hxxps://pinkmedia[.]o18[.]click/c?o=21356743&m=2079&a=157764&aff_click_id=499c0dab7fe9d67b58a1471b0c1c12cf&sub_aff_id=17551592

Resubmissions

15-01-2025 20:48

250115-zlj2asvjbz 10

15-01-2025 20:47

250115-zktjcavjas 4

15-01-2025 20:43

250115-zhyehstrcy 8

Analysis

max time kernel
58s
max time network
58s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
15-01-2025 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pinkmedia.o18.click/c?o=21356743&m=2079&a=157764&aff_click_id=499c0dab7fe9d67b58a1471b0c1c12cf&sub_aff_id=17551592

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4cfd5f46-c069-4d7d-a80d-bedf03c62d54.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250115204714.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
2352	msedge.exe
2352	msedge.exe
2064	identity_helper.exe
2064	identity_helper.exe
1308	mspaint.exe
1308	mspaint.exe
4648	msedge.exe
4648	msedge.exe
3956	msedge.exe
3956	msedge.exe
2744	identity_helper.exe
2744	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1308	mspaint.exe
1308	mspaint.exe
1308	mspaint.exe
1308	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 4704	2352	msedge.exe	80
PID 2352 wrote to memory of 4704	2352	msedge.exe	80
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 392	2352	msedge.exe	81
PID 2352 wrote to memory of 4196	2352	msedge.exe	82
PID 2352 wrote to memory of 4196	2352	msedge.exe	82
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83
PID 2352 wrote to memory of 3096	2352	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pinkmedia.o18.click/c?o=21356743&m=2079&a=157764&aff_click_id=499c0dab7fe9d67b58a1471b0c1c12cf&sub_aff_id=17551592
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd534046f8,0x7ffd53404708,0x7ffd53404718
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b9075460,0x7ff6b9075470,0x7ff6b9075480
    3⤵
    PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16987214046668164039,909192950843026593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\OpenCheckpoint.png"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\AddSave.mht
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x14c,0x114,0x7ffd534046f8,0x7ffd53404708,0x7ffd53404718
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2011684620652611542,232133600515633928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78789c91e16d10f550331b6172ea4751

SHA1
aee25d6d200d75e8a0f753f888d19545278999c6

SHA256
b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24

SHA512
ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c8291b39b8a1ad15fdcbab5adec0e13b

SHA1
b49166de523962be4206c0fa79e50c891d299976

SHA256
1d163b3072151f3d999ef02e4650d3326f292fcf418777be50954bc88b290044

SHA512
363dd77628689ef6e100365e4af75a41ab572e174fe37cc984aa36c613a0b8a5879fd005b8677cc798f44efa0ebf7c9917b63ec4463c324d9330039fc12f94d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
20ce33649b0aa2e62230849d9203743c

SHA1
0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561

SHA256
482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c

SHA512
332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8cbba4651ceb93ddbae1122fe7009a8

SHA1
8ac474a3feab1898c837d8de696e00964372b6b3

SHA256
aa176a3719f3136f8c8e811ab5b1c95ea1b8df4ceab2536e87785448a9b0e9f4

SHA512
b3beb2aa905b8310b9ebd6909cb695652cc93ff7063602d3d1620fe453ad8948c15e2d4c1f480f43573d117fed26dc10d0c49b5c04ae89a19485fb95229e4dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2609deb0f5e516ace9ac906f9c506146

SHA1
a5b61f5e00ce6cf1021894061a464815090ca45f

SHA256
4680f669d62fd29b0dbafbdf3e84b27ad319e45430f9d3f7fa7eddced68c05c5

SHA512
c7b8595c4dd3aec44463cf2c35df89e7f54f75c71531668c64f2a098f906557121648f12c10a1fdb8d76b2f8815d61876c8fe54881d9c66897d7f3ba65ea5b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
30a13b0d8928348cc04cf52a12e4732b

SHA1
0c67e8f35e38f199e9e1a1cf8150107e695e09b4

SHA256
39e0dbf22f3e9fa59778a1c9c79541e6c480372cd4c8c36c9653c60f9ccbf261

SHA512
bb53e6ecca43d5f01c8c1e7b0caf80df8150bcc8821e605d6410a38f9cefe0b4f5fffe8fa76c4b488403a60d92387d910144e76196af25ba2b61af79e6f23bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
414321678a2f853d436d947744c80d85

SHA1
386520eeee7f7401da4357c33e136e1e2f9fb503

SHA256
d6af39e0febd2d90cb31da7f621b09a2917e109963bf22b73669b07e6fbdec92

SHA512
ee18c09c68ae2d485b238d04b452f303454e297ace4758ccf875d06ea03df3d5d20de3410ee44812f264a87d57b3813ac36348eece395855d90a27a56900c92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
43c8d354ffb14e8a166a496a0eef0385

SHA1
34e7d3ceba4caa5ee2cb5d4f2cd5a0f76fa18604

SHA256
d8eda4de34de36939087506a54338274e8051d84019a99aad0ac1698d1fc85ab

SHA512
f5879d251995ec800a8dc885208cd46d9a635c357dceb01b36bf361f2c5d6e4276e67168a0b99a0b70079f678cda611b02323bbf7d4a2602ccfbe598bd9a12bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
bdd509356a0f24a050c0c45637ed725c

SHA1
6d42ae394902199b13a2a85ecefeb264a1e13de5

SHA256
20b148736429e180ae651ff89d6e6bf80f021c56a9614e628bf9ecafe3573f5a

SHA512
b5dc0fd05e924e2bfa405199b42491d7f64e9559b32cf4c72e06dd09af0fc0b57ffaf351afd0834c280063f72b167ab794b4d9cd19b34b3762ba70fb3922dbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
d6d9e2602e3211fcc0cb757f68f8487c

SHA1
5362c894ff7af1495559da4c5921d992e854cf83

SHA256
74ae82b199df9b07ea1969e610774f1e39f4f8742e3dcd16e2a41ab77c9e6637

SHA512
18c0ea1e0df97a9ae1afd1e0c6d7ff09fdd54e330a607984c2ced347fcc1843553bf1e4faec62a9f331be63291c4f195c9cbc4177c13978a945cbb0f5d5dad69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5c7fa50f32c13c10284bdb4fe6cb1b45

SHA1
b8590577f861d70ea83b326af13f75319c39577c

SHA256
035936f61734f1b878e782ea687b3a5723ab125524e5ce86d475cc3480cd87b4

SHA512
6967b80bca6cbfb6c04e5b66c4728beaa770fa6e42b2b3ccc34e0b8ff4b9ab61ededf9eb18aeb60fa4cbf9a7af61518d8876a07fb070fef06d2a845339562358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57fafa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92e6483369891d9da35c715c838f41e1

SHA1
77e1dffac288c27a24e1f8a7e49caf5ac07d1ec8

SHA256
71cd1bc7c62933e5eacf2a92dbaed8ba433852145a499a860c0cbf72da4cefa4

SHA512
9dff4f498abb4adeadf76ce4ef49b04f8780f626b4a64c4ce3501c834e6b03654fcdbce920ea540ec100286aa28e565436d13ebee5337cd8b270ae3407e0960a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
275437e776d1d97c948afeb3549ce6fd

SHA1
32d7c771420fa001e68411aac9406fff302bc540

SHA256
3240355ce0b7813625f1e8f12e6059d02bd41da2e7f6cc841e0a4cea903d3fe4

SHA512
006bbaf0d6ca190b01449608bfc90a8e81e4b689d1e67afdd2f4b53a37a4d63a59273aac504fc43960314524f6291d206c190f62743e7010eb84f74887b9989a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4718843517d631eb224db0797849871d

SHA1
e5afa2546032f5d6fd620716d4693dc58a5704ff

SHA256
17ab6381c0a7a50e269dd39f2ce5ec8d39744432f3d0acfec9c4cd2db8712a4c

SHA512
761e343b84f1f0379e0e303110af66736b8d227766da1510b05333a0d295b5dd7e3bb7c2a6b508e7123fdbe28723a0664a24f105d09307bc5d6b020fad8ee466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58895a1e97a1c9058d227d1d091c18f0

SHA1
ae2ffbc0cf2eddd04eb83cbcf610353b833e5116

SHA256
4ebaac3e94725fa170dce3a19c2a68833d6740339b6259f583bb7531c7657046

SHA512
2735ba90e806d2be051de76886ace97dd63938eb5844954d29ac3618d4d977e7c174651c4281ceb9b4f6c9cfd66eaeedb7edf3dfb338fd90b465d0355570a8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
185080eb3d5b0a66db58e0095f8c331f

SHA1
bff8dcc035b163b0c9ec6e4407733b86affef965

SHA256
113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331

SHA512
75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bdb9c70863cf1ffbddcb6814aba83c7d

SHA1
c4bf4a635db75cef24d82238400810e3da7746e2

SHA256
3c11a1619eabcd8ae8cb0034501ec1bba652a40d6f79682ea0682d296587220d

SHA512
8d02d22a62c87efe9735340e14d9dab4676612e0866be8577718fbbde30494f2175e9a4a65b4199e4b2c27e8387e13b541597485e0c4818cd52f9678582a4618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
760B

MD5
47ec7ef14abf835c41181016e8823d9b

SHA1
2806f5e35da50b97bbc601375343a5a06d44aa18

SHA256
b5a2606502b6faf7975568edecb5e0e05cf9363c7aa100a1f4d43f0496501ab5

SHA512
c49626bda4c79540263dddf1b74c86c98e927fdc2736d7f6f4bbdb8abce4cbbf20b0360afe36c91adffc9aee584c168d808e35ffbc4ef97ce54a36d595572656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
293B

MD5
30af0cd4b29e52b62d7b353e1a6b0363

SHA1
d6c64e22e915ed10eb490ce953df40bc03096721

SHA256
b09505648df3ac7ea1d633a46438af6cb2cbe7bcaa2ce82bfee5227263799ac9

SHA512
7599293eb8825cbf07ae4fa9aa1452df9af8eb43303974add433aac4f4420476e7bbad9e6e87341e8a325d7ce4d1ee21ed3a3c24320bf2aa2f7cb408dcc72be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9971a5d2251f47170a76baf08ccd5e22

SHA1
cdb090ee39dc247ebd6f94590eaf7190bd9e9433

SHA256
04766bcf646c33d3c16bddaa897b41f00b14434ddfc2972bd01a46e88389c087

SHA512
6f1024f1c68963f334d9b73f6dcf6b6641d2984b6dded59d5ff2acd8e722c94b1d27a86604626d4c01e026562de6adccf810f70f6bec9c6c78abe5713c66c5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57faac.TMP

Filesize
48B

MD5
a3b1fdd33b0562ea207f1d7889d0c66b

SHA1
f4736f59f02764d418e76dfccdd31ef84817f672

SHA256
4a310a1f61552a29f31189f2bb876dc727dcd62f8b696d198f53076591bde59c

SHA512
22cc357a9249f87f47da1df19dbe32e74bf4fe6132f7f74173e4059957a1061ba3b6d017cf6e2abd3f554c66ee9046b305b5c6efbc503694cdd8ea1dd68ef853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
d0a7101f00de3b7a4aa78a24eedaa2ec

SHA1
a71e58ceb9429438ffc4d97ac15c4aa17b8b5d6d

SHA256
6988d2aeba9c8aab0fc07a5f210d95e386d72120f3cfdfefe413d4035e92fdff

SHA512
551d41f523d6769d5eb07d85b400f3b30d897d4cb6ee089cef61a10896387b2834da9616e0c0eaa8a3ad529a7894ca3bd9c1dc78880fdb2b3a45a52192ceba49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381447640805890

Filesize
2KB

MD5
7a041445f820bb2129b8d6cc5d05de53

SHA1
ea625556810b9566f2d4d477cc7dfb55536e61b5

SHA256
1ad3f89730ab07c50d6dc78f2af15f9e850ab564a8712d329477434e1c8b4f7d

SHA512
f8238a6585dc00046a0be949bf28ff526b012e0be030060311e67362485a05ed9a5e7c1c8e59b6615b99135ef4e7a72aea4d5aaf3217048ec3ce0057ad719718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
c0e41ddb74bf94591e75f802761518d7

SHA1
976b64e0fa877250082e7dadb5195986f13a94f5

SHA256
b024a63f2ed0e2b19600ee15b4cd43de322ec73a3b552acf0b52b80ae23470e5

SHA512
70fb498cbc827785861f6f0a599956eb151ace9c7cf5a240a60c50761d3a68767fb6a70e0cf87f56193c912aef400a3209511f98c434edb17a84b41dc111a438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
296d7a6fc7eed0faa541d95c4fa572a2

SHA1
fae0bba0e7b5496ef3dff865fe30394e8bf4c3da

SHA256
f102c62f4e43d4cb198ba863da8501588f1f4c6add033c27d4ce241228ed0ff1

SHA512
8b15daaebb14cd30dc1572af2399547308484e17400676d41a41d40dd22abb82520dfc846b8ef234f5da69b3c6df50eb9dc3e55abdfb380950feb2e8629a291d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9784d11e3b31ef6b1ae586098b8231fe

SHA1
4a14f53b9d61bae50f045d5fdf403703484198ce

SHA256
01b9bfcd5885e157add1d67d87506a583ebd920a1b4d157e56c09d9ba46b286e

SHA512
acab3d05d5838073fd78c4530bc2709ee04888fe761eec0d8d3e78db0ad242919130da7f23fd9d6b90ee76eff6c200b045d1451b17d91bf6edd6718914d52fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d87c0f944583b3d3a9a9e5d745a00be5

SHA1
137b4e379fbc0e3d618ad1c141ec0d483324e8c0

SHA256
5a2bec5ccfb691d0f366a5770b4ff6f85304e75079538468e7436af8c8acde77

SHA512
9398e0ccf820eb714bb5dc41d90fef1fbe5fa5350d356113e9f792a9b8c91fd5cfd9d41e0953041b7b9a6c6a95c502fffcc460805ac30d2c465d24daffe62932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea892ea9-49d3-4a93-9ec0-3839c05a4c0d.tmp

Filesize
5KB

MD5
5db82c25a7c206b6e11f91274ddd85ed

SHA1
24a8dfc7bd8fb8231118cf6e1bb1b69541e71118

SHA256
f146f3931a794b037fdd2d7e423a938093ccdc35a5fcf7d212c02a8a89d605e4

SHA512
5a8ea9f172ca6c9242f66a65c5aff984198b91d288d07c995659a170bf148d28d9c6b54233f0ba4f88cfa6e5ae4e040ddbc537af1c7bf165c98e894a39876ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f730871750ad3396d672384a581bdace

SHA1
19f35780b547639e1629ee6b4963e307790f175d

SHA256
6912e3b39f1b9c4ebbea3ddbc82c5a7b94f203afab118aee1116b05826b788c8

SHA512
6df79c38dc9c43b08222b00e34b20297dc2f3b4f6a8c67d3bf1bd65d177f07f1e702070361b879d4c51bb1cda5cd81693c3a3cc8463daf67a240992cf9f8dac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
b2ced584678a3c171fa98db19b9d2447

SHA1
92e374fd0908c232737b954adbbe2a084aeda68b

SHA256
74727e3d06fe095a0cf8e92fca4b65bfd74f8f13c9ce0219457d37fa818bc455

SHA512
d19f67efe0a9b3c9b5bd3c7953e10c18510933f2ca819e9cd695eea0681b9422a2eb18c0ea46ee3333545d30456d81f555402d0bd0001e248c79775a2b592ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
281B

MD5
3ac7a5476d1f2f203681c5a70c4f2f58

SHA1
8313c7027d18fb1e5a2bda6d497ea9633656735b

SHA256
259b1ca10564016bba70c0ffa9caf8dd632252bd131e485ae87f341d65e9675c

SHA512
ac09d1bb1fd0717dcd238abfb6dfeeadbd986b888af09e4bbf4dfc0fc63887a2be9c15c0fd2568b560c523d4b89549be2ffbbd91bd139c28eebf83601481e575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
54b32a7197f0aca9201affeed058879d

SHA1
d1c3836293b344212f510ed1dceda34ca7a676d5

SHA256
c26cf0a31d8098a709cb2f020e0f74a9de9fb5f099e04ee424ed45ba991e8644

SHA512
cf736bad9ed16e189ae2b84f6068307c5831055a6f92918aca573ccbbe99f031ce86c4863d3bc041e23e4c6a9e9d77c99483455fc6855d1fa2955d6d07702833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
299B

MD5
76b23502553ac8d6592303b905a016ab

SHA1
0f063a43617bacfa268efd0f66f2c04f4cfc7223

SHA256
6d88edc2c104ceb0b1401907c729c9263e5cd502b69e7ff54b705bcc4f672961

SHA512
4c28cbbf25eff3beb9366ad65ca964f8b9a5e37ac259220f63efdfb96ba941ae85bf7517e145cf8e00ecee390f8bf2993a6246f95e92dcedf01d57e96140017f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
163e30f3f20ef5bc2f7b4df3645877b6

SHA1
75e47de99334bba14df9460ae32e7520ffd4ddc0

SHA256
e4e6fabc32e5d9b92c362301d7ac8e6f850dba3953a31eef741d1780be6b6c11

SHA512
71280d34f1a983a95b281645e558813ff84c6ddd2fcdf1763526ef91c485fe1c59f718a794040609084719faf488bd76ca1dcb1708f118b8ed19d6e0f9510de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
c8bca6da22e0bd4dce190eabecc856e4

SHA1
d7e3085a8fa4cfe1fb40dc468d56146f239ff86f

SHA256
59c0155638fb141553e7259364886d12af80ce98d0cfbe2a434b66c2214e1df0

SHA512
8459d591f5439a9f4d492525f43eef7a569498b8350e1477503bd71f18aa58665ea04ecd57e011a659cb31f612517ef65d2c9c10e55e3dbe34e37c9ad854f220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1540c259e9976c884df9259a4fa54689

SHA1
06bd175fb98a0a6a2f3b370cb6a919dc90bd5638

SHA256
67f6d2498a61f79fd4ed8ec773cebbe42e1dad69883fd2bfc431633fc2af7bce

SHA512
b5d575693aaac74cecec80c36e964f290e638a1ec02a7218116044567646cbb43c5f9097fc5dd0ce666a6c2c91fcba3aa8a514a9c1c88a170c623d005967b598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
488a24e528111d3497469caa9de05ffb

SHA1
06ccddaa23b311fd99ff6a0e6ed77f30ecd38a05

SHA256
87183bd408f4720006f7e809b287a97841cb56c215b7b6b774814a007c77d67a

SHA512
60ab52b0652a684d4953eedcd86505e3cd69c9b3d7d3f3ff4d0eb83d58ec81a19864b855657d0457e3b8c94e7889737118c49d1192cd462201660889c728568b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fe1cf8bc26b8773f480e7d4f5cfa7066

SHA1
adc2fd4d1d1f0b4d717668015be998944966541f

SHA256
41f32d49561f36e86fb9aedc4d3b578f2281a27a637e13ca18f1d6ef168866f0

SHA512
58955ec3e8159add727d0affc55c72f0ecd3a58f48d247974dc6bf311311183ef49e77871e7ce3e78990105c72b9f7d48baa3b551ebed2a5fb14419258e12fe6

Download Submit