9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1

Resubmissions

01-07-2024 06:05

240701-gs7rts1ekm 8

01-07-2024 06:02

01-07-2024 05:57

01-07-2024 05:47

01-07-2024 05:44

01-07-2024 05:39

Analysis

max time kernel
82s
max time network
87s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

494KB
MD5

90570683931d5f8a2ad2eac54d7ec9b4
SHA1

2e04b4ffa1ffafac3b5424bf6c59d0eefee13858
SHA256

9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1
SHA512

08cb12405bee74256212037938c3a367add8d6067c326fc154d2b6d9128254f817fff9e61672d67d4d6f4f37b78df6209b94f71c69f53abbf9db59bf0e36ec2c
SSDEEP

6144:lZHU5+U52U5ZU58U5ZU5BU59U5qU58U5Rb2:l5UAUsUbUGU3UnU3UIUCU3b2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid process

4488 msedge.exe
4488 msedge.exe
2644 msedge.exe
2644 msedge.exe
2756 identity_helper.exe
2756 identity_helper.exe
2656 msedge.exe
2656 msedge.exe
1548 msedge.exe
1548 msedge.exe
1908 msedge.exe
1908 msedge.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656

pid	process
4488	msedge.exe
4488	msedge.exe
2644	msedge.exe
2644	msedge.exe
2756	identity_helper.exe
2756	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
1548	msedge.exe
1548	msedge.exe
1908	msedge.exe
1908	msedge.exe

pid
4
4
4
4
4
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4856 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4856 AUDIODG.EXE

description	pid	process
Token: 33	4856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4856	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2644 wrote to memory of 2152	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 2152	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4048	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4488	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4488	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe
PID 2644 wrote to memory of 4336	2644	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff33123cb8,0x7fff33123cc8,0x7fff33123cd8
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
2⤵
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2321986690985700023,11504117507881423947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff33123cb8,0x7fff33123cc8,0x7fff33123cd8
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
2⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
2⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9098199048401218203,1033550483417261071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d56e8f308a28ac4183257a7950ab5c89

SHA1
044969c58cef041a073c2d132fa66ccc1ee553fe

SHA256
0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

SHA512
fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dbf6eaa2e4c4159e4bf9731ecf7a5fed

SHA1
5e7a69ea9ec1bfdd6a250b65b23c495136451114

SHA256
e0c90a18f02eef7813b39729d33043d1f938bb9af4d1536ac0dc5f66e336d0c2

SHA512
5334119699dc524e15bb2c104efac326b5ccb814d6f8d840550482bc232867e53ab1783666ca2dc5bcfc5945c5971f5c85b962fa7a0e08b16d9b185f9cef3778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8f2eb94e31cadfb6eb07e6bbe61ef7ae

SHA1
3f42b0d5a90408689e7f7941f8db72a67d5a2eab

SHA256
d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

SHA512
9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
c6a4a3ea9ae574c69f8bd7479de9cbad

SHA1
d6b3fe568e950a49df27ff9b972fca6c1eb67ea5

SHA256
1b3f3d50153cbae1a73ee8e860c9dc54ca5955a8952a897b6d89fa4272997ea4

SHA512
c0f74cf7665ae1e2952477c7c73ab1c459b6b40f5a36459c5b8ccd0f7fbd1c4c0512ae3f4861ee5b4e52e9a3bdfc30d6b6c4e8e237aa6d3ae76e4a4e28d284e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
32cb4c820eafb070b991dd1911550629

SHA1
db225779b0974591916d2cbd819261086a383209

SHA256
d9dbf9c53019207404025406702206bc5777ffe479924b4280132e30dfaea98b

SHA512
440343c0d02e25833412ee969ff9fbf3fbd9155ea5f584fc12c2d0f653b89ccb92dae903b4772c1982859045638f41cc331137d9d25341776352cf3dffd24eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
5e744af039f7e49bd828989e3c58f684

SHA1
a048ed874646d43b1e1477e1bae0c6cccc70ec72

SHA256
9aaf1ed70a5e85b89df6441fb98c62a72b851bddb5129ce0fdcd1bd788b3f6f4

SHA512
5374f6c3431b6023a7107b5d920dc6b086a751e4c54c7130c4d3a5e98a2f662433f721adb355ca5704e9d9e2513ca6fe22d6f232bd97f3fad4c5555ac9654e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
b138dae6769eebe8cd981da8377daee4

SHA1
ceea1e97c934516662545a276736c7469e33bb03

SHA256
d706362cb533132fd48ef1f440a9cb921851956b40d59777ae04178195a6e00a

SHA512
82dbdbe04b73e44fabafb6b5ca4749b5a95d7704fb850ab7a180231d2e82f7950d46b7a07354cd4a7473267b5a9777d285fe111b782f3a0e6d88b35c61d85998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
791cdcde777e74afeb149be9604681dc

SHA1
219ce43d69dc66dfaf85e81c2fd2c61856630e80

SHA256
410cd48e6bdde760cef6ae2b723f2d1753c421064e8783879573df300cf38db2

SHA512
1ab574d831fd7ee89aa6191e47501d9bf046e74c69c2761b7fa81bc2ff412bba1518150d2e6b69a2bb0774502d5601f63e347ad0854378cd7b2a0e514cad623d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
599B

MD5
d1fc90ca85bc0fa99175cc6e8c5a918d

SHA1
f3a97c19fb5a110e2166d4b7c63fbe74d9aa0900

SHA256
178ff773727ed0b9b4dd215333f25c9ca8177609f407c9cdb94337f6dc227ae5

SHA512
57f15e0b0205523f973bf1a9ea7af09b232de1a34bc7127a0d7ccab8cb52e09e2531541808dfadb10de7a9964aa6663faf9d080e82334274564b24d88c1ec093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
eaf06cd8833ff4948fe17919e02b7b14

SHA1
c2ac6d3b4e67d8b947dbb24ca50d29bb6f01ad46

SHA256
fa471e625d9910b877f13d40a740e653fea57e8ec16969cf7c988cbfa8a1b921

SHA512
a12b71b34dcebb7ee75eec2a603d0f3ed2b2fb2b79277b0241149694dcfb4ba6feceb8ded9df65d4a8491bdc1a2beecfe399d3cfbcc4f082f10f3b2a181f2ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
5d352a03280eba57cb274d27ba6c6b7e

SHA1
8887766642a81a1248dd5f93239ce63e93839900

SHA256
3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab

SHA512
b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
Filesize
8KB

MD5
1560100d3a3286cbf43de1f6b1600dd2

SHA1
41af741ebb5679ecf9eaa75c2714e691e1f5b1c0

SHA256
01c9101d0f00eeb39b485fc6c1658d9105e2cf0e4e10e408f055abe87234edff

SHA512
9ee6b390e2f60825628675f190dc3f0da25057ab63829016e10c71e5e3f92318dcd005d1fd81939154f81907135e15b57058036445a7152c9298538de61565d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8da3c62fb834d7c87359644cc69e8ba3

SHA1
cdcd287be4cc15d4324c2f6a477222892984567d

SHA256
b8474bd97a040638f1aa778f74becd5ab05f5d2970eabcc61626844802367b6c

SHA512
a2296c8d8a766813de081961cb64f78353eadd293f2e305e980ba540ed727d7ec2b67e5284e05b86e37834273f007401cfb3a237054e95a6825c46008aeb4c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
418e4fed4a5b5a9153b379b22849d285

SHA1
913c0732f8000cfffee955ef561b5c0cde3cdfde

SHA256
513a2fb0b9cffd818eed3265f8525c0fec893e062b361e74f81e695300402be6

SHA512
c49977622ff24692a18b95c190d57590055d44f4591433ebe4003837f7d900adb4d7a0614803876f268bc47d91d11abcc76db5e3f33f5c26605d4ec4a714af8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3ae1c73f472e26b5ba8c32ab84f3e078

SHA1
8b67325ef6f960af0e042ddb64cc71e5766bd9b7

SHA256
d721a6d5027c4c44aa127fc35ede6702ce11c40b6b3fe43ef9985486bf347187

SHA512
a22dd829faa5cffe0585dfc5ea2582ba25307debbf316fd8f99c305d44e6f21ea1b606ed2f0ee972b85d4571d3160fee4253c47331fa859d0d51e8f37477767c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
04ff3cf45168c15848b5b7038952540b

SHA1
5e7705ddc4292e4a51f8fedc0fbb55ed50557600

SHA256
f548eee29bfda770e69ebe2a87dfe7c5788907f0d93624110016a764010d36fd

SHA512
15bd077dd3faf201509ffcf3ffcc2e48418744f17b407baef987c257542863ca5c78a0c7c3369c0bac8f6c7503e586f5841f9f47619c173eaee6b64786ab0e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
f4f6d8acc9e886a40f5d53de2945b805

SHA1
d2ac747af8a847dfee250122dd477ad7b1635c2d

SHA256
fd95df72f21a139cc3a63ca72de7a1535d8cc658c2f28a7752d061f1332f7007

SHA512
0815b5e8647daf4913d671f99bc81ddd62949d1df7b7d4bb4f482b8eb53c4d7b608d56437a24c235855bd38fe8359d43e1f27b198f7d0ee03c8d1fe1e1d75d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364287417972515
Filesize
4KB

MD5
65df0aef9f533e7931aa7e208c5cb4d5

SHA1
210f8d927c89825028d8838555b15dedcb936f17

SHA256
4d31f2e7f270cc96d5f498b53443c78784c6ed193e8793cb9df8422477664ea7

SHA512
04e1e20eb7ca78df23b99c9c095fbd9ebd4dc51051bf263ee24702907b0ba2aaa067b97b8dc88696a922e0fe954a92bc682cc6fbd28e58fa2e0f2810725126c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364287418139515
Filesize
3KB

MD5
5251191a3cbfeebeeeb4f27293261ddf

SHA1
7201e82812f528d14b0530cc2a7495043ec3047c

SHA256
a8253afc0d9d634619701af20df4d63f3e67f88ffda807c1e2af83093e6476c5

SHA512
a6d5603127155998f7b40c04c5c44cbce132e277f7706c7f6397835a6095d9cb29414ec4e0eb974cb33ea913bce7be0e5b4bf06f773883cec95b0ce054af4b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
64d0a44034d1a0e7b5b0328ab9d61375

SHA1
fa7f886f847b9df1d3999147cf616f0cea2f098d

SHA256
7d1c741a1daee57e98b65860c69cd895892add898e6d42c49e48a02a4e289d4a

SHA512
78bb89a3127828a7569d6b55a961f3e3e82f6ad9189d62bbc2e8bbbd06b2f284419ea95b12e42ba6f7ac4f2ca2c045475ff5eb4ace4bd6578bfa38199abf0516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
344B

MD5
e9ede822a546b770c940c45473837a72

SHA1
021de283531ef7bed6e62aa94538ed6aaaa633cb

SHA256
267890f0dbafa48acd798cc16e79bbadb36b8d3fd93a63f3bec95ac9aa6290c3

SHA512
8cf36555a9f053e4166456bcaa6e4ed393dec1aadbfdfcd7d3a6888c3c481e303ff6d023d8b5159ec1f55ed862cd4c071ccf4606f655aea88c7984a6791b923b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
e6b905f5ec9e882b1d4a307c5b252301

SHA1
d07249d0b290bd5a9cb2b1c4a0b1859a1153efec

SHA256
9ce8a47c182a8873fba64a675a8bb9ede67aaf7a5d60d6586a0bdbbdf82d1dab

SHA512
73756efba0bf2bbc4df1c0d151c6e9c7b3a00d7d19348b5dc7e03eb73e156f65f422c1fadb39fe58de07ccdfe3d241872b5d412742bfc60e7fd04a7d76be60b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
1c01661e0624ffd1843217dcace07072

SHA1
7539776e41d3211e606d25e0870af63e6168805f

SHA256
6b9c5118f2b77a6260805f03a388851df8af6b2abc9296701201f29755dbcc10

SHA512
685e6df8983515d4c4382118731a63ea4538a900b7cd94df0482834e2df58e196960c6e6f1b344e1b7fbc0d62c5f7816eee50b3bea177301c6d39a82d03b075f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
198B

MD5
76d8e7a74340ffdd1da6e5a72801fa24

SHA1
df29514d4f559f383fe691592d2c023599525415

SHA256
29a1f5c0dadd407890f27eddf80f0f5bd5e135b7ac2530ba644720b26807fd17

SHA512
7d9572f1b17a8e30f7b99e160169fbb327b1c6a586e73c2789553b13e229b306d59788b0528261595a14a333a185c4613e4b32e0fabd03b1f41b02607776c7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
83957542f3d6a0afb68ed6715ae14587

SHA1
c102bfb0b9dea772443d4416811f2bbae864cb29

SHA256
0acfdbaf9b01ac46ce7897add4ff3ff5d1226c46a9f06466185c20a325d693dc

SHA512
e856c62ad2cd3b586bb4a08aa3a42ce85413f0276427d5e5acaa6f4eabd0edfb23f22bcca0eecccb02983e326b88ffb9e9d921c87e49ba1b2299804110d8331d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db
Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
9efc94401d6032c57a66447afec9fed6

SHA1
c56f9cf2bb93e23d99effa90732888129366d534

SHA256
71023d5bdb95fbfe75239b13b613b2448fb53858ccf90a9b1a9d63d3e5c2d520

SHA512
3fac7a595380022df94fd92a2f3e558a51f1c39686accd06df1db5d2cf4737705c6fd45251bc5942cb2609722b666c128c4e7a99ad8b506eddfbe5580a04f1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
85c41ebe1692b94b216c027682125fda

SHA1
3d3d0eb1605be58a35ce139fd446878d58b458b6

SHA256
cf92caa0e46bb29a3697390b56007c4065c1f25d7ba8badb2302e7825edca8c5

SHA512
1094fc2483612c576cec53e771c3af5063723eaa9a7eb5e0861678d9bff6e3de9587e7cb2533e7ae650bf093e8a6dab6a519fb4652060f3cf3d59cce73f9fc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
96bd588302fc303cc2eb0289d389e422

SHA1
f8bb626c85eb9ce8ea00fbb6697cebe47fa2d8c0

SHA256
716d66c1199f136e65a708babe636084252d7332f6e5843ad1b622cb6bdbd6b9

SHA512
ebb0db0e21ce5d84018c07e74ad9dd191b77e8c0337d2b50fa65cb957d6f6ca1010d1018eebf60cc11f800471c143087d95f1dc7d843471b74bcb0e81117cc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
7a752b4803a4310a50c618e05d31b7c9

SHA1
6fec6ad3a0bc8a6058e5ca932d3be6f458e51db7

SHA256
9605e478b3d76c35baf35c0c5550bdf73f77d14986c4edbd60065ba2bfa29a99

SHA512
01fba1d6309c1dd66db2c0eff1f2e76b57c6412ca8e5373eb29086c889e4c4275c2d9953b03a622e056a119cdad738fe840eb71167f6d160684f717519728a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
82ee9b320d9b3c14154a2001f86126b6

SHA1
a665a4655d62165d5e86fab7bb1204d1325483f9

SHA256
d7ce4a86a8a56c70a3b02fb011223bb2985200fa3556847ad9fa62ec28c7674e

SHA512
52a16319d6a5ad477a36deb4df9f72884412d63491684f7df390eee49c5513acc56fc1c35519e6be419c9f02c65abab054c7fa8d6e1bc246c469a8fb839d096b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
3d6ec6574f2228b15f665aee6b302b68

SHA1
769a966030ee0496507ab48d849df57765dde49e

SHA256
a6325594edfd7268941f1c695f5ed8791f0d0f84cb374bc8ca3ff8d6250ce464

SHA512
f60dc1232f533505ee71547eea123104d93ac1ab1de8db48b3502c81c9989b65e02db650c6185cab97c03932c980a04be1a691314b7e12b42d7b32e024a536d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
65735d69fd5406f544eecb6bc3c5170e

SHA1
2bcc3a99a107eff554d3f1661c31a7130c97fc81

SHA256
e7109f55fae091c79876ff672b680bcaa440703a94d3bccf61d2f4e8b51bcbde

SHA512
58a70c5449b875d27d5ea14f94417eae8085947e2c837a3d42aec1714914270f5e9cfc3cc4aa3575bcdfca56929114598e4c7bc51a07bc29ef39d267de339088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
efb115abac6aa9d585485391a572ff3e

SHA1
f8df09b238d8cb22d7cefe2622a962b7ac5a4963

SHA256
566387aec50ba7abd7920f34cb8528189b28997aa2ef6a1626bd329e67841e01

SHA512
379d2d1654fae8e69af8c422100dce0df467b39d2a79b9665e79a0c62c9f202d84719b4ce6b03a6a53d10459afee5ffbbfff0f8d7b8b3c3c16549a23bc1c040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
3e799173dd092ed5aaf2003d9b5b7723

SHA1
46d9d42af53f932d840f8fac0fe9b3beb64e7022

SHA256
0b9f595633eb326fb444dc263a27be85ad96110558610ac0c99749f1e4e3609d

SHA512
5a81d564ab02daa9c46cf1976b0b5f9e586a4615132c04bee466737655119cf1ffaa2d6bc16d2bf73d99ecec207c3bd5e45198bda12a2ff3eb8b8fef26a23349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
1dec476afba04f7dded352065c3cb70c

SHA1
943ce9cf36c1f42b06fe0f6e27f29de3578b8806

SHA256
571f4600eb376366123032f6738326784a5a3bd49b5d964ca836ef437818516a

SHA512
e5d3cbab20d905d4cba456c4fc07bbd30a1b942176e993c6ef38dfcbd708eb32620bb6e106df6c7474cdc23da474b8d02ae89fd359d2ed3cfc2297ff66923750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
6826546437de6de0fd6389027e0165f5

SHA1
51d02e8e3178136dbf08b0c53053f2b72529c561

SHA256
cd0cb4c9ee678f566e42b9a093cdb354486ea5a8d811d9f561a2685111993b43

SHA512
f940afad8fe879b526b526c698ed73e325b480abfa6208cd9d608bd2284337b7c2c926438134266b9799d0d58a969aac4dbd87c6af1418b7107a09502b955907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
3B

MD5
fe10f28457ebc2271b8d3859083ba37c

SHA1
6e3dd7a3aafef6a82952fd87564bb03f3e2fa1d6

SHA256
dfcb5891b38121688508b7a4f1cc320a75fd9619aee8ad67cf70f5900a081db2

SHA512
7549dca489a243d8d7e6c63049de07d59e9b8beda1cce70ab105c70056dc749300a6529c23e25a098fdbbd45c1507b24742b5782644a37d0d2d01bc8776fbe9b

Download Submit
\??\pipe\LOCAL\crashpad_2644_BDYWRRPCNGFCIJQJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit