f98aa823dd31201f853c9088b9ef4a

SHA256
258da419c35ea44b7d966d6da42f67593a7e46d38fba669afad6ed46f95e8259

SHA512
5266303f9bb6dbdcb269b31d0f4854924c119a93a645d1ef0427c08642c50a5787b51864b5ceffb540d525058b8bce9af694faab74b3ce923d3dda02557ddd39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15931060279451b530f5ba4ca5045b6c

SHA1
b0e64d02cef332518d83ad00254113624411830a

SHA256
805296dfc4e1d21eda9970902a11c41b77b67e8d9e1f38f1da162d928a284dcb

SHA512
164913630d57bfa6b80f9f9070b2fd6b7a9ce1494ae6d0cd5d78685ac79ce30822a48a2e0b32e03f826bc5a0f3c22ed8eca25eee0ab6a4a331cc7618cec50b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d167982cff4e826fab313f2e93b2759a

SHA1
51af310c81268c10a0d15eae8b23231299bd2ae1

SHA256
7a1c64652dbe668422188371c73a6ee8eae1121bf8f1ed76ceafd106fd2cce10

SHA512
af22bf7c4c26a1b2cb5fbaf7ea7133ae94ae59ca3616874e4d25693c5e773a62bf34940b54b03505a82915fae3e013e9b1ab07399769dddd629d6c1d44499058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97f78cb36b66fdfb407df4b497448f6f

SHA1
56b0e6ccc187330ccb6455d943ee463fefafa760

SHA256
0c38e9262f455e0d3ccb02c0f08bf92c38312ae7a187220d0fdf39603ae5812b

SHA512
075603ee424a17ff4d87f074b83fef797d58c1d53254bd2033308b61f5ff0ac237a3f1e968e5d91e757324dc7ee814490a5c9aef3cc25bf258462a509d65f668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c33503381b9696b3b69479354c8f5e25

SHA1
cae7edeee25b33123ff949a453d523c0a51b9dd3

SHA256
a8c7df55b46e91115c80a1de866d42a6b601aa8d4d78ad137c5a39571cb1a86e

SHA512
3ae78585550e1ad14e3066c829da4d9469fa9965fb780f31db3fb04dfccbd0e270a781459a448b5b623725a7fa14e35b035f5de21a08b3e8765cd5af774f51ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4734bd2022046f82d42bbc1a15314f66

SHA1
4a8e139d6aa8e1057c20259e8fe1058c2f31f610

SHA256
1a4514735f506c0d02dd56616c73da64f6a839d9952873e8ed47b501dd8f72ec

SHA512
62d8981be3242732e6f7b067909b05328ced3e461cb589c69bc06a7a6f3af23edd6a2abdcb21fa4cb7faffff7e655978bee8aa57a8f6f41ecba78f109e49f99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
501B

MD5
c9be31b5c29f6ec2b83ae949b8817f80

SHA1
90058c6ad13cbca49278599eaa2dffa8268934af

SHA256
32fad9d4dc4afae80f48ac6f370d94a655f965fb416be40fe98294459c369253

SHA512
1e73ab5dc2c4392f30b1b52269289aec7d0d5f3585faede70da9584e0a2c8cc2f1a9a2f34248a4a28de712302bd86db73e4c165e8170cf4b9f0e1a9c8c258289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7d2877172e0035181c799d3048e361c2

SHA1
b618b0a91d9409d1d806b9568fb2e72a206d9372

SHA256
df1775b738d5ef1f6ae8fef1ea36dc8a9b1c36f069409419efd24c52d1251bb9

SHA512
27cd9914a4e8860605f10e37763b343fb555191b847666910d035a96b85c64e802e1af4014765a440e399593d6fae8f8088a4f9e31fdc0dc1a55af2bddd949f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367869240816109

Filesize
8KB

MD5
563376942e30cf0f3044a6770ca3c936

SHA1
1ea3f479ac8ff3ebec51e28f3dc1a2f3e12df35c

SHA256
c3b9ec4e560dd0ba29a434fc8da821e898ade96c41c07aeaa65146f1b11562ae

SHA512
f7c6930cf40c32a06be687869a880e6b30dee7a5a74b205e03f288105afc7ed42f932ca642bbe3859088e95d8b6dc36d12c54021117b586ec74969ef15131f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
09c4dba509acc09936295f989834a872

SHA1
0463dddea4369f10647ee2f79ad7c6680acc3459

SHA256
918085d0ad4f528d3369004bf1157087483aacadac6b116799eed5d4c9954f0e

SHA512
c831dc94ed44d52dc8b80704ce9bcd9ae3c86009365f88609aba06206ebcd21d8598fee42ac0fc9aa5313c113aa8d4051a159f78fd951c33b80089c908f4b4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3d1b3283a8f98275230bcb5dfa37ebdb

SHA1
a44ef4e20292b5bc551278d1ff9848e6bdd8bf3f

SHA256
6853d0bdbaab8c576c63a5124281751d11a70d069cdfa3eaa8aa3c9bf0d37eaa

SHA512
e8620ec26e9b1cf5fe38677565934868026f99ad5944b16dd00fb43be2e4cf054a199378451d60fed3e6d7721f1e26b991f2f5a9e9c487b93d94a83abdfdd338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b96e9bd7e4830f8ca5775cc7423fa725

SHA1
b68162c476ea974eaaf4a3de4ed4caec94458c05

SHA256
f143225eef1f6336875a1cdf3e5cfb0ad52402e81818e88bc267f6dd2f37ab80

SHA512
3229677377b151414c1cd8e794e73c94bb6d67584a26ac3383859b0103df8663dbe6fa0b30347ca01707f5711007e0eca4b6d2779b15374ca1925441fdb930d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
107e48cd0ab4d3a631fcb888d1ca9597

SHA1
c6c8228a3c73ba32df6e453c2d2e9469b69c549b

SHA256
917d1fca2eab850a38a4054122ba460367864fb0139e4a6bddbcd00423fc45cf

SHA512
bccdc9fc2c30edd71e8db0603f4d78c97c4eaa6dd4709a9490e907153dc8778a239055399827a5c95665807f76242bec9d5fc441f4a9b3dea8d9ed8822d00f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
8f07efeccd241170a4d4b5cc51a2599a

SHA1
54b009ed4669b37702bd9eee51a562657db068c7

SHA256
f4ff981fa32d7386bb3d5efef05b4f5ced8a905094a595904c78256ad388760a

SHA512
cc2af1458c1567bafac3be792dfccd2482198800c0b299662cbe8eb34a122483c8bcad273ea075e5d7d9496de222f85dc1bca3e97fbc279dfec8a45ea6ee91c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9c504c7ce08be5017d509acbc93df22e

SHA1
c92a95aff0027c3554a361a34c0ce73997c1cebc

SHA256
6ad93d3456ee6b8b02b132142d8ff48c58dab71585ca965c6e0039b33c79047b

SHA512
0a66e4a938b375294317e57f6b035f2357dc6fab34388bc20f1b319f7a783356d0ba4498dc259cc25bb265aee067a4390e1efeae38f436c33549a8071b5a1268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
eaab074577a4fa1cf551a2772d9901ea

SHA1
20b3dfa56a8c53070337336051db71f2d0227351

SHA256
226975ec761ab23a5581af642314df2420775942229854e8374be9dd69f6725a

SHA512
b8657330894342d3496d21ecddb4e926a41aeffb1b36f9830c1c17d172887eb8c7f58d1352d6221c27b1e9d3f27d1b7ff491b3fabf387c6dbb9cf1a2eed42c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
f7a9f68a45f5097b65e7ba77a50e93d9

SHA1
ba17c75b37fa9a93a735fa52e8006f86e398158f

SHA256
b9a498b0cf588329be4d25bdf95c73f9d7d609b249285c7b2e079714678ccd04

SHA512
c70a532005c9a0dc5751c0e68ff1a89e3eb7fd5a6031fb1105ecae7c2cf684c25ee66cfbc4e7f5b50e49bb8b1923ac7429bb6db0d09f7b842440aa3ebea7fd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ab7f2f8f728ab1a519ff95e6af07c963

SHA1
e6ce97351653d327edb286b552c5faa7b4fb20c6

SHA256
76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d

SHA512
cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
b7bb66cb18f43ec2f361135c7420f6b8

SHA1
d7e2cb597a60a515c449a312da31aa4d5aeafe65

SHA256
a7a5bba2dbab4897c9eeef4bfba27209fa10f9a9460b8b91f6fc9887e3152e8a

SHA512
db10ca8e9c4cdf3f896bcc5b6442e4763b988539e4997fc7f5b9e1957e80bd0289c83123707d387ead0ff98abde99324544ee1f2a73aad0440662843ec80aae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7bab83232cb4ced01d657503a1aaa8ca

SHA1
62c29ea01e71ff768898dce0e705c4952152a6fc

SHA256
71f0736c52f65af04d3d1b2ce035320b2d28435611b6d0f97712458478fcdbb0

SHA512
065bd7eb7bce77985c2629f5ff56f9cb8eaf47f3196b227708d558ba028500274e5f936917186aa8be4e4a990dae517304602d436a92c5c2c51c9a49b7b3b1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4ad816ec8940d625db853b95bfda225d

SHA1
6cb6d6a082dcff87c2eff642ed20100a72056049

SHA256
502ce62f9896e08ccd8f5453400fbdee44e10067c4ddd7423b0ab3586ddb0b07

SHA512
3f274cef26ed30960942ae3f4eb877f38af96b56fdff1c485a72a2c3b7d7094314d2f73eefb389fcb37c71c8cfb5c118679de3b4afc8f7a950d966636e52fa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e986811d520ec1479e0f5d6d9b313531

SHA1
a5e2dd0cb50583de5564906fbb686e9872e47f55

SHA256
f7cc4b8bc821deba24657f088f6abd73d03abc370cf79f6d4862cf3dd9547d04

SHA512
241de784912a330cde28470e4a11bd525930ac0ddaa0df5c3a833cf20ac68b0a6cb960408be06ed7bd69ef747e25b7de885a3d82ae3512faa1314174b729d2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d

Filesize
17KB

MD5
9548854eecf5dae8a2966643145a8e6d

SHA1
8d8313816a0584ac762ca2e7f1e1737306da3798

SHA256
54eeca0dffbcccb488b055dd02ea169b16e7c421ea809a8d476ad5c3d00c264f

SHA512
cde609b619258b5999325e6a2b00c22b2081995f95edbcf4a074b6b4ec1a3b20910a26e50d35544ffba3185c0b5d7ced22ae694dc523f6aee2a4686399f92f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e

Filesize
16KB

MD5
808684f521065888d8a375f8bff90a17

SHA1
eca380de3eafa04bbb2e44dae8ab549e5930db0d

SHA256
a22ba754f580ddbbad7babb3e2d70d6f0ec85a9813252bf001ac9b33868c8b4e

SHA512
eb8df479a923880214ad2298fa49cc67d2c48d4fb0b821d016a0bf94f4730a6e5e279f8216db9b580ca89394680af9d5acc87911cceed6e04b35d484214f503c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

Filesize
20KB

MD5
1b9e493ea6e6f254abe2fe4bb27a13e5

SHA1
eb38f0a0c112cd919d7c36cefa0e24c291397e9f

SHA256
1653ab113f5f161edb1e149b208b6af6a4efa7ba380acd4bd79fbe4a04bd1ac3

SHA512
a2e80ebea938a76069adf24b98dcfbbbb0009e19346b3953eb5b20ed4999239af5534d1716c19d41957bfe58c8b67c43b62fedc137b16e136f719781ea1c0370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010

Filesize
16KB

MD5
8dfc735c1346063140116b08c847c113

SHA1
bc962423b3338b20d36d2715cec5a41aaf856f66

SHA256
cbdfd737983e9e128e7fdbeb815f69bd94c338de2535adfc3c2e0f40d4d70f10

SHA512
68918e970c317ade1ef532913602ed87bf5132a83ebe445ec9e838139920b22aaa8bdc0db8f3bcb5b9a127b779ce50199a5ce1c606ce06a23c4f05a0b63db43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Filesize
17KB

MD5
a2a8d4620524be9eca7f61eac3fb3c52

SHA1
68caf758966594d7c2de8ae9430a6b21d76eb82a

SHA256
39f3ff198c8f282157f3c4fa3e41ac5fca9954a9780c2b4cbac94e69aafbad3a

SHA512
682efab9a1c9709d6d66bd86c73624160108df4eb9cad89fac62e2371ce3078cf4f7303c9b2dbf37705f4e0ed5fca1cf2a8be8fb504d685ad2b10dc7d9dad59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000012

Filesize
17KB

MD5
517bfad588ec7851568b098f07f91b91

SHA1
8c1568e6549e0d544e9e6f4bf8aa0d33141171ac

SHA256
0a592ef27e1181262cd2edbe7ba33463105425d0517f52884a162144c63edb1f

SHA512
981e768c6900964635571a0ad2f12b10687ed215d7ad608f61a58ac294f59224e1f74c58e2c3779fe79a2f146cbe6d2f61560ec054b3de84c1dcf11636be932f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013

Filesize
17KB

MD5
9d94395346f6683bb6b116c66d2b643f

SHA1
62e3103ae9b8d5eca5b64a2feb18d77ce925c864

SHA256
8eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982

SHA512
7eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014

Filesize
17KB

MD5
f0d08439cd47e39ffcf4db8e4ec35688

SHA1
2475257b6eb81c4e2b3c50097f485c7d5db6cf5d

SHA256
661793d32c8907806879a1ec589738d80015e9d41faa5eba109e7d2534c6fe3a

SHA512
616a1a805d914e49b140980e588cdcfdd645f4a3630ecf52ca3c73706bef6cbc0fa6c35d9f24444b73db1b97a3294e35e47014ba7aaf2f0171ee85d3b59ba655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000015

Filesize
19KB

MD5
a23cdd3c23881bc62921984b149d44f4

SHA1
022409d277b33739657826ffccc741c16309401a

SHA256
d67ca9845f60702efbbc4478ad7737a872869237921e805dec7806211baf2b05

SHA512
d7a1264274d1ba59b725c8844a55d0c12a5b4d91018b68a52e9ac9830319c0102793582f9449881f076e3038fed25a2421280f696497b4e762f422ed50cb0bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0691b46ab64ce3f27ca1c96f3cb16fd7

SHA1
4040b7befab4e9cc50a05ab170b188c1eaa320e3

SHA256
8ab8ed08b5d1ebb1ff167f091d8cc3f6d969abcc202437d1ac013793c8732781

SHA512
12b048dcdf82e73f8a543cd2f0ca1d9486dda04b1c1ab3f26d560ddfd4b89e6cf930bbb50f7de91f0911d0438bacbce6f26c74dbf28ff5cdef1a08f94d4cd902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbaf89cf26af6cbe2413d89b746136e7

SHA1
0dd112b3e2c1358662672460c518529522ae2188

SHA256
3386054344e51e1e1ee78f127db19355a42f3fe4b8202e819d7f7a172ef0ac81

SHA512
873a5b97d653910e8c2868a1979822004a9937971f502990d7f4112fe2f9de9e6e42faac83623e1c0d4310f9e12ec3363c19640c6338f77624fe08ae8f2d3428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
227c4cc14ba2afe9715e41d0ef7ad8e3

SHA1
8990541e18208e3127f131f465a23484f18dfcc6

SHA256
c15936fe28516fd90a3a44476ed1a29a4abf26b6c6f9485a16e17108bf0766bd

SHA512
655a967e7fa31a950625072da5a85b1fc00060cb40a68d3049d80dc0e0724f744a8196711a5be355da2752d64788428e117a8b1f2cf6002e87ad7e3f5f64d63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ecb74818131734591ee4ea297070dc1

SHA1
58f0191d2ec0de13a6bf6f1cbfa1ab1b912a5ae1

SHA256
7521f3e344fdcc17ed0bd71163826de357f0aa88b445db31bc238bd6c4394997

SHA512
21e58c04d0f877dba984ab20199136faae4f8685a1cd04e543dd5660a3eedbd7a17cfb6f831e57380351e4d6a0d3025af691ea53c87df86239c139d0c61eeedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d923e3ca79e986876c511ace63e9bcc9

SHA1
19e1f5f3e9cb97aaedfe3e264a83f332c30a277a

SHA256
923745cf0207ff9b2bee3df0dadc2153a1e6d201ae4d9386d6b5fec9f89ae07a

SHA512
434b70191fd213a84d5cb1729f141d2e51db40c0bbe191128bab82205c651db8d949afc46e9c7e7ca5e824d71c626aa0889e85cd209957cd2c945e365556f6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
6b2d74ac8268c7058f79d92a55c23266

SHA1
e5bdcaebff2fdc63a89b7501748357e6a44244e6

SHA256
5d8348e72f269a369eb250bf502bf4e1848276a08ff728467800c63696d546ea

SHA512
47bf222a61ae9d8d400ca93e1588cd2c542c7be3066467e2b8107fcd967953850cb581d38fc2bc30d61aedee7df71ab6552bdad7eff388758b8cb4d408dd39cb

Download Submit
memory/5072-7-0x0000000140000000-0x0000000140BC8000-memory.dmp

Filesize
11.8MB

Download
memory/5072-0-0x0000000140261000-0x00000001405A8000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2-0x00007FFA0D9E0000-0x00007FFA0D9E2000-memory.dmp

Filesize
8KB

Download
memory/5072-1-0x00007FFA0D9D0000-0x00007FFA0D9D2000-memory.dmp

Filesize
8KB

Download
memory/5072-293-0x0000000140000000-0x0000000140BC8000-memory.dmp

Filesize
11.8MB

Download
memory/5072-182-0x0000000140261000-0x00000001405A8000-memory.dmp

Filesize
3.3MB

Download