6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
1695s
max time network
1699s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-01-2025 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
2312	msedge.exe
2312	msedge.exe
3148	msedge.exe
3148	msedge.exe
4780	msedge.exe
4780	msedge.exe
2068	msedge.exe
2068	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
3740	msedge.exe
3740	msedge.exe
1764	msedge.exe
1764	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 4556	2312	msedge.exe	77
PID 2312 wrote to memory of 4556	2312	msedge.exe	77
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 4364	2312	msedge.exe	78
PID 2312 wrote to memory of 3492	2312	msedge.exe	79
PID 2312 wrote to memory of 3492	2312	msedge.exe	79
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80
PID 2312 wrote to memory of 3620	2312	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa7493cb8,0x7fffa7493cc8,0x7fffa7493cd8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10460771122128450702,12894373544590286515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa7493cb8,0x7fffa7493cc8,0x7fffa7493cd8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,16964195505874878262,15972452578583712586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa7493cb8,0x7fffa7493cc8,0x7fffa7493cd8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,4776449910823497797,17132457306258962027,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,4776449910823497797,17132457306258962027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
852b3c86a6d00a8d3060b0e512794602

SHA1
587d453d6f65cc18b93d7a337aa8469194cba20a

SHA256
4c284c3b63994d4c70b60f8aee3eb6a30299524a3069fd7a33b163bdef47d8b7

SHA512
5714749c9a80abcda6b4afdc2edd387d486d0011799e19f597a8a40be98cb2af405eecd0d38a39954f772b68508642c3ea51cd97e50222d3d78b68652783d683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ad92cd4f23cb4c9aca348dea2ec6363

SHA1
7ffe3bc242a16d616668c46531ba45b9b8409cdd

SHA256
b4f9094535a0d97ad33d2a82dc9495a90f80f49a8ffc21f579e1713736b73529

SHA512
6d2b711739bfab13daeebac060d6c9b202d572ce2c8901092e6967ced1cac97111d040472db81b30d86fe8279a4433240b6393a832e5bf67a73619fd41187312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
a3481577d5d0a6f8cf419281641b8310

SHA1
3903ceb57c3acbf2beb0261133d0fcd2acd304c1

SHA256
328544cab332e0fd2011dd7905cd0605a944c0a80f48f52b5e784057244d997b

SHA512
c7ded8ccd2a6c8d945be1d941485862a1be239f755e82f20d7b827de8a33f3d7e8fe89ddc6836aafe44e53fb4fff1945fa3eb1190cf7a9b583d1796bf94cd31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
964245d70c1ba857ffcacb6c3f069251

SHA1
563af7340443cd621f28b61012a583610d180511

SHA256
5ec7097c8aa8ad3c00ac20a6ea2cd38d841f4bf3413d0061189edba693090444

SHA512
d0728aef4ccefbe54e8ab22dd48e0257b9300213df54bb1cebdbdfe04cbe6daf710800191375c5d90fc001caa64e11476e3c750da0f8afd5fee2c146600c2942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
70d3865b4ddcda1a36e25f57a332619f

SHA1
dea14ac645cc82c3752753ae388bba412dfc8058

SHA256
228da1f378e68dc262abae28337bd0b37a32cabc5ffc255ab735bee37f7a038f

SHA512
f3b473d280349b84c3e08d9b33daa9f7d48fd01b0b286a349578855749a5e6276ed3c4ef37a1ba006d9bcf6ee41f7177cb6bf6dc1fbaff1929ab879749d03d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c8ea41cdc37e26173cbcdddc90a7979b

SHA1
a78493ec337fad6bb18e83312ee57cfdffed4bd7

SHA256
945e13e128bc05e3e2396678e0845e3cb407f1f06524d77765d6107426243d16

SHA512
d12787d8d0e48b851eff3226e8d92490ed24ce10f264c918022b2b14b0f65156956d4cee878e17dd8f55b3ec5ebbd529d734d83fcf0319858b1dbba38c410d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eab10528bb8af3217fe13f50fe765f0d

SHA1
16c68389b2c946c90e7dddfc7f96fe3040b3b2e3

SHA256
dffd6063ce04ea42f7785d3b1ad8b3b228697dd79e67d706e6968572204d54c1

SHA512
dc0fe2ac875154fc884909cf33277c0915b6c21469b37ad020714ac316dd36c759f194d77b38ce1ea90b4ed292e2a9dbe653e9ee7eda35c7cdcabe140b9f1b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
97e19b61b362a9cabbcefe8abee93bfe

SHA1
92b2e00f0142f7d746203c1a14e89d4afe5e0384

SHA256
fbd931b901577346435d5b54ec5c21de3db730b0d19746f1e708dfc4c72e7e01

SHA512
a1199d06a505b5563797fb395536215db2daa51d219428f5af389f09229401454dcedb57998ab1d3d32efd5eaa6a99876fbd66827b598f6afa41f3df68c6faca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
50a57792856daebda22197c8fbe12937

SHA1
fff68eb02ee71cba318e11948201a123e289c445

SHA256
3e6d96aee696987759cc2e086219988d2aeaeade1503b968bcc9f41ef5a547b5

SHA512
75c7cffb2569d44f087a9f9a1c91aa2a76a9a70f178ae347bbfb1afcf96368e33459de58c88a4d57c7074ca11a366ab5dd12bf4ad1de00860e42c532367e8afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
19718372bfcec9981c7aa5d518245766

SHA1
79120d25947f118e29a9849a4cc474dccb3108b8

SHA256
680486028bbcb626b083b0064abf0ea3f45ef20c72368bd353bda84525f35487

SHA512
25ba108271fb7f00839d5553cd39055fbbac2eccd7a418d829d6494d91790d92b5dfec4b7a5bbf81778ea79cdb6d689aa1ab94de27e91c8cdd1024e11f070b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
72b30e13074c77cd4e5b0de291f0fd67

SHA1
f10056d78e0c908277ca248bbd79692b74c343db

SHA256
7ee6696d7acd3e1924f9d01e6d4339cb71863fc145fbdae9dbb38c7b2a9c6c07

SHA512
8d6a64f09ecf506d811e473c1e315534cbda19cedc299120d389b224b3faf6830ca0c903f8c8884125e6ce33fba8005762080789be5364757bff3f13e584a633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
007d73d727752a8316f3eeabaf8a5543

SHA1
84a844e39144de5e78bd1d61ada7f0f762e02794

SHA256
9efa5c706107f49c7593cfc5878114bd230fd54ed3f7a164940952e98260504f

SHA512
592669ea60f96fe04e33db197f7f5d57cae43b1d91e50923907a53dee1b557445ecf56b46de2c5239470284d49bffb034e4721a565e4885c09d70b5e38612360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
da77edc06da23135cabf7059320181fa

SHA1
f421784056b3a1cf1669c1d3dd00736a721133c7

SHA256
e58e67e786e3dd8af14629e4ac40a817c434832cb83d09472b05beb4a749dc5d

SHA512
0152c1112842079798e0bb7ba83682e9d36a35ad20ff666ce59e8fb5420c7d8af9ed528d1e501eadd69cc8ebcee5e791600c413fbed30a727df637a0d76fefe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
289dec47f1f7c862af131e1ee4dbc284

SHA1
aa42143ed02fb413702dbe923f509aeb510beae8

SHA256
e04dcb6d7e4fea0b21026b5341a5e689b23a0844be56b6607f6e2b1058b9c67d

SHA512
5c33bb17bf640503cbfb453c5140d1da248108545d4341886e06223278a20d496dbfa77fc81ea61baae996a0431c399feb27e5aec02a6cdc3efcec0316253c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1dacca328acbff3b0360142f86bb5f96

SHA1
31fe9cf54d1a0432d9b2347706370735fbcd4b3c

SHA256
1cdd58041aad1a5bea0dba527fb4dc9118d833b8e73fc5c12d09ae4ac7fe95b4

SHA512
983dc8ca7481dfef38fbe59149862f9f53bd56d49df8086e46b447fe48a815152deeb7c4110522f3a30ea1dc343526dfe9748229a4a5cf7272a36ed13182c927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4def056ae4017114b248dc1e5de35eaf

SHA1
4d88279d9c9c442e07bd1b6f84170c4dc2181884

SHA256
bfe27501d75bee385297470d7486f248110724e672934526b9d9a33dac821774

SHA512
fd77c49057f174ecb62518a9315cf117e345bd8582cb5de8e9843249947284b8d9d7fe4a36c28089bdbd5ae8da5d7efea781bfd3cd0e11be85ca2857402ba9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7274c64db813015cf3c89be45652d28

SHA1
460af294334625a5c2b7fb7a80d2967ef5e4dfaf

SHA256
4cf5a063233826898e945ca2ebe700acbbb02fefb89851eafc2f189e0bc229fb

SHA512
595300b6d0591686537e453926e077ef314491fd10c1b812498db0e644581b8d941082e9b0d0255f1d45634ad24d7711a66da3a73afda5a5b6d8293a34411fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9e98df9fb53f82f99b7c6d23f62537e

SHA1
6f9839f74e6848af5ac28c414357c878957ae078

SHA256
ea5b62bf1c9b863ee6b07f4e565d65deb6b87ffa0c06aee3be6ce31421d855da

SHA512
206b30db728b0ff5f862e96c3e2c2167d09fbaf29d7cef3bad1e39741fa440d2d1c94bc0bd3087c66958249b0ae132c684c3afafe764d1f9d96569c6811e9dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
252ec5469aaf9c5e9fba22bbf765d4b0

SHA1
45513a07ca650853fb7d98a411ac6d64b8425f97

SHA256
0c51b62f1e2b9b74b023a94960cb3e1e93606e82b26b0febe0e4233d03892400

SHA512
9452be3d9b06cafafd76002d563d9aee39eebee39924c68cee3fe78827c54f4d6c21d97188311d90274fe4f344a0c2082328fd0abc47901ab8a956c633d1db1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9d87f95f0e18cc60a485cbb06294512

SHA1
50c7aa2c1e2af66b126ec5addfd3add35d777c6a

SHA256
34ea8c518f4037a82bab49ab1561810f1f3fc0ca029335d814bb6ff89e54f484

SHA512
f36ff6c2956fd17037cf42a95c7d0b25324396a9450da2297eb813e11111b924b2d54e976af1afa0dcb18799ffc73de2f21ea11e12ec800fba35291c262b2ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
da1aaa0afb738736588e4e3d44f42ad5

SHA1
07203ef816db72ca4f6debbe1fcbc68eeee0b4d1

SHA256
dee57e2fa7a18bdae7032138f3b105fd7bda106f0b57e6e82593d6744eb81bcc

SHA512
f2809b98c603323a66c768fbf38ec1f17a7dfb21d2654f5766b8e5e1d30f2e9cae6eef7b229a09a3150b3cc2632884bde5b2eef9bd33cabd7a4cddf57740f655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13382056870166787

Filesize
1KB

MD5
ceccc95c782c6dd10596ca3ce3d49275

SHA1
73898cc7d0e5351bd8e1044aa37346aa425c7cc7

SHA256
86bcd557cf545d9264ea95ce89a81f6990e30cac87c149b9b9e775d050353ece

SHA512
61160f032ed9681620da1733b8cd37bfefc4df09acbd654466b8b6bb449684370f3795f7e64fb913ef6f74c60ba099dca955ac2f94ec51fa0f0cc06075044dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382056870298787

Filesize
1KB

MD5
27ed92eb1ab232f2aecc2cc1227e8183

SHA1
8aa1a59d655705483b5e406c7fe2a864e5868079

SHA256
062250100c2a36aa59d25d42a72a0c27149ab70bff2f8e0542b036ded615f5bc

SHA512
bec52e4dd4cd038694fb5ea01969a76f263ff79171ef700019d97345251940954486d72374a9fe9e52d3921c8d690ddd424a8caf28bbd75909f2c02d5d6e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1c408425445b7bf9c89f2437ce12c71f

SHA1
c58171d0eb615459da9abfb8d06a97713ed38e40

SHA256
c83ebeadf9cab90984850ca809fb6e3a9c1a42b611c2ff83a83b19774a50c310

SHA512
04bfb4dfed501ce3ae7c63b9ffc415503f682c4f74703b91ba793271d9d943a1d01c0e428555a1e559a9d44ddfc7b3b820da61a9b73beb7ab229e312c0322e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
af6574330f122e58aac495795911795b

SHA1
3b2a7c8538c90842fc844d90c0abd0eda83d7d41

SHA256
fa9865eb3cd2b32238b66d9c45570f23de6287159a2b5ca47af4b21bf03e88a8

SHA512
6155b37eea384c3e7e1432d584a0877f5404c9876efcdf78b4461dccd0224861ac4f08d88bca3e5771f3224c0fd3582d27d1782b0e88b56fc87596ac86c5f0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d85f6d108c43950c44d5fa7529f40127

SHA1
7c31231b9a8f85b89f37f6221b233246934450bf

SHA256
f44534aecc087e4e43c4c8bf360e968cc18afa4055592a5a357c4ce7d60a8255

SHA512
986cf5074b9b0e937bbd07619fce4b51fa2721a1b748146c8dc376ac21f5bce97a3aa0bb6cd06b6fc8b2253e0ba847723c7de2748d70b4b6098b1db28220985b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585b4a.TMP

Filesize
1KB

MD5
6ec87e09eca48abee8bde6115e03c367

SHA1
9a2a57d0db126204ecff72354ee1a8fc092b6d9b

SHA256
cfb0f70f3c40a1a76902d3e7674af5329050b2c7157a048a3183ec9a1d4b1a23

SHA512
e2308be75e9ec91734b534800c240809836e5f7a4b1f48dd433f89037d39143b896129697b077b02939b1878b1768aa2e80cea13437e0836eb15c261293a62fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
bf3a8701c4feb44d3d275216a8a72915

SHA1
219ddc3100831f99b37bb9a701fd6c803c3af18c

SHA256
bfb7bec532ce0198c2bd26f5a169a0f4cce3277003e8e5173f5af449074e107b

SHA512
725f5c8244a412722253b7e261b3a2999e0549bff838c6f25ca5003163966bae13660dc0e336cb5bce3234000c61c96db372ecbca8d113bcf8c0541d66116a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f682a4f49c76a688beb3220e3dae656f

SHA1
2d8ed87d2d01bdd6b94ecbe85a23a2aa9615c6dd

SHA256
b9df5e7b19667d976cdc12828a3941abaef111a28fc9e259aee36a488b5e4580

SHA512
728c0bc45c2ee84819c146177d5fd55e660ebaa94c6ad9a50fc816f3567bfb55c22bad621e87892b036116d1c8d3728b551a13e7285b35f0ff3354fbc9d7f51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
24dbecb1a6b2d96475611490228aae26

SHA1
1ff64cde1ba2cb12f809369b0f82ed45ec016d98

SHA256
a3a47930498e36ae606ed3dbc7ed6fa2fcb5dae0d04f2991d0b3bc88924af524

SHA512
8013671a702fe15f77e638e89da107ba70ce0b2db90b7d433a2c969f64f931d9ee1b1054fb45e8e6b23ac626a1ef6901c1f51767c4db4540dc41a4784d41c92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
97f749ca6112d4277de6649753d4d763

SHA1
cef62cf40b3a0b20c2ecf938e656bd8906eeabbe

SHA256
d9119b86961ff5cdfcc87c0652460025439fe229c8da19e75e1df8ea894d61fc

SHA512
b48458eab547ac40c01fcff80415b0dfb06482c2a86143d31ffab96721f438b4741c1fa406b5e42039e966f18abd452af19dcf87868173602455c34901c4decc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a4943662af44391cb29f7f0be2695314

SHA1
ac2722b8dddc4d341d26dc5740dd43ac2ff23250

SHA256
ee21478735a291e6a34d5ec94eb28b08251a29be46cc20cba92863e53a5e82ec

SHA512
fb62e42db7b2e8d7868ebe8d94e4a6fbc0b8a9ef101511f76f72233ddceeeeafec6a3112ff48547a0b26aff8f4fb9ec85adfb5c2e37623006dcab796a680c532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8d96a49a3598ef6fef04625dd46da1f8

SHA1
d18017eeb1503d135955b607a8e704d4de4715a0

SHA256
8e009117b9ba42d27aeda154d869410ef6b9605defc5be35eb3c199699b56020

SHA512
61c1a2a025e82cf1690a3402d0d845bd18a93d5398c7e107561c6032e5294162a942932c053837a8c2e4ed589997326e27aa5b03b8b64160dd611805878b91ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e4475ae008cd61ecf45332c0b65d49fd

SHA1
76dd3123d5d739fcaf796877e7a07fb2e31f5c6d

SHA256
3c4acf9c832bc179fb109698306df02cf3fc8ee826672e8fc7ac25bc3db0c0af

SHA512
aa622091d031c2e875d9632bf457fc88a786f8bfa5c9756236d470ea079d753ab5d8b364cc135932762705283e00ab1d64939801c07113278369ec1d36b8f6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75f334fac781c93a34deda56a3679f6f

SHA1
591e18a4849a9313d68640397b65e25aa84e8291

SHA256
ed01ce0fe2efad41ee7438202a0607b1cfa434d78b310b0eb5b2105aeb0dbe4f

SHA512
cd3687e69de4b2a42ca4020ae7256e7ad01659a3c263c548660910b2da533c68870f27503cfcdb3dcc3c52eb07c6e31ab6df244e9ec4a39ca4e6f88268046723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1cec619bb72b1bbf50d5d6f6bb5d7fe

SHA1
95db457a526f6f65e23f3e239a6fc64f3f12b0c6

SHA256
fa5527c8e14db4b17078307b19a82e5bd37ef910d210ffab17d769e3a526ec93

SHA512
63dc7be8740ae7cb49a5b593c343bf49eb47ce8eb72f778d1e1a1a9821231adad6676c0dde5a9577d3436f7b5ac1c1c7206bd8017f69866cc56d289d91b79042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
72bcccf1a0de0ca24d2bf64ba2293b10

SHA1
212569aae4f942ca8157b3c9a94bbe430c0d0f2d

SHA256
7a49ec3b372be652fd80ab64821c7da7b596cb26964696f82a7456452984f311

SHA512
0be2e06cb49f9da302b5e4759889d6806db1d2b826d31c3411684dd24f10f1bb102e4c0ce4feda81b5e8078a14c13bc01571c551d6dae5da8084dbd38862dc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
c799fe5373a8e4d852c30c1060c23fa0

SHA1
17efdfec77784b8ed17c8c5f457feeb62947d21d

SHA256
ddd5e6a79a8bc95b55a4cbe49953e769afc558dba42759bad3cc2df1b1769915

SHA512
4add2b06187c6ac6bc47ced6c1a4f67ce26e944cec5282afe1ade6984f531079c2b0eec1a8b28b4a961c56ee6d5bc1713f92f086c9897e7dd757f7f1eca12dda

Download Submit