hxxp://file[://]/home/chronos/u-a837c7aee8a403bd33c3c416d868748c17464653/MyFiles/Downloads/screenschot%202024-04-13%2004[.]38[.]11[.]png

Analysis

max time kernel
1708s
max time network
1713s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://file:///home/chronos/u-a837c7aee8a403bd33c3c416d868748c17464653/MyFiles/Downloads/screenschot%202024-04-13%2004.38.11.png

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2432	msedge.exe
2432	msedge.exe
3540	msedge.exe
3540	msedge.exe
4316	msedge.exe
4316	msedge.exe
3912	identity_helper.exe
3912	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 5096	2432	msedge.exe	86
PID 2432 wrote to memory of 5096	2432	msedge.exe	86
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 3892	2432	msedge.exe	87
PID 2432 wrote to memory of 2924	2432	msedge.exe	88
PID 2432 wrote to memory of 2924	2432	msedge.exe	88
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89
PID 2432 wrote to memory of 1132	2432	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://file:///home/chronos/u-a837c7aee8a403bd33c3c416d868748c17464653/MyFiles/Downloads/screenschot%202024-04-13%2004.38.11.png
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaae9546f8,0x7ffaae954708,0x7ffaae954718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8833043246059395880,1095139037002012007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaae9546f8,0x7ffaae954708,0x7ffaae954718
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,669468087444667931,5369949087306529199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2457cba7a489938013bbba47274a3781

SHA1
f7aa44ddc6bdf4e99ee89f978d383d274b732888

SHA256
0f2d8894d41e4c173e6f5ab7ef25952a51a153e30b05c8f5f22930e6c532c982

SHA512
dd8c65975f2fdf0dc6c41ea36fcf9eb95cb4a66aec2f999f35f6f5e3d9f1d4dce28d576d16c0b6ff1d4102eb869e061835e7ddc7e8bff3c50c880aea71011578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9d6323bc3ae015e4003d3f028c229cad

SHA1
03f074134cb63e316c3e8abd6305be1373b7889a

SHA256
8ead5498876c075df38b70d1a225d896b5e46947659ee0f9a61389678df0c8ca

SHA512
e1b8fa4dc0ecbfecbad3ae036071c0cb64e1b8bca5beb75ffd48030b8b6fa0d44722c825488a95dd50693afeff93c1a5a609ee7661cc86a80711b8ee7dcef1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1e87164e27ee9791dfaf6bd10d2d8169

SHA1
c93197c21763d9dd3b133bd4970c1474ffc77f7b

SHA256
4d6cfee8c91d6d475107ca0dba22e4e09ffe2770feca27e3b76c3a93e1315fef

SHA512
b21902807d77bd325a66b4f91d34c7ecd4e83ae3674dba8ecd2ac6a4aee1ce283ba12bdfb07d6243752e8a0a6b58eefd96935b4cde2dc73e0e1da56a392d0d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
72a7f7c5ceacdc7416e9ec187d0c140b

SHA1
6dfe9131a94e10ae77431a2e38ca9907cedcdfcb

SHA256
0f3fa9816a9af94dda5a1b37cbae004455f25ed7779ce86bcae85e339d7da7af

SHA512
b4211aada550ecadeebbd97ea7363e31584477070d3a9716de8933e63f28195c7fb75684aa8faa1ee2d4575e6b7ce0b8ecf6ba30e56e898dc3c475fd883cdfb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
b1860ec6655d8b4721c716b0fa480408

SHA1
3ef2af77e2a20ccc326dcc3e93acee240df32db9

SHA256
a76464207b7f19cd336a81ebe9feb2fc748f644e5225ead6fa61a5e24edb0904

SHA512
5394303170e5db18581096dd6d30c2ff270435ada118ef804c90aaea5161dd6f93a3a2e833ae6b8102354001776292072fdbbf15e0d2a8ad5e34223e05e0a5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
42eea3d789ad8d8f68e53cca4cab511d

SHA1
63d1b15db47d8e3ce0af33cb9af1359f3c98c8b5

SHA256
fac4a5a322ea932e685e7d5fffc1f921a125a190d4b279239b9deecd2a3d042b

SHA512
dcfcd6c7b017898abd7af74a9da1acd62dd43d84be15163160d9eba60229ee6d4f750bc5006f348a982871504f2f7b99ac6b5f6296c7cc6a970b05970fe3507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8734ee37c7aa23652557804e47cf087d

SHA1
e3c30770ecfbbfdb00fa0e6127b3c4135b803327

SHA256
28a54a16d351d24f05e1f73bade3e41e26be8457f15e0352c80d2d6d4d586020

SHA512
0172afb3332e98a779618d16aaf1573ed24c5ceb9473a3f86f0d841b44713549208d72ea4cf6f3f4a9c1f3cc58ddee1f07198fa9334a1657b38db719c6cad62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16a1863084ddf97505151e6f135e6794

SHA1
e703a48174874002ab7998bbcff522b6fbec4fa4

SHA256
933205f973ca2d929c8d0cd78a50bdc35b432492b7df00c948128b2fa8d2f052

SHA512
ad06f571745e65610d3b625bc43787cd4878348f6e0c4a9c247db94a73018abc077f9bc986e70337ce77098992a361f50c0d4035590ae49679543828f4b85e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3550e2fa90335fa72dd0e33722d03194

SHA1
012141ed062e41df2e08efc4b927e859c80020dd

SHA256
1043190d75ede417a092c79e2fdcfb106330cbed874fde52105347d6873732b3

SHA512
f7fd12b588811eaf4442c7594738f78ce112fd5082c6e37f3ff9664fcc57e84ce1756437cbfa01b7ae19b46e07792968b9054b91bd5254d49f195c63cbce00c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75a7cf7af7b20a4c533b4acbd1cfbca0

SHA1
5020804866b28fdcb50355bd9c42266bab0ce583

SHA256
44cbdd5bf9aac0e032ca859ea7b9019fb5074e4d98766a27d46e74cd42349297

SHA512
5947be8a456b34d60ed5f9395addc4fbc4045fa239c20d1c3db61dd16611913565dc06456035df37a3edc43c5b21bdd93cf1938d5d59b31ac7c5f343c7013c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa8c22ccb9ace0a6b82ba67199ebecbd

SHA1
349a139a3c1a919a7fff40f1f830d7a74c88cfb1

SHA256
8d52b2c967d37ed4d372339343d6d4102f193068fe14847b31eb26e9ab4ed0f7

SHA512
54bd68a907541f5d46998dd9c36300e0c66291a7eeaf10716f12cdba45dc2f9aa2beb24e3ad5579f39dc0638f22daf7bc6daa6f7beaa05cee90c0b19358d6824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
dec049a469796265e70e942b9fb83efb

SHA1
aa818231f77eba2e1bf75903f887a7003e1820b3

SHA256
1e4e506fa4c64c16821fa45b1ac2c1ddc8deaba1731db2ad34facfe13e1332ed

SHA512
d79b0a08f94104bed10999495da47d1ccbe962064d818d17ce3635fb976002a15640aeb50317b054215538364651af01d95867b11d8129ff8a201579a89be614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369104398008194

Filesize
1KB

MD5
9145ca4e7845a652ed320d06a8d23560

SHA1
162276f2d769b8638ced28d11930cb0fde818feb

SHA256
d6ce32e10cb9956f0dc11e13f086e66a1f37758955a42c48a76638972f352eb1

SHA512
19a82e37ef533ad09e484f2c510048a9ffe407e9058915379606c22c5f458662972e30c8fc400bcc0557b6c4c3fa319ca70de76e337e015f0820281201fef64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369104398172194

Filesize
2KB

MD5
f311b9b2346470d6a762462574d64d19

SHA1
b23ff3ca32e03105bb26f4325a411545c5afa9c5

SHA256
b7941a0a68579435c65e648926467eff792405da9f4f4923bc1e20d6c67ea4a6

SHA512
6fe84556f1a618ac65dab55bd7cbfdf68dff44cea7782b5944b7b35f8667391d126698fc165f35d3e1fb83c64d440edf46c836684ee83c9eef2f18cb0dff12bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
600c36d6fdf26e1e760d8054410d07c9

SHA1
32671a6aa68a2406f95fb559c468cdb438de929f

SHA256
ef11e4d405046ca3f1a7f9f88c173d77b87f28dc3bc2fd780779e4f17fd38a3d

SHA512
1605110e44ef6e3682f76262e9589465ca989f1113be5dc68c2f783cf2498b0b47e9b22ddc930c9a0ae0ffcde2689dcb84c9fdcff2298bdf55dfbc9d4bb31b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
68e84b9a68b6a35e8f17a6f678a6cd67

SHA1
9565f9e6fabfbe044150e6166a4326961efc35f3

SHA256
3996a523a5ec16c22a645f3d4414df831143b2477fcafa076873fccf726ea538

SHA512
96c998a3662f3b39bc9decc7ca2a5aa8111685730c5f1963dabfaffdf46651d0f6120332e5c51821404c8e6a79e967241495467262784476f946bab657038ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d662b339a64b4d7957a6448b797dbf04

SHA1
f20b4af4cf26fd5481e48f81e46f132aa459ca59

SHA256
0c1ed103928d1207f0dbbe4e4542582460c3bbbc7c7f4f4cd0d1f5d81d8ec33f

SHA512
d8e68c3a13910a7e5d6bb710d3c1c9805b7f2ee06eaac646525940c7e5421dbe04d92daf0eb2b11355818fdd055d30de59c339fcac31d24c8cd9e965234f2e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
dc4f6e7a1035b2da1478b4d9450c722b

SHA1
59dd4ce61fa79bd12038ca9f84616de8dc6cf02a

SHA256
66b313082222ed46c478f6c8e40b5ba00e0946adc16457f6ffc7add69378ebba

SHA512
530cc12acffaf274e3a4733fbd78d358a3502541a1eb550f9d531abfe9f105a8b4c22627360129b5f19dc99cd990f37c5b394b5b366eb99b9cdc21c636884b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a1887983a9a43ec58f1dc5408210a140

SHA1
c2e39e04782f4e237cb41c5cb2f3dc4bd6079e82

SHA256
610924af54b67719b8d3df50325c1c5e9c262e6cb96ca2426d8f4d85103450ee

SHA512
6bc39028df797a5fed24a51a6dca747741cbb6871d1cf72a9c7f9ab48c6ca742714bd1c66c1666d111e36eb9a451834c0c4ec5cef891a4eee8637978cc140c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
a964c1c08cdac8376070941591e0be7e

SHA1
ffa9fbc1bfb1f6062c77162dd8703a01bd939498

SHA256
7c4a53e68f014a496e8d4da8660ce30432a4b74b207e4fb43c9840811fa38fa6

SHA512
2ce376208983dc856c1a13617834bbaf5d394081a7d34552abe82c845285ebff06723404e5544c69299f922b15dc4ba54abcd9ab366dfa03569895c41ad5e51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f55836b0052a40a95adb15c2b2e65171

SHA1
998f4ec2e86353e2348164cbd5dfe5a4d7331b56

SHA256
bd053dd92a8eccc6bb6987a0456d2423b0e23f029fb23f77aa970b0702d5e4ca

SHA512
144c98ae1b9a48ab8d39a0ae5cdc41ce381f225b05efafff4aa5a7939ac1f99ac9680392e983869f8c6a6983098fe6c821626f910c1981ed7f47736d7e386e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
7a6184269a32b124e13ce8455b3e43ee

SHA1
823d40695e1c723a2f6ad602ee3210c1da3494d9

SHA256
582df3f7ef82faa7610e8c0320e5efbe6207e6a70d18efdbc0dd31515584ab14

SHA512
d4402dcdb7e2f24f2d44fa35c12ce39b45a45e74624de568b1ab90202f876edbf89f1a1163d90f12debbb22b67ff4a4db772679e711ea3bf01548e4c9c22b202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8ae5f3d4ee2ab45f861beeac670bdd73

SHA1
f6a5c7eb5465df7714a9b67f64d4d6989cf411eb

SHA256
9e6417ec29fd036c8b1bcdac2cab7288d060cf351d04fac9c132639c11b50583

SHA512
92895e1007c18798a0c14141fec9f73df9b33526ffd088dcb64756336116c07e7848541c642f2822c2e7a884224eb282a6864d4a5fd2ee14906821ab46a328f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bfd7e5ce826e066bef29140f9c9121a0

SHA1
ea034644e8685d72890ee0294f490abc2be83081

SHA256
634de22bbd590818d75093cfa3e0e374f5b03a71ea66e0bc1004b9ec2b0dc605

SHA512
458d6dd41329ff2dabbc398c597ecdcf7f680daba435e0a3e85a2fe78f9a43ec524c10a09c2014f0328196f64fd3d27cd65a6609ae9c950dcbcfa777f279d729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fa2e8257de0024df58c205e25ff0ef12

SHA1
215eb391c437ba9bbdc6cc811ff6b0fa5e337a45

SHA256
55e657cb8950937bd133388678399cb7af0e4e2d8efcda7637fd6867486d938e

SHA512
3e5cbc915e75dc47b0e99455229184385a785f4ff4179c1c332babfbae5074fc785b1e254ea72fb5526717b9246326d150480f906cc457720d2553016f58c98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5d6806439a73db772312bd82141a2345

SHA1
7fd24f63bc5ed410a25e25d5b14c50999402f649

SHA256
25aa751d4f8b94b6d1289dd81c2dd3f1dfb133debb5582e107cdb214b39997b6

SHA512
3230fa7d61ed6321e33643c72fb6892523cdaf50e6eb9d5f4c4a1c7997cc868e595f50cb8181bf11781361a7cbecc9b551a00efec6a5dc7fb858e69257480b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d9365387ee0a8ce14a4f4dc0b1dc7d19

SHA1
fa3ebcafc87d0a77df86af0037c73a25638ad2c0

SHA256
8e9fefe0b4f81537e3edf8a021d6b42d968a94a03dad4009c74e937d52a3b17c

SHA512
e899592b537542d252766435a4ff1bc6b9f151f8496e97f05ee7647e6538e940b98e5b4dd8220c5ae7495a507732e75615a1e8e8723004b314e2da7a9123d6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c52260c834fdc3704eed4cb7c488b0c9

SHA1
57b537a28c4ca3e082eee725a580499a958b0dad

SHA256
ad3d5b5cdf8994adb0e1670331694c20972db4b2e92a606487a847e85b678fe5

SHA512
37d9313af9e6fc6c767dc0ad19247b271435410c31e8fb3f2c47f5cb8b353f6850bb0c5a37a7dbaa0a09b936d3980e97d128f83ce14a03d277b6829f9eda698a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
213ca1e40a593e9afc0bbb04eba83afb

SHA1
434e4f142547d814ed9473fbf9cd808db078893a

SHA256
253517b2f4284ee32e55898a91cbba76cde6fd75f44c2c02b6678a43de326740

SHA512
eb98af3b1ae251eeacdd4356a87c54a09ed62cc8db03a163cb36bd3a317144f51619bc39f9b4fcdeffe1d7275e290476738a4813a0c0373ad660fadbde55dfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
59bfa4fb5ae51ec4cb1880bd0f74391b

SHA1
2ab226719258b7504e6179b2c19ce0bcf438732b

SHA256
1f9646ebc2b9642ca98feb925f5e2c2f84b953ab324796c110c699e33fe98ab9

SHA512
aa9de12c43b6f39e94304034da541aa7a5ea837314c6742f25e4143835627b5fa68fcaf1619520083e24534d669bf82c54e685dfbc0b6865b432209257d34774

Download Submit