9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1

Resubmissions

01-07-2024 06:05

240701-gs7rts1ekm 8

01-07-2024 06:02

01-07-2024 05:57

01-07-2024 05:47

01-07-2024 05:44

01-07-2024 05:39

Analysis

max time kernel
126s
max time network
129s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

494KB
MD5

90570683931d5f8a2ad2eac54d7ec9b4
SHA1

2e04b4ffa1ffafac3b5424bf6c59d0eefee13858
SHA256

9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1
SHA512

08cb12405bee74256212037938c3a367add8d6067c326fc154d2b6d9128254f817fff9e61672d67d4d6f4f37b78df6209b94f71c69f53abbf9db59bf0e36ec2c
SSDEEP

6144:lZHU5+U52U5ZU58U5ZU5BU59U5qU58U5Rb2:l5UAUsUbUGU3UnU3UIUCU3b2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4000	msedge.exe
4000	msedge.exe
5076	msedge.exe
5076	msedge.exe
1224	msedge.exe
1224	msedge.exe
3576	identity_helper.exe
3576	identity_helper.exe
1232	msedge.exe
1232	msedge.exe
4020	msedge.exe
4020	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5076 wrote to memory of 4760	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4760	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5044	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4000	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 4000	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe
PID 5076 wrote to memory of 5012	5076	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd156c3cb8,0x7ffd156c3cc8,0x7ffd156c3cd8
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
2⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
2⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3082321484386356616,7295972517324783782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
2⤵
PID:644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd156c3cb8,0x7ffd156c3cc8,0x7ffd156c3cd8
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
2⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,14984969194879507956,1151330234258439211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fdede74f2de03b7255379e4bc671373e

SHA1
02cd96196233066ff4256737b2b17c021503647a

SHA256
22c12608f11bb39f06d1db0e9a5b70ab8b4ec151e27738453fcdab4c3cba86a9

SHA512
45967c83508caacbf52e1ac62656ef3093749c92cbf50529429062464a055202d187c42c4c1404ad93f150c3be37b520b36cc57a4032c5c812a82c5e139d04ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
d031f77161ab31f4f7d67598e741d060

SHA1
1bc3164f5e91ff3f8b9790d494b61d301ca0ab97

SHA256
80f9c2506f35b7183f0e7c5a2e3f6173487773187c264578afd60e4e1f27c217

SHA512
cd3ce96b6a519a3da0d1b6d423a0184fa619764825bc1de16e29b241fde6c5920d5fe85255b30431637ecdbb7ad3d4832c24163a01214f8f318ca2a7241b4c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
8b3b518b678163453b70de0b61e935be

SHA1
942d49f78fdcb5053f2b289d518780ab25c6c813

SHA256
ee6a3823c72205fa2a8e8d53516682398a8ba40fef6cd97760d723ec5d8e159f

SHA512
8bf1855bcc8131c0ecaace603cce9ff4a136d6e5494a34431a23fb1fb75d8b9baea663c0704e51318a5c5cfb98840b295057a116f4dba8a5aa6225690157ea47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
53d4740abdfb5d9f81699c6592a0c911

SHA1
9e73a6f2f2c52be1606840cd72719eefab7d30fc

SHA256
0e3722fbdea2397089d460888245ef4006c45c5163d773d2534cbcd9ba842b8f

SHA512
ad9823575cf342185a2100633447bdfefb7429aae3962adfb1be767bd952ba854a03f79c425e9aed8babad541d83c4b36cffb40c5c2dce8fda8a0441e1ea6626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
c3aba6ae5ac1f9cb8d129e0053337a89

SHA1
bdf6b6a67106aca679b05115daa7dbc7052dbfd2

SHA256
1e19dcd76f21ce236732d03dc8601de6429a823ab6d31d3520600f9744a95384

SHA512
6700f9dad69b9f84b1a213605a2d328807fca1a8b16d9f68c9fe94cc40ed6cca91c803247dd5e5538f090c69a163b2d15713c161cddf22c736cd73208661c16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
53149a4caf69acf1f8ee0dff11d3d50d

SHA1
28967a9bb289870acf2ab6cc6a4f6d4d115ae615

SHA256
8a7f1a2e4a9b495415ac7d58a146584207820a3363841db31d8b849fba56d382

SHA512
b73bd90c0783c305fd4bd144db1914f5e0c15fb16ee5e7532064f9cb6c1e7fab3452730977c0bebdf78c42f602beb7708d1592611b93366ad1faa6a6f7858d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
599B

MD5
c05b03cbd50b8632eeae2425cacb724b

SHA1
56abac5389db298719227ee181b7509e15d30a29

SHA256
4af1c3568035ece8b20eef88076d4b4a29493580c4dc70c587e2167b2d95281f

SHA512
5d07ff6f2fd49ad94c8e2715f4ec4c5a36324552487588c79c47aa5ee8f638a7db919139adf8f854d7e482c65ac7f17123d9a0c6d32cf9f6e84499def639624b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
8360ca9a6607b0031b7c204f866aa243

SHA1
f5cf9af3c4597a0ae9a6cce9cb558b07bf335d34

SHA256
7c64e03dec9c48cd6cb84f55e527947509ee3e95b577b1e7c97af609243aa14a

SHA512
aca18931966befbb8716f018fee2f3c6e6723f7316b21de4efff3cfab42bb1ca7122bf1b68ce48225e3dc1caf85ac6bce84ff376e9e07ab8bd91b0525f8f3cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
fb5d8a3e00128b1e778629e2771a8011

SHA1
57b49f53164c224e49ee3cef7ee28bf742c70c3a

SHA256
d646dd578ab6a41be2f13a53f392cf0c25ec92ff3ab949727b0db66c4608c046

SHA512
5124a8783fe677725673473853950bcf814a014bb695d8bd2a0712fedfdf4007cf479f662eb97fcbf136117b901d7dedf817a88f2f177623e7646f11c638d598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
Filesize
516B

MD5
14343f964e39bad4d5002a2e6229a51e

SHA1
e6fc624dfb59a949d9bc2dbdefe718f6c20ab7df

SHA256
b1ce2e8959c3d1c1102e696a0535457678ad08d7a175b64d1b6af27c12b58672

SHA512
2b712202bdf9c78ecd39265e52dc9f0adfe8b385835d336c70596768163b42c45f4fb32ad43d746ac166a5c57af9edfd38585593b20f2e43a14a44065eab4639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1787bb260746e7dbb82b1c80dddefba4

SHA1
6ccce0c7645ace6aacf6392afbe4038194c6e28a

SHA256
f558ff97b2dd66dc5a6eb0bd2113ec51085a6fc897322e63cc82dc2284f74613

SHA512
762b964bbb7fc8ee65bcf87b5f19da16d7f4b4a1743cbcbb487e93d91bbedc8adbe55354eef94b22fbaa50ee672d9dbb23e3549f4e7cfd277860ff6ea8153027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7b60306656f7a80335814e5c10cebba8

SHA1
e10c585c23a6d8062c958126bbdd35f1c156260f

SHA256
809d0eeae8e4b455176742a46b887352b82e737abde588bc4f42613f2e4938ac

SHA512
8672b9eda6a51e946b901c27a8439eaed8a523f6f8f6f8ff5fa2e779c1a5661c43d3999b5d887c1939a7e86bcfb0d20c4137f979ede17f0c836c51898617cf7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0e3e5f605b8a6a084fa0353fe6b3fed1

SHA1
c9d96fcd866fb6de677d68132453c7a4a9b4af7f

SHA256
5a47f2efde68358003e8aeb2e4f3e13a074b30b0a10912d3c02c67ac13db8d4c

SHA512
70098aba55744cc3f9d73b0728652a904a3bf27fed34a42256a6ac1558fc3ea570a25b312b30bc4fbe865f820f55c64d6cc91ab6489362ab22875af139397686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e238dce34604fc29f193d4a73c07a9eb

SHA1
e260856b0396da80ca7b1eadee28097e2341aa9f

SHA256
4a893529106b5dd89764b032a735a7aaa3d4232d61be5679c62e75158588d68e

SHA512
80679eb1dcdbe7f8cfa3f47b37ffe4712cf017b60521deaed1ef39afd01e0008fdaab4451f5b60f0a37167af5174147c28572b53902e02d55ccabec2f8c868a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
1b9aa9a7c93bb9e3b210d1e6a5ab500f

SHA1
5b16f433eb6aef7e92acb79856ec4b5e88aefb28

SHA256
f9e9119348d06f132ded68acdc087b9599e3aa8face7e03eebdd73cde01ef752

SHA512
ae25d0a0652a9b54cdda59f76b3b63b1cddce0303816f876c25ce739d61f9e78652a7868508b1d7d41103a4c970863829fd45342d7c1d0dbfb17711b36c76bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364286340066001
Filesize
4KB

MD5
401e6a54eafff3d281914d0146f78adb

SHA1
d9afa7c6827e9aa468b6b1b223caf36e140a083f

SHA256
0444318440a950ce808e9dd1150f1707d14b77f7cf420a94746476af2e41c2a7

SHA512
62a4cecba032d4f4c7f1eab0d3c3ab28dce0c02e07d1514c574bcabcfde53723dfdd69ca524117e1af865ca6aed48b5c5dfdbed88a37869a5de0c638441e462a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364286340217001
Filesize
3KB

MD5
1142be647176d4ef35fff523f42bf2c2

SHA1
bc7c1173602345f4df56f7d54a78befbbc0e1449

SHA256
c8f5ef2c6fc34a2b6bc0315e980e36ed7bf34e7658483b7b26aaf20514a1bf05

SHA512
b9c6e563dc721c91ee2904bb76d6bddb3c2c6f22b8c00ed446aecc5d3208160a253ae7983a5cc81792b1a64d50cfc37542aa1992b9aaa30f6f89be8476e79ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
c581fe9ee8a42c130eea717f53f6df4b

SHA1
c0e7216c9c319691e40415421033155d6546303e

SHA256
04991ff44e9f82396b8ade476c5ec49019578b9860e27664dc4caf495888fc77

SHA512
b4a85ce8ed988bc808b96d9130aee5f0870f61a9561a3af65648a27452a2adcd14e7b51b1a7a7bd230a56beb25f4d102dfc9274b940abbb996b63ec7146a84a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
6b623ab44fe62eee1b2ba32d58733a44

SHA1
a93ad2c51460f6d21542523ffc7411010b4f440d

SHA256
4f513e4877ad23d3bd4b623d3d66ab83efc5a59c0b9f506b4216013dd8c2fff4

SHA512
532b04b883db1ab403da84f64bd6704d71932c4d56c7a254a932cc72425c8a5a68700dd54d867519ee84aa648c1817611b7083981a380db4b0ee0128b0985a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
1f02af02f66ff7694a28b8bb8ac645f2

SHA1
507312fff1928bc91dcab0525280f5669a9eac72

SHA256
317f43a9352aaf678a2f9a80aa6842df7b21c52e641156fe045ab3785a23b11f

SHA512
85d8ef87b1a7346117516c9def2af02bd9773b64eefd0cb545b6dbb26fc2827fe3e6c5f093afc0af902b26d9efb97463cd51b59e6843fe8a4cc74eca71fa492d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
17cee19e5fbdf9a2cf455d6f43a31b5d

SHA1
f3555496252c2ec60237ad0fd4201ffd584088ab

SHA256
4addac2aa5fa1a92da4d59a552a86682700cadd30f015b05811b90a747299423

SHA512
2a4522e989596d31b3e31b9bfedeca32069c87cfa6f6467dd1edd6e4372f494fba455c08c106aacc944d3172c9e7442857513bcaf7bb71e9a93b74d3d37c0fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
200B

MD5
228714f0b1405c524fd0ef90a3ba9c71

SHA1
f60fd4523113475a9efb99260d7a88afdbd12a01

SHA256
76284189d580b9ca634c73060c8347f603a9a37901df5ca3787ba1ff2f2f2b06

SHA512
ddbc66b31c8201a673b9fa84932384ceb3f45ec78258fc6c6ca09c3afe38e355bec28bb69e537ef5550ac124bfe6a078e4ee29576755d4918aa3394167a03e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
7910b6efa0a2ae3ff073e5531a87ab02

SHA1
d2e6dc7cefd5d8180df5e0f7fc4db71b6ce94fea

SHA256
7385010d3adbf5121cb73aa2a03febc8bb9e6ad86e7564181565a445f625dd9a

SHA512
5a19672e87d6f7b09e14a12e48a750dd9b3d3886f776eac3dfecf46b0f62e522a2fb56e28cb6d5fe6c3ac3d96af96ef76c9d3622127b7f5c9824d4912ff6d865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db
Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
daa31f09db1c335f4b9506f8af603a8f

SHA1
18abe3f0837655313bc87a8c9b5c8bc2400109fd

SHA256
7426da217164e5a7696048e33ca97e6e58c6b1794e79a18858e53f3cb846a03f

SHA512
7ceed8965d986ead4d000ed4073f75db8f480cac3777684f063b24f2abec9921b97efcc16998304fd7cf2029548ae592002b464c324df3fe84a04414e347e452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
2c9368b208c0f912962a6aa1326fa950

SHA1
4c9bb37773a226d13c31070906436f86e3b553d4

SHA256
03e7e13f9eb70b4927d7770e0cb2e928534bc5759d10e96994f89880c9f2ff70

SHA512
ccb176def3fb16209385f0c0d56360bee5ff5a70ad2a79f57b3d6d0075a2e9b322f5ecc19e0a252b357cb7115c154f8fa3b76440c9ede3b60204d04772ba3d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
2a3c8dd56f55aae29acaca5a867d22cb

SHA1
cd1d07313cc22c3b1917431b0aefbc2edd9c6405

SHA256
cb1bdd1e587c7d16555ff7a25d096d91e47f699e0efedc42013867bac2e4b44e

SHA512
66f2afe649f365ac826c104157e0fce1af15000a208f35ff26ed3554203c25eff9ee7d6a19c4b9c993e79ead1ec982f4f93dfbd22cf0aeb5baa81540c15037c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
4c51e13b0a925bcbf75028897922b4df

SHA1
b96bee1f38791c489c134fa5a82a705fbcd1daac

SHA256
c7049d53a06eba356de832d31696352810be973a9cf3ff3c384a534d47414a28

SHA512
5aee2647e7b7078985e5f358fe5cf01c892c04659a0310529a19a3912db3cfb161b9139c8e33258881ff19944c43066e8d0026f566081709f13ad0bb438c51f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
115f6aa3080815f0db7a2886a340b4f7

SHA1
4e3bc412f7ef29063c745ff9b88552da27d12875

SHA256
766eab6487b204a29f35b4c583c1aab18ec159610f7262264aa305e30a796afe

SHA512
5665f70e971218868f12c718045135a23fe0c64bcb9306710a51b401e4670e0476aeab9f92270923131284f917053871d2d75598c8f82d927e73d82bac158785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
b16cba116ea538a04c8a8ae6e4220ec7

SHA1
3d3493a8a190c5a1496236d52c30b5e25d61c056

SHA256
a79a5700c7a238dcfc0f2896357a346b9e711f1d29d3649975cff632e824b0a1

SHA512
91bb4a0b58983c20279c83394f5d746adfcd71515f4c5308036d139363a98a7e881a1330ddd28bbdd12f70422b4fed7f92c8b4578db9cb2fa61f682d531a41eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
65f3a5e8d94d54a7439d804c35331cce

SHA1
79ee260f28ccdfd9b497f631a9922335a785c216

SHA256
1a8c400cc166c868eced4408445d1c358179c3c14fef1770061479975bcb950c

SHA512
3ea7c8c7e8c803d8e50f0bf43f185dbb550218fdd2b70d19d3ad47df3c3bde7821396c54d984bd1eb6f70b5949e3d939430d4c3a698326d7b4818d633cb6b22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
77e5b60986047ccd7dd6234bc7b7ffa0

SHA1
69288a56430d1999f97b7879edd8b3c247ac16e9

SHA256
0167c519ff5d85703c14d0228e8388212ee838321826f6a6c8149033fb7ba8ab

SHA512
c6bd3cd5b0394f92ab41a54610665c3b8c94c56354e27bf406a60c0df8bffe00008ed23f2a14bb532a42878c66cb22dc295a08a680520d58c60a7a57aca33c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
4374be455ef1661da6b38e2a5932a751

SHA1
1838534b8f6b0865ec7364fb2faa623613e9c7a5

SHA256
f153190088819720f2401966d8376f04ab3c239d555107a753f0cfe1bd05a293

SHA512
3aca605e476a77992345d497dcb9c9dcb2268f8b3f7e56d151a6e5ed96c073ac2d503b36e50e04d6ed01fddcef4267624f780a67a48fd8ef779e44c2019ca26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
5c563b4828c612c9ce15f2b2a93ec4b7

SHA1
4349352ac20e86a4e44ec9f590d7462b21569188

SHA256
d8e11ad90017ba351e821260cd05c9559ec7ee8d1c19e81a99cfd66405b95911

SHA512
e04af568db7d4d692a02f4b5a4da01a002e27ac3616079ca7d7b33a76cb4299b036aecdcec5ced5a3c26cc19429dfb90fa5477bafa72fd030eea65caa9e57819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
5B

MD5
2d509ae5a0a472fe25e8cbd480b5a90a

SHA1
6263eab6a8dc866f364ab4d4dc98154eaed404d7

SHA256
b1e5d8206ac9a6af686bef1851f79e9c40d2fafac34f5849154dc2bdd5c3f409

SHA512
d7e3b17828b1d04b7c962c320367169e03b67c98c6f0d25d925c59cb314ec6fd661b9697942512453f15079dd570362ebbc47a7581c261508106cbb351ae2e78

Download Submit
\??\pipe\LOCAL\crashpad_5076_BNREIIDSHHUVPSGX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit