hxxps://drive[.]google[.]com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4648	msedge.exe
4648	msedge.exe
2004	identity_helper.exe
2004	identity_helper.exe
5852	msedge.exe
5852	msedge.exe
2860	msedge.exe
2860	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3008	4648	msedge.exe	84
PID 4648 wrote to memory of 3008	4648	msedge.exe	84
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 3020	4648	msedge.exe	87
PID 4648 wrote to memory of 4784	4648	msedge.exe	88
PID 4648 wrote to memory of 4784	4648	msedge.exe	88
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89
PID 4648 wrote to memory of 1864	4648	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13347342001541627687,8660900601388970357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14302833746532132913,5575178404931492394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb7d9ad910061309bc3f8ed845182081

SHA1
37bfff11a351d46e44bd4358b679b45a8ce4498c

SHA256
779135e85a2d961f3dba5690dc54e49e57b4a008edc0b487f0d8de6a01a5913c

SHA512
f2e6e8c4df7d57cf01912b2041c78c3070dee1a9e3043b7a8c808c2c4b27eb3be52a1b8f0c80e1a2b800ec48f412bbfca76eaa54575d99448aa0a5d08dfe8976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2b36bcbe0b9522375bdbcca6cdb8249

SHA1
d3081677b01cd1e6879cfb34c98ed82a6e9c3cee

SHA256
2e6fe03daf2cda49400149ac21a595583b46a6a647df24a1186d9a18fd7e6164

SHA512
1b0d3a65984565c50e54a91769f83c041d0ff775ef53e6772ec9502d721c548a6afe489c6ea0b108ff74654a7bdede65905288a323c0cd51dea414cac46f9ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
ca3779ee20a890b8287c118158f91c11

SHA1
8807bfe57ad2580954c3532ef49ab9b675793b93

SHA256
263401e974662b8b912c7b626989073ff7b8ce7c4a9f1d3ddbdade7570536678

SHA512
e382082db95781daeb40e2f5a20a3c8fc97885c5fd0955b5ac7258347196678fdb94b7a768e434d72c364b6e151da047dd3b2816a111d3a68cdb94986e3856fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
8e1c9753a78b74e8fd100fba7f30f855

SHA1
fbfba850c776c398e9b24f693340c7c6fc5ebdc4

SHA256
47b69e3bcfadcb9caf118f0f3a712d23a7c015553c93eed782799a1b070b3626

SHA512
d074ef1b3e27fd9e607b5aad34373ead52354b03f40c0e48ee4810052e807a1367ea576f6d46196cdb3c4ffcd8f0b7c73dbc6ece6085375d09c3449ecccbb44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
784215270b239c8f269a311ef6cd7446

SHA1
ef11d98aa41588e9bb95ab25c6ad17c48a67bd0c

SHA256
f5020b1be3400ca51661f7cbedfd18f3f06aba87d02b83c93e83d6d9c5afbeb7

SHA512
20e00b1f724facd98debeae426fcfc747cc957f6265c7a415297d724030948af1c53c37c8433ccf73742a9f27f1660cb9ac07614065a12915958e2a5d75c4e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ec5e2e0d686cb8cdf6481ffdf0532eaf

SHA1
ba2f6abf41531a00653cbaa0fef1b09ed03accf1

SHA256
fcc3bfdc2027709689ffc6fde7d85a17ea763dc3224128f50d8e9ac58121ee01

SHA512
eaf40298808191a03ca2c0fbb4ff705ad6ba806cf208d61ed6e5a03aa51099e1afdf18bbeb473a7a4fdbef59866317a26704dee56b6e3e0aaef8680c96aee6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2ff461a2bcd447084914f4ca9990be31

SHA1
4179d9448585de527d2ff1dde84412e20844ba7a

SHA256
df38f448b1cffede25865f9dc6a17b940506f0390854559bd4b239f907b0ab24

SHA512
82a35220ace2eb2e09a0cb6a147543dc1c585b691061aefd6148128f8b3a2309ae4c965eb81fcf4cd5a4feec091d0123874bc87fe44802c6df33c990adc13c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
4596df367cd07d73e7a9136c83961f00

SHA1
a07b6c7a497a7dd033274ed789d720b884b654de

SHA256
6e2fbe6f3587759995ce38e4a440b94e06027b3e006a1541f728137a1f7c99d2

SHA512
687c329581f9823c3f303ee8d612b71f1716f7ad86d0c35b6f83ad41b6f066b0a6397a57423afbd2a28787c8262d6470c3588b359970f4a53241d1de18fddb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
f66bc66e74db6e4e0f2c341ce7bfaeb9

SHA1
63c559edbe1d5864595c5e8d4cff3d5f092dce10

SHA256
401027e22114dbd4b2b96214e5d99db20cde89993ef176760a1c682ef28931f6

SHA512
12e80002620e6f9a5a916832768d30bfa6aabc421fa39e928b0531cdca0ad5392dc4fa5c60f61ee4f419bd28108d1650fd54afd8ca93b9811596a8056c071fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
3dcefde28fe5c3d5803385b5fc86b13f

SHA1
3b26c1245e0e967dae850fc12710aea9b0c51d67

SHA256
57b86c31dc7508633bdf0a7e5c0d3925598acf2cd201250c676418d13353103e

SHA512
d6ba02377e731ce822a9faa8b8397e2f5b82e80fac65540f7422cda141fe9cc3e4f11c9295bb5f01bd310aa707a4c27c9ce94067ab922c8940c9fc62c44edeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
be2128099839593d65e7d21f72dd5dc4

SHA1
6428dca5e98a687451b15585904ecd382897a629

SHA256
0155e56720a698a15d4e92dbf0797d2e7d9b59204fc36f09f66614f801776f84

SHA512
8d2fd54a848842f0ed914a3ccb5feff26efefdcc5db47a51f963e58e72f34635bb0005f188aafbac555c67626170a78e4ec178bfd7a5fbcadebe2d1abbda3aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d6e144fccf3947e827f31dd43a6ac964

SHA1
e7fe888e16536879076a29b79cd528f71b307042

SHA256
bc0d2efd690f3fd4001e330b4480170c48d8eec231fcda4192d750a670b3f8fb

SHA512
50fec64ee8fd4259cb48c6873d6b665e0852ec3b2ce113b081b366b94ebf9aed0468fd000bbee644b4613f4fcd2abaad3b6cca64a475b212971a8b1c2f98c178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
4190d45bfbee384a26711e68e2b7fc8b

SHA1
34bc9512860e5d8c47ca4995a73b55b8c3c6fdd0

SHA256
735a85d2129cc1e216c3f6db58aebae8a63cd27c357909bc49980aec7ab56174

SHA512
16ef024626010952fdf173b85c7c227cbdb439a0ea57824aa5d7d8bfc40755542e6d1b1f6a498b20f244fdf55d112ec3dcacd84770b6fa8df5b49d72b755c082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
1339d3e3a71f0d2694d30ec3b6dec717

SHA1
784de6ca8335d68c99911c6512cd1aaf764c2394

SHA256
09676df14a947da3a77028a23e54a1e1269571db07970c220a6611cca786a70d

SHA512
79267a407d798f786aa72d0ac149e990c18c4869360ffac1409364afc44e3445824dd06b9b3c0442599bf6afca4353804a38be6f96ec3cbef2e0db747fbc76f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f663e8024e4789d82f660b22b9ba015a

SHA1
4d31cfd60cff554e775044a74f4a1d2265bba726

SHA256
9b89ee31b3b29de942b9a8433942836f06c949ab1b8aca4c7f8f92a3a7b90276

SHA512
7571738c78cbb1823c9598c9b033fd9d5033d0ce12d3ffac251991cee29500d10e08942b74b4c5b0bf5767a03c6273ad3fd98044ab1d3db56c16b651417fd18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
becc27cdf9526b78c64701722a3526bb

SHA1
4b72647db6f5c4a839859567dda43f4a10822242

SHA256
9635766fe33e66cc197c07e5a5358cd5a79f0d40c16fd79c019a2ca690890546

SHA512
e7cc7510a7ecd44285211470b211c2b2238fcdd54cb926fa697a157ba62789cf1ceb55d82a76ac79629bed6d0b0338b5d4b039dfc546e4bd7bd5922c3a155a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
088005b27a39434ae134dd1b5520958a

SHA1
7d7697a3181169b294bc6850a3373f6c4dd70974

SHA256
b608ba35bcb66c5862873fca6b1c7b9e8a985aad1d3703ce7f0cb21daf5802bc

SHA512
8513e12ea771e0f4cf4e9e759708b8228465ac08617f8e5e97e43410b20df8d5457a130a3f1b48962a6d17c9aa8a4f180e2ea608b7899aa3a69c8252d86cdd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2c67364f62ed6544a8a08e30c973d10

SHA1
f4294f497b1cdc905713ef854232a731d6d5acff

SHA256
f111fe2e4340ee23ffb7d6f7fa09e9cb602cdedaf033f79ae5bcf86f3dd67360

SHA512
cfded2b3187145a86b0c5d2b7523ed28c989be811f4821bd24e9db627c08de1b792ddd66408df94ffcc98bc2b1b16e3e070409311ab759a02f48dd65691184a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca7746100ea47da692d707292cb5d67a

SHA1
616a1e0d00d57961acb2b365600a085e4652c42c

SHA256
5ef6043638de36c7596df761aaba9359994ffa7cabc2ed339ea5393b0fcab5f8

SHA512
49f309368fa926aa35cbd749316442ed764b91ec32fd8eaed162ad10d7e3bf4a8b315832fb33ef9630d9c6ba2f78e3595b50c095f2de4696f3e0e57417f6aa9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55a9774995c86032bfe56d0d8fcafeb4

SHA1
a4ba5d30c0d3e4d88f996d9efe3e2cfe0300c616

SHA256
6c232607f1432042c9a032d7a2f37259ee419f554c1e91e2616f60239559132b

SHA512
ab33b7c391b8c224537df7599d49e90347ff71ad3d8ecd04ae81f2f4409bc353bdc8474b7c136e50294ecdb5a07cfa3dd1cfbc139fff9d3b7a7b6e06bffbeac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1251950f84a384875582d3dcd27831a

SHA1
2d2d6723b76d815ccfb788d3f27c2be7c40eef31

SHA256
daf5757b4bb855ef77d284b2897f06a9dec3a82526e7d5010966492414947a57

SHA512
3ae3a2d41996090e74e17d631eec70364a437b5688b5afafbb8ea15ee8a8b014ea60b08839db881c005ab6f60ed86ade8cf3cae1557524309ac205918a731fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4454c859569c520af406980aabe6c38e

SHA1
62ab79787d13a7ab08e98c484cd82808e962a632

SHA256
a975bfeafce02d6cd828a2db6b562e8dc3d5f51770b14263b16bda37a7cad842

SHA512
79ad3e89d39ea62f6a8a806a8e8c6c23bc7f3df6c3e6e96865002dd1bec60130018199094c50cdfc8da96f206559c4a3d916027b1a27bb56c989c91b3e7b9524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acf53a249f1b01f26aed4d8d7f2666df

SHA1
aa999d91084e4f64a14b55fefab1baf70af1ae91

SHA256
a5f43ce5b9a468c43c46b3248877ba1d6df17cb9d127d13186dfc8e6fd6efaaa

SHA512
113d4c2d100a2cf5759f8d0ef8d083be74bf4a22b1ecab060b8b78ab1c8ad96bf5e767df2dccb7fe38b0fdd9522616c482fcfa5204973b28b2f32aeda92f45dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
560725dbc8222f6ccdaa19b933db47a9

SHA1
6f40aacc479000dd0daefcb4cd6f20a8aa5a78a2

SHA256
6c09176e95e32010052ee239a57395add92e1302b46e01d8a6c1a85041b4ad50

SHA512
42804d6b422ba4e62668db65deaed29bf5f56fbe88527f0a95cc4279288362c9067e4ebefe1b957f6cbc9fab3e4efee64caaec32999481e9696423543b731ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
897B

MD5
fefcc711f9e16e41ac48f395de693825

SHA1
56dd5860249b388b9aecfeaf6f8bd6ed6c4d9a46

SHA256
7c51d0e5fa1845662ad1feb52e8a6b2d119e262dc8c4f2c663c101d13ca76d7d

SHA512
c4a26fdb8bdbfc65b296fdbc0dfc6cb5aaf42c6e929329c0da2809a55440a524be60ef3a9d8090a60aa5629f1db48287b43b6053ed45578a2dc08f9e35d67f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
d0e4d7530c21a908b20996d027ca764a

SHA1
071639a04b9493159c84db65301a380b7e257ab5

SHA256
63cc006d1ff48a9abdc8035832fbe6f6b28afbab087192b83ea6d4f16eaf6285

SHA512
8cb4b57ce8817a2dae103341f2a4f515025ad2b2eeef27eee778e0a27cbb63ada9f2f38e82186fbebe1ccbcc3bef59997c985ad6566c3ead73262233328b0321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368372330105145

Filesize
25KB

MD5
1e62d3a877f59ac7b117a8d842cb61ba

SHA1
480508f6701f79b41c02bbf39358f76a5e981f71

SHA256
6f942ea03a983aefb431f969e270b6d6711ee8bf14de1f6328fbe6f367d5b3af

SHA512
4b2f3f1707a202cf8222995d25d4683e7a58471ceecec46e022fdd338ed653a2b88b297f7a25118ca6ed3632a0a7b790c3ae31ee67c2c79e4da4655ef455fdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368372330290145

Filesize
9KB

MD5
f3dec019e5703cc6055635fe880d68bd

SHA1
89927d5b6e4c01042a91a97a39b01a199ee35b74

SHA256
f3b6c044d17356c2d0a31a49626ee6b33710be0c9df0ef2cbc6472af37bfcf73

SHA512
f0b9b2c9054fc59d20d8fadcdc05d284e4a6f6824cd1517346a2483e9ab33d73d61d4b0b3acd3e980e920546bd90bf4a4de74b75a6ca7fea157bdad0db609f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
328B

MD5
b50a374d6abe5a2ff6b138f6f70c626b

SHA1
c6101f63f50da8f6abcd2afacaf24aaa6c898ea6

SHA256
9d68f81f7ef58043cafebd6c8dea357ef79ff05d3ccceaf4710155e7d946b921

SHA512
af476815a9988c9486319ba0224bc646439052d5f6ab1b06035c7fe9399c298d936a336d2bd862a6924383dd25ca260a625498bd2a7691116ca21da3cd46f43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b088727782cfea63c1a60dd74e9b2eb8

SHA1
6af284b49ec50977b71dfefcf3b727a5abc9d443

SHA256
6539dc62bd2a8b5d7e7c082281d2d2028ac003b9e1328648197c8823bda356cb

SHA512
14ce54ee44ae6d6f870d8ecbdb8f76b9f8694c7c21020b7cf4ce78c7adbd32543c2d67bdf33ea389e4158215476eadab9abdbe69253b7dae5d245d6e0f0979bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
15842efbc0377c9e956441a45ce85993

SHA1
f533d25555c8f37f35a3f2eabfa68dbfb0bfe383

SHA256
b3cafaa0934e04cbb13834bc81352229b0a0f58d3ff0432b852b590f0d197d84

SHA512
37c0cd547c705ad0ac22c1caab8d5854878f2761786e19be36dae14fc4d0847153f75142c03deddd97de66e2f2f71fa4ef0f77f6c3872aca67c53cd0bdb5290a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1df87004e36f5ec12b9babcc130420bc

SHA1
16326530a27294b48871a519e179e3f0f7569e30

SHA256
493ff4386826b6b277b5b975d0295dbe182a8e14f2748cc0b803814ad740f9ee

SHA512
8d805e287ad583daa91ce8a5d065da75d92986ff47ceb51e2129e105ca5e368ec09cb70c20e2aeb1ad5f2e6bf43b0fb62fb3fd1c03d81a2863a439c0ef27b008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
874d030b2568bdd09289adaaaecfe71d

SHA1
5bd24a84d7cbb3f995f9f80235ca28916f661f32

SHA256
1c6b5e1fe4ddb6526cc47da2b77da34e0522b69bdb3c8cc4f17543ab370310d2

SHA512
ab043a4b07dfcb7401b11daa91334998f64b9fd4d1e5d3513b21eb4a26006ae7797af93c7db272a242e80079896c2f350ab66ddb188c1644e88cc1a809960bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
17df3f9cf26bb65a4df07e53721e5977

SHA1
0b0eba51f4834c110e5e06e6829a6038ed402ddf

SHA256
f8099f680d197b1f6110683d3cc7692c19ea7ab1cdae6b7f4011e00d8db19d2d

SHA512
ff275d4f11eed1b2fa4494d8428fc342f888d354e0129d5f414cd57186ae0d883eee9cd5a25e903f848db7595e4c4ecc7a72b33bbacb69548eaaf8fc0f9280de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
1dadf0fac6aa2ad78f2bd21b92a36e58

SHA1
c06c8d9472896a70cd310006957e3b78bbacabbc

SHA256
c278b82e85bad218516a432d82537a836e9179ca7c26ab93790e9063b57ec36b

SHA512
5ef7d6b8bb6373e0a187d186a48e322e4b6b6904e74af60c6183777231f0f868dfe2d0c42eb706696fe168bc1ce2a0d2cb05914828a9ad3e35d9f33b8b0e10a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
aa3697c9c32444e111379a2cbc9d061f

SHA1
64c207a8973466b482e1f01999d6ba3f920b6c83

SHA256
968af776281498df49767cf354605508a3d75564fc62b993c26c3e2b311b5b51

SHA512
b95d8a2e7ceccd0bbe69a413e59b0540b59f42def7b2da082ec2a1fc5995eab79d4cbb63eb8fbf98f479c4b5945c57c364b535ba980f6e768e24619945080ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e896367cc754bcc446699b193a0bef8f

SHA1
254845e2a274aaf8e36c57d777098b397b3f1957

SHA256
612d8c04ea93e052aa9d1ae3bc387b5bd4db76b5bf2a747e395d25b580d3bdbe

SHA512
be37c54e87e2d1b8a2bede5aed5add14d010958995fb7817a8e1e2c286d05704ad35f116588befe6dbfb187baa6eac9986b7453e3b18420a6407966cf4a77651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
f313d780c79106c46dea9031f1dd68a2

SHA1
902c9939c6eb9b9089302792161ab7286b0a0252

SHA256
fc9dc36be932ad1e0be4f4dba0ac2aeccdf7f9c89d4cffa5d7f13251e84d1b20

SHA512
4155bdf76584db4f71688ecf08daba2eed1b6eb9044265db9f0b1cbc0f068d5717c3a173c8c0e15b4d3aa1569d67ef0846a61681e523cd400e15a727a7358b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
bcd221437e555dea2a97f703618c590c

SHA1
bff86a79e26e3f9dbfaacdfcb149344062dcb98b

SHA256
2c5e8307c65c03d87f814faf97b013dbc060ba3872553997665cceaca5238974

SHA512
6b82f4417460f33249f250a582653d5b820a10a800d40b42fbb0621296e09559404521ab77e0fe2e7540de812eb1e191533afb107d6c8c0409d1827d5cdcf080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a615efb617e73bdc16ba212f555076d1

SHA1
27b336e6c58b6a68e3282d2337f74e116cccebec

SHA256
e470f1f9672d0872dc341b18ec92e6923c0cd5771afd4067ab1735ed16d22231

SHA512
e2f0eb1458e70f02371702ee3091b994fdcb360647c495d3152bcf334fc58f43fdbd2e9053e19a13fcaa297f667c4481e581bf5edf54a37154a9ccfea7a3f5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0507c872559c2f8524c6739999df8c54

SHA1
c616eb94ded5ecaeea2222528e8c0ea59414a33b

SHA256
11e4c0a3157f389c010be1f04fc97cfec0801c8305c40e1e6a41183b00e72c43

SHA512
b07db25c91301d6671acd0d235e9141d762f568c8415e89062d86ce15d636e8e07e36661d07dd8b3d00e37b158f2ad345fa547ee3bc424b5a5491cbaa3a9330b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
afb9d37a5c9388598a6fbaa5db5909c2

SHA1
d0146934f881cc39d9742e1079214101990f0773

SHA256
fc82235ffef44901849a33269f58afb4bba13cb09f09590e7c6be19811883fe1

SHA512
b17f0188e65bed56fd4e5e332599273e3c2c5500b3a8f64f8166c61cda2caa5d4ed6342a3ddbc1fd75b001c531ca8e929f98b8b36f9bbead6196b9102441894a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40a6865530304692e089238c8215f22f

SHA1
638309e0191ecbc3be2c76ac3d98a304948b7342

SHA256
b98c047393c9b5bc5d5803142b28db59091a118bcfc31ecc0915422dc0b6364b

SHA512
66e87b4fe82879c24f8b4215ab7557ae379ecc27d554b9b462f9f30607630f13bb718952caaf738a1ff47ece47e9e7c06ab533f9f5a3c4c21b4761a3d7dc97dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7771c2eb9fe780d13bc7687907a43de

SHA1
9e99e93a32dc65bc1825cfa5c046558dca80bf35

SHA256
046f7c0b44fbae683ab93412d5ce0d3b7026bda98ee4a9495df3ce3029586c6b

SHA512
f946d6aaf49c10d97c7dd649975ce8f8569ea4ca331e8720f6f5e1f7842218afa73352ddd17cf102c99616ab19d29a916ede83cf300309a6790e787ff8da8b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ac80d9177bc8b233970e3dcb8da773fc

SHA1
3f976d4bfb9ee57a9afd053c29a2bee967cfed67

SHA256
211b0e78dfe596474ccb6f0e70a9f3eabb7cbdeac558b0a7882fbf58cd1ea08f

SHA512
12f1bcde3b8a2a38763f729b5ca76e39951e5149ca23a2ee649b73e57e0c545e0fb918ae11fe9f54f23da6615b1d254c10d7e2e5ad6eee2cfd60f7d305a3a965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ea5c9df7d20641610bab3fd6f8386167

SHA1
815761f40eaf2ad0d2773b9ad6fe3ddedd266968

SHA256
47789fcd77c50b29f432927d1d327f2769438861053177e0b1e5ee8b9139dd8a

SHA512
cf78f7daa16c833ca102145dd234933f8e86ddf85302094fc7a6df1da101b35d7525c6dd9ca0797a365b8b6dba80e460cb57e9e3f4c7cd0cc5764b5704f2bf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
235e0a949b5f8578afc1d888d15c45a3

SHA1
165d5f669888d8df647f977a2819bbc04e0cac8b

SHA256
f49ef2c56edf6b067fbdb183aa6f285625b6c2d1a8a73921c409fcdb06c6137c

SHA512
4d170338447d7d8e9e1ea64e3a9c2e98b69680e74da1b8ab105bfc8a497d52e97206f5e6128b04a893ca8cea96cf2bd2c7da8ef7d66511f547183d7fbb31f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c3e48d210df43132e8384d9abcccbf1f

SHA1
1b7a3f5c26d3573aa10cf3055ad114b8b671ab3f

SHA256
6f5bbaf97bf98f3c8da02da584d227ee6074f8a5b790d83cc4289542156111b7

SHA512
00b629448a410a5238e883cf52d50cc3ba8c4bedc6b8e79962c30216880bad691eeb1cb17cf8c2e10011078c93966aa9eb72a3984b7008a95f319a9d7b57249d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0733aeb48b8b6c73ea351cbf7737fd3f

SHA1
4bb088f0f06b237c3249dd0b092d031c90090ddc

SHA256
8ad1d87c15a7ca3e2e1683efcd15f5304ea4135b86482715953bb6a5dd07700a

SHA512
e81db5f1fbdcff4fc28ad85c2747e566ee2fc4ed46f5f1a440c888538eba38c75d89be8dd3d2d88b579c3acc82e3719f6bd1054972e5ce016468574f60f7d621

Download Submit