hxxps://cdn[.]discordapp[.]com/attachments/1267410065145593918/1267412602447990826/setup[.]zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2024, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
1540	msedge.exe
1540	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
508	msedge.exe
508	msedge.exe
2868	msedge.exe
2868	msedge.exe
4472	identity_helper.exe
4472	identity_helper.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1724	1540	msedge.exe	83
PID 1540 wrote to memory of 1724	1540	msedge.exe	83
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 1484	1540	msedge.exe	84
PID 1540 wrote to memory of 4464	1540	msedge.exe	85
PID 1540 wrote to memory of 4464	1540	msedge.exe	85
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86
PID 1540 wrote to memory of 1856	1540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5762191522525265293,17039168135386767823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5387307788398354315,11956801743775968415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f43f6b2ba5eb4024b5f8ff71b9f436

SHA1
57446562fafa3f2fdca146af456e1319a1becade

SHA256
8aa2acd12dcd0867bc78ad1157bdd8840808afb3d21f448d7fc0bd958c45f339

SHA512
dc2475ad30ceb0d8947523cf8dbdb047d426974da0beb3440810f5d4e00ca964f9ce04a09144c774eb3c1e435003555f1269f1736579705c0b3fa98e5a4c0029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b29aaa93eb4048ecd8d6c97ac6e7b27

SHA1
fe76ff76f840a3ebda680321bf3e8bb0c0eb14c0

SHA256
25a33f09696211c7099e2ce39d9a9606389829db5c24c00fdd3e6b75d626ac0c

SHA512
07fabf45b5341c6928a2d1bb13aa5f8953713e7b281b581e886fee53a0d81a17d5c9184676d4db55b0dcc1a4b630221d087772640f7b5aae32e995774f18ff28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0f9e00d40d76c0410124dae381811a4b

SHA1
9859da4bc0349215aaef1c5c52cd9cd772b2752d

SHA256
21a1104966ec8e5c8b084561f67f4b95ca1ae8219ac41decaedc692631d1d22b

SHA512
fa15d626ed9b4c088bfe332e6e0e5414afba384bd3c477bfdb527fffabeb76d81d1a7c8280ae4e63aa814cf6e9904cdefad87471eacde88f1e375b755e48869b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
41c36a9acb554e5e78b165ddfe89f679

SHA1
008ebbb1bae26b694b73b1b2473a808a84c83fcd

SHA256
2ce95bedd268cd9704a1f11374e60fad7c91c2438c06b1537ada2c6520256275

SHA512
7a6ca3e691e471248f24008904bcd5956120fb010bdb1f8cd02866a19cdb652832e5e4dd4949c74ea15eba4b335b1514588275143f6b89b9f39a6b56e7976f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
585b1e38354b37951ee92c71c8d20e25

SHA1
fffc8dd54a857b2edbab8840c42027342183f312

SHA256
fd985e8c71a5b71f0cfc6c45e17f5f1b98557e37ad780db80bc935cefe89e295

SHA512
eff6766329ea508fdfb6e0a8268b2136c3f83cc3b1c0165a149d3f8543b51e5f9b2c9365fc2dfb7ef1f3df5b92d79e9a320cdd013d878606115e261d8de9f528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
edf3f3850e2727332729d613d77a92e6

SHA1
50797b1d69154d829c8bedc57d36990f2f3a6ca9

SHA256
9aacf79cbb750f3277ebdff8ba66bb78a1e32c18784ee8ab1190cf0d85535452

SHA512
1b6cd1abdc21d04bdaf010b7d5d84a55ce8bf27db80773b9ebc555d11dbfcbf0bc9fc19d301f4c23e6eb35fae17db6d8a578fcdd7bdd7289a706d01cad0d5aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
e513c9b1fb29728c06917719654ed2fc

SHA1
5a0b42631c7b7201f5e233a7e10bb65338cce3a2

SHA256
0ac6df4f14d57f1b8ba3e5962a85ed28e3fa9ecf372532c59d932a129f806b6b

SHA512
412f3fa3a166ae0ec133999219692f89863e48f6c65270611d83e13275cc5ef44b9ed1121b125819ff1143ebb89147e315d4187f6b2387b8c020e8edfc907393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
240591ad10d1a09a63597c93d56372f4

SHA1
d2bb3b35f51903a6ca7c1e233a04df8036e535b0

SHA256
8432bfb69bffed5548351d8781fbe72fb346730cff86279a7dd37bcecfbb2b1b

SHA512
6a69cf49cc44aca32586fd020974ceb259346df4c5068658fc3549ca4beac8c7aae9b487db8fccd39a04d0c5f330455a6748f9b2ffbb7e64bc87734873ce95a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
8KB

MD5
42038226b7de4a3205ebe33cf4372540

SHA1
f272a52286e155ab8525d4d1724dba81d06d5995

SHA256
d6084c8feea2daee5e4b0f1da8ba041aab3596eb610c68c31edffc5ec8924f08

SHA512
c154d20084e5ef7808f3deec8e726f565db40f19c0f22d1380122f2af6d9d0ab6b5513b0bd6819e20c166b8e6240cf4eaa8964be4f5de8e8a07916cecaeeaff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
89a475b97f5f2c941197b59afd86ee44

SHA1
7864ef65f55d580d4c008d52ca0826751930e638

SHA256
aac83084a302ce92b0227d6b47e7dcf25a9bc426e3b3cfc2d36bff0abff31dc2

SHA512
b3b1af4c9494db42c2701ba95b6351c9849389c7ce27becb0abd59b238411de121fd1cffa96c2122c7f357d0019ab5d838413b679cf1c263d03a23f7c3a089a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9f23a042cee702e817659e6730fe2f3f

SHA1
56a23a40ce2b52784eea89a4a4de31560bb4acf9

SHA256
dd5ccd2d45a7f764d553dd164f1b8063d73cd8674bc331e7b36094fda5f2ecc0

SHA512
8512f818a82264b82b53644dbc03728e71b422c91c3d3b0a90859d2d8575bca4f95874c0f3ab0bc364541ac1ef41cf404ccb6e2d35bd2dcf7149378a65becf3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a639a178d3f92d607244f73d7eafc9c

SHA1
db2ab94bf4130df7b3aa1448fb6518ac2e193085

SHA256
ea403199fa0996d088c3299bc68e444f24bbb86781d47bc1d92306f94349f090

SHA512
26331f10052c8a3ee0067f688dbaabc93d6e8c0f5a0f765d5741b78d7fce704e6a4c2fd04c866fefc49233e91df44369cd4afe7edeaccb11e4985f4af1cadcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
afc364dec3e62da4964974bc6f20555e

SHA1
08abac9f65532485018c7022e162d041c8b88bd9

SHA256
a9e3ff7b8bb84233fff684e8c2c153d04a03afefcad6e817501dd9f040e64b87

SHA512
795ae8de29f3deb9f0c7cfc38b64f2f749ec822c03f428bf102390dce3a6cee7733216d37c6532ce48b5a7c8d712d95146222291206405d77797e2e8d1693a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9eca9704b52d46c85f7a05fa79923a87

SHA1
4e9995249ee4d44db8937edba615f2dc36f8ccc2

SHA256
6f2a520024d0d89184c8cbc2495397394ecb4dee6f0e88256915d5abd5f86c15

SHA512
98be0be2dd0899ea8fe38eec31ee62eefcb2137f92895d29da48b10babdf3d9bc2a4bfed1449663b777c0043b440b77a771d1cbc42be3ed88509b2746da98f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e072c7f0801d238d2742e97e907ef653

SHA1
331485de2478473da3d1f13165fb8e5c5ec5136f

SHA256
a872f0ba182546c9e1814806411e53cbb4a5b915d3b56db6bbc7efd5af2ab75d

SHA512
24dec68869bc6ce31925fe9233467a5b55d6ef6c40b223aee02f0e0881e191e5b08e2bd17a117e36c00ab61b1e64a1ad3bf35671e6e6803869da1e2d965d43f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31eec28d9ebafcc8871fd391157e2ac1

SHA1
aa570ca1ff0787170c227b04bd7789fd05fddf38

SHA256
2ee17180d28d8621ccbd73c03b08971fe3b7d4bec6d5ac4daa202302dab84f0d

SHA512
31e9533bff76b8dde324f94f4233a45d8b1e71e41d94ad1d13e94c3ab01da4e2bd01dc3367244981bb804336727b70603caab7fcb098f2ae6fb0939decc5cde3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
559bd977c78c0eb8690859f10f57ec7e

SHA1
f2083f8cfd9fb317d7f115fb2988d4070546ae39

SHA256
96db4ba44220eda99d7b1e1e8ed2d3a59f4ccb097b836d146dfe54182722694d

SHA512
849e6ec75ab66226fe07785ee75a2c5633f812949bf13584a22e835defd6dec4d2fd5b60b9589af8fbbd42985878b1fc63ff96294bc656d228e95b2db8ea0a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b745eeff1b4a5083bbb6510b23274d6

SHA1
d7a631bf35ff4a76a202f9ea660711dfb0d2dfc6

SHA256
74e1a3d586f908cb6aabce1d1b0eba6c9f69619399b518fa5026bedbde8c16c0

SHA512
88ad1a132db9c987ea4541fd372bbebedb80152bceee4956dcc7c263b135bd90f2268b8280b81b09673f5485431c96a2300fcda7ee55efe8f1017980046c559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34bef3094faed6be59ab31b0b7b4ac13

SHA1
629b776f5ac4ce0e109b800bcfade7eef1c9b824

SHA256
7a7fa4897a3f3579d2746096c9960f1b36ba6ef24a1c1fb264bbbe022394e798

SHA512
66bc36b2c6d61cef036b46b6934b73992b6db52505003f92abb198e9f9305cd82002f868713610a3d7e10277729f285fcf1850f36ecd5acedcc37fcc7bea7958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
08bf9de39de10bee4cb5f9de7ed34923

SHA1
7857e877923feac4c07c9b00f696f2a7683d311c

SHA256
db150b162fcc9902ed7fb2f964f9ef49507d986a57744616fbfbbfc1c8cb6207

SHA512
ac4bcae912a7bffde96ef58daeb0ab7db53918b07694f4513dfde3956901d266736094d80ce7af3b3f6384ad50ae5223c01f9a3be1584ceabe57f254dc6efaab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
765cc0717b6bf3162d4189ac58770729

SHA1
1ed3360bdb8a35409c456f3ec14c31362e80142c

SHA256
f3d0f991d539d0094e901121d579ea62e6f94498745566d6cf5e9e83e95f7b07

SHA512
fe62c7c09e2f141686cc3feb1784416520211f05444f36d05d252e93d9aaa5d1a91fb76a3bc86a26586f382200de3b0d7215f7901c5c31cf5ee832af567c1588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
97ab58e43bebef53d21773cf10017992

SHA1
8063e3e77e97fc63c3d797c3ccb0429acd9e4a7c

SHA256
06e29ecd4c68a5f0c8b29021096e54d052aca2f8e92a0da6b37047f0bce4fadc

SHA512
4d842d1c93e2f4fef39f1e63168493dd96477599b74845b4dd1f7026f36a816e0774b12519cde8243892aa3ed7f14879f6630cafa65e94826bdd15f74be4fd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379488033207436

Filesize
1KB

MD5
6713d66492a2f7ebcf246ed3f2ae33d8

SHA1
3a68b89a9497f46317a59d1ea5f9f3585c75b224

SHA256
60b304a2612a8caa2d53785d9271c464f6772f0ef01aede362b42e00907db4c6

SHA512
7b81b5ceb5a123394d4f2114124b0682c330e5492fedd2086b4e10658eeec63e7ef9d6d2501f49e51b8417190175b30ffb8c415a3b6ef210cab9af5f34dda819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379488033411436

Filesize
2KB

MD5
302ed29b752297db953c99c0715e5b63

SHA1
583f13e4e0c74a8f812521278ea31b575c22df6a

SHA256
1f72ea992e31ec03bf4a4df2944c57620b2a6f1e476d77edeb4f10df33dad510

SHA512
623ebb011442124788bdd7680f24b0dfac4706498788de0b2c6d238944505fb858ccba96b6659c5768cb9fd972961f3ff2d5b18f8df14a094e4f52ee522352bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0508095efa725ee46541108f3e1ffa73

SHA1
fd045f274d6e9dfa11d6a34a5c9fb4e0b7df2313

SHA256
650560a7416584074a3f81abe82a7b4e89826b10b440badfa3e40843892f82d7

SHA512
203947c18127a549ea7d86adf1605991d5aafaeaec62344fea1a454d1eab5882c66e52c3342c740dc7fb9343f105e5a1013f92ed88cad64851c222770c257c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
90d4e198d8dc37b91f947fccadbee887

SHA1
a20ce2954d3ca49e66a2f22b990b6323395cdd61

SHA256
ff184b73de5d2427b9b88e67d9190bdc8548f42a313c1d374f09176d3c516ea5

SHA512
a12f2380f7995d0562d51204af0f184eb53fa647200b3a8e4cba950f9786435114d4b42fd3240eb8df2de8f33235f91e4438f14a6225e07e0f57ea94fe287e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
724059433d4db4b485232978482d4d66

SHA1
cbd5507a0c68a88aadeac85655ebbb7d83a188de

SHA256
4ccc03732db0f0eafae5dd323dc85702f5676cd07e9898f6134953b284dcb81b

SHA512
e291b7abb058c28a0ce637b950637083c64c42c33bdd600490f9154038a31fc64ab191a5c45d2c3f8817d5c0f8151910250139dfe7785c2e9f5f09e19fa38ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
27db3b0f6b61f510f7020d18735dc487

SHA1
c6cace3073a1eb4b321c7ad53092b7c0a348e8ac

SHA256
6f7c1a7b0cc1a6f17fd327a5a6d33356008ec948af33457ae14c44b78ac204e8

SHA512
88db60906d021ec666b97627660606c18ae9dfbcb91e8f283743e463ac7c7040c9f18539290566058ff7ecc08b69a22cba13bed49e04e944877186ff82cf9597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7fa0473e4ffd39e0a31f05a9b93796fe

SHA1
eebf88e919b2d2ee9c864def3b7cecd8de6d9b06

SHA256
40e8a4b65ee626592792c2c56ec60955100858e268a1010f4579dc8bd845af68

SHA512
4829ec20978e70c20359dde65f520575c929f5052e41d9711f3ea412aca833f8e227cdc880bf4902d5d3d77b8ec6aaefefb8a7f5ce8920a9a7623715662ad0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
a2bc5a4ac39fff123aea6764187dfadd

SHA1
0cd6f8ad61265b5f5de9ce0122a1d393b491887c

SHA256
78f2a691bbc9b9f57bea5aca70a5f1fcd06942c757cadc7fa42443ab9b332cd8

SHA512
ad7b95cc80bbc3af30cfeeb0619d05b318487f5eb9899426212da9fbff248651916c13636cdb99326c37e229f5336a7451a291ca73566f0b6d12304bacceb86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
de0c2e5507ef9ef60a25298f8411b4cf

SHA1
73f051a42a189de1b3ee248d3733d0e1c955a465

SHA256
702553289a898e26c3a612258be067867c7c408e7cf5dd9988720ca17a17382d

SHA512
19c07c92b1e198d09f56c8726cdec7a459f36ac3f8f664375a9189574b7413dea0e03ac24436703aede7de47c0948e91de712911fa28f2b7d2a69b2981380461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b51f44b8255be6543c9cffff374cb2f6

SHA1
0412ba88f97aacfa533f1ac0fb19e57fc85b4e79

SHA256
a7b73cb394e65e2063f1f21b9444431759708c9dbc408e843404643aafb9f8b8

SHA512
1e75405493c4768d52b42a039cc9f14a8f17177c184443e222d31ce275ab6646d47523f0c5d74040a02086977cfebce9486c7c3f4135a3d46e8269c43e66188c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1480370f3f9800b2c6d0f7c96850f419

SHA1
9250b452dddca4265f710a7b3f4324868f41768f

SHA256
28bea956ed44e51eaa12175fd6886423149f134814399c465c894ba24fa7f611

SHA512
95f68e65dc2660073fb8d9fca08560563b8861d3f8d701569ec396782d9bd5c2414421ab223dba8e4739b478838d6fcc5d1a9e320505021e0784efe716c0153d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
eddcf627521f8fc2a6f7e5a26b05599e

SHA1
f36e54b3f11e0d06d8cefd0574ec81e8eee21f98

SHA256
7b0657ee42161dceea1d91b02b0eef2c56e42929538c91c24d97f04ec940a8ac

SHA512
00bfeed9f2823245d94a7ba0ab2d2becd5d5d23839207cc2dd868c1b3f8a367afdcc853ba537806a46a5f73029b7f0b26adf15ce175561a7df22b314ea5a1cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
97ee6fe31a911dac64d2479259cfce23

SHA1
2a06797575409b9d24a59badf61c9bbd36847e55

SHA256
78ef648819bcb4cd7b063b68b9d580e9197b5d1259f391a7750d9ef6d94dc578

SHA512
c1b59b62173eba0ccaaa34c29961d6f2a34fba3c4cc9261d5ab332aff86f4bdf15c6ebe5ee7c7ad209c4f0c72e8131db036a8090de425d65b19d27522b282f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
906bbb84d4398ad4b350015c7b55460f

SHA1
836827431642753f3629033c1742fa1a681f4163

SHA256
e261a87c543b04c97661e98abfb4b436cbee20a1ea8f3e89a489b7fa9482fc20

SHA512
49ed5ff345e56f524f3411811e0b1f6428244e51d858758c9ca1987d9b9ec36cd6970c7cf9ca5404bbc02be32047035c893c64c15dcef7d23837569216969405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0bc75cf5bda68658368d19e796e7fe0d

SHA1
fa27f2df5abbe9abe45979db19db2744b6c15241

SHA256
acd160ae7043354a03c9e43dd725319fdc404779502e0b95a1341bc112f9743b

SHA512
87aaafbe83d9f3b42438ab4c390d1a068ffd9a94f8bbaf2c3df2b68e39be0920d5e2b9891071cf8b293bf0b5d23c78292c29bf4ef35a72adec9e6a93f310bc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5371baaf3041e782ff691042b8d37e52

SHA1
cb75c5f5a0302d98dbe6853b94b7741e61f98fc0

SHA256
2b9e9a6b05da004f9fce94bc9bcff9994728e1a1548648dde31971e5bce59ed5

SHA512
11a111f6e5aed08301141b69bb0a5117bdc4f5bbc743ca0eb68f45f1d1dc8b5b9a4b2398d2d52c61eaec554cc6464b62ca25ca8535f4074855eed5800d70b219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
623a89d948f42010ff5c79fede5d7f22

SHA1
ae7c65330f98651792367196ce900715142bccf0

SHA256
f15fedb04500eee1eb260d03043bd1c50822044a2b6562c99611359c03d61c04

SHA512
98f8face6d54d0d6cf84a467f5922e2d28daeb640fac04748a7450a211b1131ce9a2e19e124e0adcf176a582f8e5ccae29119766509d59be35b7bad626af66aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
dc5ce8ffdc022e1ed28572607a3c718c

SHA1
d00296127e938b6675cdffdaab952ff3ab49ae39

SHA256
3e0685ce4b4ca0875f91d38a86d3b0594b025da43aff302104a15045978ca14f

SHA512
ee52defcba5f4ab6f57b92ebf93d130c45b4488dac0bf04190f3be646f789bb6a0bd27203146cf2ff4e7daba0c2db5a520d5297150797e620ad2ef4384c8e042

Download Submit