be0219b47ed088e3ad97037177d8c55e4ad9e902ad7646c0b9e64ae1ecabe98a

Resubmissions

17/08/2023, 12:48

230817-p1vfgaba51 3

17/08/2023, 12:44

230817-pyz8yahc99 3

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edi.bat
Size

343B
MD5

1afa892b415dd6bdde6a8b47a4bba8bf
SHA1

8d70c9a141b6c8c23d798dfcc2f1f1ea617021f4
SHA256

be0219b47ed088e3ad97037177d8c55e4ad9e902ad7646c0b9e64ae1ecabe98a
SHA512

9c2d5f8cfbcfbaacf9acb63dc12327be562c8f4653ffd7e53897f445afd138c784660d483655ca9a189417026499ac14d6d202e312036aab31cbb79104902851

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 4 IoCs

evasion

pid	Process
2508	timeout.exe
5092	timeout.exe
5000	timeout.exe
5096	timeout.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
2160	msedge.exe
2160	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
4592	msedge.exe
4592	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3136	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3136	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 2508	764	cmd.exe	84
PID 764 wrote to memory of 2508	764	cmd.exe	84
PID 764 wrote to memory of 5092	764	cmd.exe	85
PID 764 wrote to memory of 5092	764	cmd.exe	85
PID 764 wrote to memory of 5000	764	cmd.exe	86
PID 764 wrote to memory of 5000	764	cmd.exe	86
PID 764 wrote to memory of 5096	764	cmd.exe	87
PID 764 wrote to memory of 5096	764	cmd.exe	87
PID 764 wrote to memory of 2160	764	cmd.exe	90
PID 764 wrote to memory of 2160	764	cmd.exe	90
PID 2160 wrote to memory of 2184	2160	msedge.exe	93
PID 2160 wrote to memory of 2184	2160	msedge.exe	93
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3148	2160	msedge.exe	97
PID 2160 wrote to memory of 3516	2160	msedge.exe	96
PID 2160 wrote to memory of 3516	2160	msedge.exe	96
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95
PID 2160 wrote to memory of 2908	2160	msedge.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\edi.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:2508
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:5092
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:5000
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youareanidiot.cc/
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd25046f8,0x7ffbd2504708,0x7ffbd2504718
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16902938688262800056,2989272324177460117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
    3⤵
    PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd25046f8,0x7ffbd2504708,0x7ffbd2504718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11499128652661374762,14535900425861521949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
13a1107bb246696ed5de845b29391809

SHA1
6e391c8c7f0115dd9811bc637f05495f3afa494a

SHA256
e3a5c6d76a12c6c2c80f792342dfc2a0ad082c26db6076c90fdae1c25d023c31

SHA512
c80c5b53576951e409c04f8a73fafb646639d00e9791b372835e83f82b849d022fdf1f3590d5f3a8272d4d1bd8c349f3835b181bc0bf01aa7cc6a8d8095fd9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0529da218732828ea402d5bddc8bd97a

SHA1
f08a4dc151ac96d18187ecf8150c9242b1afb566

SHA256
2f401c3838a6279c203713dacbc800d9c8fe536308d4ba546bbd6fea32051df7

SHA512
4407dca9aeb016a3348c268d7ab56e5f022131484baa981dc3c278a10c35970856294a42018eaa5db4e1656b55002b9ce31535a5a2531db062c998dd15b04c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f2ceefc6c4d6f1c639ef10f0a988795e

SHA1
9b8b1618b0db8097de57c5b0ae045144fc4fb5e9

SHA256
9e7d9a1029d590911966cbd177eb6d1f2caee044f44adc1925f868579f050a81

SHA512
128ea9e08dc3c6aab84d5bdbce46b252c78b855f632d73aa80b3a86ceaa772a121de928ab79eee0409a0f1d59af8b241b4862dd8d6d3468a59db313b00dc4de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
91acac9db374f350b08c6b75a752dbc2

SHA1
336f99c3e5808082c1f29d15d40b4c618467843f

SHA256
e80489295620b7ca1c74e62eee99852568f059d58ddf48e232ebffce831cb9d9

SHA512
9551c3a368fdf327c6eb58b35fe61c35b718c05cb1cb09a612bcbf12d6a9362b1203a3549701e38e48bda691baed454995dd9bac2f2e3f0f91332dec6a38fb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
18fdc510d36c26b84310914c6d7089d5

SHA1
16eca087d6a1a80140c91d1bfca56aa2e4080851

SHA256
e6ba877416898c03d513820663060af06ed4fb6a166cba340b677d78218a4219

SHA512
dd0dff7b5cdbdab3ec288b6356dce1c154b1f762bc2eca47438282afd8e880cfbefa2205cb97461ae9e061766a5b89b6748de028963ddc4c2ead221bfd5edd3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
26d528ed70d0ca1cc14493df9fc040e9

SHA1
8f0b0a3c5aa88b37b78867f0c9b668df8fa6494e

SHA256
bb412746fb764d334a73956d9531311d16557e4477e9dfa89b337dda9bde6cc0

SHA512
08918417b03a2727b54b4281ce4c1b574dc7262d84b91a54007817256c729a6046d8c5608e48b0d3e6389f0a92dc199b53dd0ff4cb5e5510d4d9452626a2d434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dd37341601be9c3_0

Filesize
250B

MD5
026b4f9e45fbc2d4911a0d8d54780a2c

SHA1
413b423e38aa16901a9b25a9ac85d28bb4fcb507

SHA256
2967652d89bd9ecd4d5d9bdc6f1fd084d906bd3ec089903f002e4a6ae75d3682

SHA512
589cbffca4ef8a987a4af8da8ee2cab2c054675d6fa0978c8577f36dad59c5d68ee80ca24b5e8b1a788bae86ba145e5631415516cfe9ada850fc55d59427888f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
16275b37c0840c1d6b3c530106d41e83

SHA1
c5cfb4ca7926067a090bde00bcb324eaac2a8f41

SHA256
3db8dc040fbf45de02ef1ecf222a0301ed7b8dc03478714e8c140b323195ab20

SHA512
d1cbe37e8c69240dbd0bd4c3e6125c01368311cc9577c4ae9f9cddb17db2ba23307c2045477c324bf5faa6f61ce43192cca87357d3c02e8ccf88bb984d975628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
16275b37c0840c1d6b3c530106d41e83

SHA1
c5cfb4ca7926067a090bde00bcb324eaac2a8f41

SHA256
3db8dc040fbf45de02ef1ecf222a0301ed7b8dc03478714e8c140b323195ab20

SHA512
d1cbe37e8c69240dbd0bd4c3e6125c01368311cc9577c4ae9f9cddb17db2ba23307c2045477c324bf5faa6f61ce43192cca87357d3c02e8ccf88bb984d975628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f1abf8755758b0559660232487d99e39

SHA1
c99271a6df912eadf3d532c8c7890b6dd7e3e7ff

SHA256
e9e6c79ed94e3822c3ed68d490966c8e8830da89a78e2fb78fef557ec5407d2e

SHA512
779d88d8412adc3b862a920efec099f6a5888499dc68105d4789cceca0f22636c52a19ded69db5a2d47beae6d0e527a795965dc8e75cad467252db3b99faf762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
316B

MD5
c6d7ecb5f33ee368d8a2e7dba225aa54

SHA1
e02dfba15b8f8be402e0d00276f06d11cd96b74d

SHA256
df96fa3876004bbf18bac43abbb8865e91a438fce170284cf8e02ca43f9af1e2

SHA512
30853b6cf40b8d6b6109bcc1161cceb17db14e1e243f771be2440505a50ccff5171206fe06a571416e98946e7b024764474b632fef3195d4826bd71452841ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
87add3e8326b427baa00c7dbed8cae2d

SHA1
a13c5e55fb275151fe38e9991cd5f038310b02e7

SHA256
1fc0c3cfd6a60255794777964d0882f245f6a983f6b0157f2a2d5dce7877e69a

SHA512
232b5839cd22acfd2ecdfc1973c127d4c910b10c2730970c07c0356edc8b3952ab2317bed06f2c1083a68d16e74e806e811cb84d2f30c4150bed0f0510497bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9262ce7b706f650c742ae1f5de03b940

SHA1
614a8f1e0b292b296a71bf2b3ac5410468fcf5c2

SHA256
15533958e1499fad20c85483281fdfaf8e1c68fce5cb502dcd9af5bae04ba47c

SHA512
0dd60ea6a0992d25bf3a6a3aeafdef5db08052ba0cb377b51090a8c1f24e654d7ac5a5332d36e35d17b2334d48c03ff7345b8a010aa616153f761d6d38f3b4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
a22386f9c3db29322707e3fe753a563a

SHA1
050293a7ac3e09126c2d941b92f4d7cd4037ace7

SHA256
d56d29b68331eec50b6210cfb48cc43d36dd18de19ea85db09bbc2481dadb23a

SHA512
a05c734a16b03c6c17a3b8d03aa992106dac5800c28946aee17520c859865e27f3c7f19060915d0cf1216458d41e1a6efb9ea48d7d30deb8dae053384193f4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
670B

MD5
ee5a5c6c5e44c0e927c7e1e99538281f

SHA1
9c66dd9fafe3df089f0c4d2efc5f8c9ee2f80b86

SHA256
1642e43c5b02b5fe46667fc286522372341772cef72b6f0e97bae13bbeb504b5

SHA512
a6cd88aea8368c9c5235de35f3ee0027e5625d4cb118203e868ef5854ad603df7fbf9cbb9bdd78ee52e7c0acf63f95dae820b298e88a08c3542472597b626e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
429b20049c9a6b978999b4ee66bdb4cb

SHA1
f9e526ccef44338c504bc9946b1e24fb2344d4f2

SHA256
8a7f702e598c37042dc055f46f967cf64adbb739d0721379c84b2d558ce74cbb

SHA512
f13b290e63b1a161587e763516a3dab11614c227ffa91ba8a84ee234218a3357c1e9f5828cc38739ba7026cb15cf0b0a81acb87bfd6d7379889818f1c0c2504a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
2a9da53bca000402adef4f0ff33146a8

SHA1
cbccdbcc9862325730f44640e71231a0a77f9698

SHA256
a0b5f88456977f06690814cf40df71674cceb5cc5adbdcdb553d0aa2254daec6

SHA512
577a1ff549d63ad44f0cc116e4ee681213b82186c158edd4a64f117ccc504a9eeda3c53e6aa7e2e334979f464c9a986f23654d87a6e8db342c7a42c692e621cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
76a33be09757791e49b6a4cda2c8029f

SHA1
9e3297ca07d90f806482649004d462c43c873d0e

SHA256
e9f7eb77d039c348f5f2ee81e60a312d03e0c74b0762e6159aef22b788a06fd8

SHA512
291366b2cf6e275447cd22c9cb181b8c985de36e2e6c8057f0dc4a46b75c50a513427f575cf0cf7e7f8bc30b2d57c637fd1ab4ab5437441c873dceb243778724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal

Filesize
4KB

MD5
d6101193938adb26a3266d7c37c50ce4

SHA1
73aac1c6ba89ee41c4d72487e5cdd4dd13487129

SHA256
8b1ccef53d09a2a38f0068bc63f3c529b18e81206d324d1319a2bdfc2608cb0f

SHA512
323854c587cc1d14b5a3b09b0ab710a252cb704e82392ec5222a5152d9ce8f62cc1c1ed1fa1bd03973a8e557fc6d6ab86128073f91daa69ec17c5c95e5e857c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
e25f3be4822e7c599b8c9cfdbe88f67b

SHA1
33e43afcf5b5f65e05e0b7a7e3dcb7ed913bfd0c

SHA256
e0a712fadf2ee3cbe754fc4f5a6a55a3250d2b84b8760d5c904f54db9b64ef43

SHA512
d8b2562492a4789457a0a619e3c739fdcbb166f9651226b79173854b8e490cbdc725d266d40d8039bed0b4d817abbd9d65d51aa8de297ec85b8f40059d580807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
e25f3be4822e7c599b8c9cfdbe88f67b

SHA1
33e43afcf5b5f65e05e0b7a7e3dcb7ed913bfd0c

SHA256
e0a712fadf2ee3cbe754fc4f5a6a55a3250d2b84b8760d5c904f54db9b64ef43

SHA512
d8b2562492a4789457a0a619e3c739fdcbb166f9651226b79173854b8e490cbdc725d266d40d8039bed0b4d817abbd9d65d51aa8de297ec85b8f40059d580807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3460d8556f890b37d48a85a3913e07e

SHA1
89cd3bfe6025df923dc672ce721c3c61b6ec2a2d

SHA256
aa9895dbbd706665ae06a5af6d178ef65696f9e434b7bc5f339b5d663edc7b19

SHA512
37bade92ca4c7620ed192fbb93d51bed795f54db548ceff6e9a403198be84939736fed07070086748264601a90d5af3bad5016ac51f7988386e2d414646c4090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a432e862dbf489eedc17e2f44d175501

SHA1
0a3e3d19689eeb1cbc3b86a90502428ca16b6333

SHA256
6fab3bf18c11c86c2bbe4b78a5f828336a966806a80d596980080b291248f8cd

SHA512
62cb9189bab74f3053e4ead793ca8c37d2b0d8c09e6ad292e26ffabcdb473b4f3c6193b14334816182dcd925db25103ac0c238ed25d8336518b5b5863d7a1145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe95a63574d8b7a29a3cbbc4244123d0

SHA1
0b4737916bc346ad43cdcbea6872a3a1c150a606

SHA256
ba02b3b99f9de6ace1f641b392cbac67d66678e5a4fc4b02018d3623ffa6a1a0

SHA512
59a9f02c24a7ab062e3a5b1cd6ea63a73b0c29e28da4aa627fead8e96e122b3a8045ca2d137eabae95919e12b863803969347b0431004f2731f338c8aab85897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fed42e6d4064b219bcf282d22236fea

SHA1
838a9ad9fa85201a7fe09a5ee41cf44b5b26463f

SHA256
4acfe14fe112a52f441d3617c81a17fccd0f1f465e19d8e15e0cde0db3b6443e

SHA512
6cef8a95a659635b39a29d84d7166d5bb92bf694123ad5e82da1495895d54dc91ef22a86bebe127af70bf1ca1f9660d79354a0dcdd285311d44ca91e2a88579f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8625c6f145c35706561882c2cc4c76d0

SHA1
22a2dab0077fa7e214026547738fde66dd522ec4

SHA256
1c700c17fa64d273e2c57f1641c9b3039374acea9378e7d90b7f5e188d6ad607

SHA512
29ebb3cd1e5ae896f819891b804c489c222bb877b3bcc427ea4eaa5902957ade21c8347fe08e4bbc44aa15b1a4782dfbdaf6c3b925a85677e4924df327cb946c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8625c6f145c35706561882c2cc4c76d0

SHA1
22a2dab0077fa7e214026547738fde66dd522ec4

SHA256
1c700c17fa64d273e2c57f1641c9b3039374acea9378e7d90b7f5e188d6ad607

SHA512
29ebb3cd1e5ae896f819891b804c489c222bb877b3bcc427ea4eaa5902957ade21c8347fe08e4bbc44aa15b1a4782dfbdaf6c3b925a85677e4924df327cb946c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0893f74e64035545ef852fe312ecd69

SHA1
b96f1a71d70b19448ef0da3d3ff35fc0a8fe2fcf

SHA256
1ba8da7cb4186965b51553556f2c0bd482683ee0c9e2836b7e10f88bf5a640ed

SHA512
fa81577fb8106be9ed7b740fcb18453b9b32f85745bdd05e435fdc346a3dc3151e4a38beac1a209b734714374c8eb7a5ee45df7e19ccf8e26546fe9d31f9c6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1b31a06a8c2d07afb2e3fbd1873c33b

SHA1
34d8d786e8d1c290f6dbb90f087590f3db7390db

SHA256
06b81c14dacbaa94633761d97a5b71ba8faa3f866bf0d4ae60488988b184192e

SHA512
c6d6369a2d8cb5b6c7e7ac90d921ade78bb0c5b3b6498d0029e419eaedc45d4da5768662e3c15fdd6a0889a530efae1dca985dd2c990c940c02194bd00237b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29782ad1c0333c606e00462982e87857

SHA1
57e45ce2761893c5bdfddb78d126524b85a18ffd

SHA256
c0e9bf1144284d1863b811904a52047a86b506c8374caf0ff7e20110c8bf2f2f

SHA512
b072bba395ade763c02c8a1d10f60197c0007fe87c2aec23211c95c1a41869693e7a1c14ec8e1435e22015827d7ca56574bb1923d8f8495f808df5edfa0b26e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
b2a4e3204cb5a38d37bc24fda5005743

SHA1
cce8175ce24d36ffa18b69100acc4617358a2d13

SHA256
d5aaf5fd2e13172076941015d699c9af87126b9c4fcf451907875f1dc83140fa

SHA512
753d0dff8eca078a5b580a6f01ea573ecbd5cbd77e40bf82bca644fc91631a8beceaaa54cf0518865b1acce9e01bfd130e3834d2093c9a5ee62851d541f70fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
abd65d08d82c49029498834da40c7576

SHA1
7e75eaa5666383f4844fd7ca1a2e7d9e4ef502c9

SHA256
a4e576ea63453d3a0ce9d81beaf08023e9cd0723b8142a14a883ff1ea21d2b96

SHA512
47a3c461fa71987a2ffe01e785278d4af2b12e5816497e6295fac43314dc234ee9de2fcf05997600469724308086991dc36f34da016b04f896258f3c6f1bf2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
46ac2d8a80d27b7a7f7c5bbd9b538ecc

SHA1
1d8ce23681fa75521712c151d50f351d2fb2db28

SHA256
bf0895147bbdef1d5e8496d3ebce3768fd25b2651bd65ffdded69aaac8261245

SHA512
67c2e69f3f586d79e6493d970369d5d63397ec210f52938d570f1a38ba3f46698b6f85a1bc74910f0b424c80a68fe7e0e69568c8fcab40526a5b0cd86c195695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13336749938932057

Filesize
3KB

MD5
17200c50b73c9bf067c7964e53146492

SHA1
2950d3b17207edb048bc8130573296049ef46cbc

SHA256
fe448251eb8d0692f7897a6b29f85516575adb7f5cc917dc1b95e6c02d7aba1a

SHA512
2e18680658550c84c18bafc964bb827c9016b9aefd67b12ac7802432f9f64db965f70e339e96c8852e1f6e42c158f62acc971f5058b271b88ceea0778d4a5023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13336749939178057

Filesize
2KB

MD5
b985ff332ca143e216f57a65824ecb9b

SHA1
cdc5c1a470ab9b541d8676f83db0f271c0f823d1

SHA256
1fb61481f54f49a5c27d5100d917f1ff2da8e5c5cf58cccd0ae23279429d6e10

SHA512
e6135e702ff31622242bd0bdb20e56d9efe2f1a8b7fa51fe198ae8b7f19aa60363962843d324bc46ad22104ac660164d1c10547dca548e2fb8dea654daa1f098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
f06b069e3e9f9282ad1a4bd25bc196f0

SHA1
9d20385d298e84236f8a3bea1ecb3a64795ecbe8

SHA256
2a02bf7dc6664903d4338adcc49159453e682e04291d805fae0f5a44dba28635

SHA512
658ae8a7e82c98037a97ab3a8ace07819dd0ee997ceaeea91d8d0fcc0955893b7bcc417559f86d13f7a3040f57c252ce235f357ccb1c9066ebc37f8f8e631b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
5cab022d7166ab3d3cf39d06047fd453

SHA1
fc4f1dc52e94a794cdc7eadab8b28cc06b7cbdae

SHA256
058d6c89fbaa0d1e7ccadcc5baf075fd57691427d67b759fd41950819a3ee38f

SHA512
213c71407ae5be7238ca2080e07df208bb3cfa0f2a32e63cfb8935cde303c826585ef85d517ea4493ef2a7459355b44b4273bf87ce4081ce2c50eed8a9cf92af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1f1919991d22cba5be3edc5bc7bfe6fd

SHA1
5f419bed0c0a386da4f579f325e345b13f6dc775

SHA256
56bf89e6d614afb853a001174b73d6684c75cd3a224df93137c5c21536636dd8

SHA512
9feed01c3f0d86245085c69aa6a25c83f358a456becaf7b1b0a237323e5624d3a44daaf6e2e3b142387bd5db1a67b123f5d8ba28fa4d8b112876c20c5bb2869e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9e95b9e8cc1acca77195cf3d7eebb7f7

SHA1
8a63cd81817f3cdf3c041805e762720d4dea2df5

SHA256
a930b47491b2dfc610fd07be808ead06b03ac202bf79e0758023c285c4d00586

SHA512
ad8279de975dda6332089a5b6891ffc2e4c405ee08116e187d9147f2f44e9549dedb206c62389339686814b07d3471b8b59b0e5af32ff32c8df4be7487936cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ca8f116ef8e8cc51d2c7809583c1b6a4

SHA1
0b7c582849b736873e4547034f6d69663e1de769

SHA256
ae905c5989fb5c8dc9b013d175eaaead356ab341eba5994cfd5d9df56030dbe4

SHA512
30409910fd293d0e666c7c688d15c2a8b740328385ed7bec2a90b24303372da2abae6696c465b4f592f4ef82490a2aa3d2391cff8324d82efbee6e825c500e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
801c9f61c8ad7e30163065e6474717ea

SHA1
327959c1441867f60d6eb594a92d0db64030dbcc

SHA256
46f1858d81d950ad2eadd152f264c26cb1296d165f7bdb5cbf8a48112724a168

SHA512
b6566a8573a05a35b2e03b2cac5824836a5542426e64e6767293a68d61c943345f154f36031858315f3466d1b0040b2bfa953d6d6d4f154a442c3b4b3a3b24f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
479c06236011941eea3777b8d65ce661

SHA1
c1a1ab0a8103a80340ab05e245bd0190fc2f5f53

SHA256
685f271b2ecee892da175452dab459999df1df25ce67c321a7cff44a84892e9d

SHA512
17bfedb8a31b22f50ea57e5840df22518b3277b99a406ba520416d2b463f372b4e42087816667e7353b951eba75eed8ced94ded532bcec71333dc74e1d48c6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f953e02a0f525f231708a19abd6803e9

SHA1
8cbcbf74d173d9c9f7fcd929d94deba3832d9a19

SHA256
b18efa63fb9773e70a74cebee513bfdad621a43e516657472d3c245d773959c4

SHA512
308ae961528d1d243df25b8e961a96dd788429cca8fa7e2c4b9e0583704f9254194fa53f40253e46c056645c1779c1a7189a98e8e6dd5949a7ccb6522140d294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
a75444212af78c17926f101f09bb3950

SHA1
08ba5cd040c07cff8c8c1f5f8f06d0736308595e

SHA256
685864f2410516d5bd668419989b6b6baca7b961395e95d2698a2df039a2b628

SHA512
29391f2c327511548fd17555f165b3e33d39a6310c1178ca7c5b78c07dc420350949fc70a7455bad9c7f9cd49d4a4e4c8a4d7f57b2377db32292ae10fc44d1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
f220e876b83dee642ef337a00ed30e6e

SHA1
86af6e6a0027b8505d55b8b353d8726227bb30d4

SHA256
6aced524ae051f88d80bf926536cbc34b7c540378d4173895db221036750df6c

SHA512
65be488b2e4ca7d93d0334e18dd9ec1dbe078c0aa0875a64895e4664981124d494460049e2068979caa8bd31fc1b335ab827cebee436627698fc909e041b255e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ab1f61c7dfdf9efafa2a8ec50a245fbb

SHA1
d9c97e36cfd8d1f59989fbef7253ca167a451e21

SHA256
4215471bd35b4dbaf19cccbb92601a2356489f8934369bdfe16c08edf55548ee

SHA512
953c753ba2544e31b415e46ffdd7b76d0c3b3f6c28a9e81bae5354d7fd3af9cc248570614fbf5abaabfac5990b1d954747224f6f3630bf76aed5bc9265d1a5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
e024a88a086c20b20f6130fff7d4c427

SHA1
464c9c89e60f5f4af7b8b518a81ebb780c81a917

SHA256
7f2c3ad81b3c247408b46047f0cc3b8dfa959aa1e6d5c2d18fd72d9cdcb27112

SHA512
941298c7bc58142cee9be8302d7e94ddd994c238986e56f09df0a5e7375af6000f574ea5e7c3b9c5c09d6e7aa785997620daa5d32b068d6dab0ff9f3fb677164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0737fed6db2aeeadfa1d09670f90e4c3

SHA1
a9d1a85c282d36e3de5895b09567826d8dbb914d

SHA256
80e73e88864f85c72d5a30099bcf6e9a2275f1b10335ccca4ed61f2aee9ae4aa

SHA512
ea9bdf26da92a98e0e691957e034081c00b744fb75489030b427b4d5df8c0e580a325dae548c462d13a0083dc7a4cdc7ba53446b6c29e4908a1c48019e187e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2a74914164de7a583a1dafb5321ada90

SHA1
2a34576a6bccaed33ff42b7ae3eb6bd188855c5b

SHA256
b0ee833f34f25f54e3511e8f4dde7e290826c5da5c2aba4ad4c2efe81fb02bfd

SHA512
1782914c89e06b3f3d835d35bf8117ea5a045e515ff04008277e273e208627b2613be948560764b02ade0fb118e7fe1e081bc9ba17adf66bf9a97b72837b9432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c6bf99900736131609c1d9d77cb0c5d0

SHA1
0deae33bcd30cab4f4fee216b5c04412f7c711da

SHA256
ff65aea37d16fa1e50668707157c58c30f66c0c107621d835967c52e46dcb2f2

SHA512
c0f736efa23e129752ba64caab21eb5cf11a8ef19f55c798cbfa7e91518b0905e308e966ecb174a43b4521c5b5fdadbb51ffd2663bf3d7224956f693cb552209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1a98dce59d0840b43da1f5e72b917794

SHA1
61b6a5ddc6256f0457ff1f4b0c04a6ccebf3ce51

SHA256
f39219a53b89751b3536c6ddc32889a566132198701211cc305489cd2c87df1c

SHA512
3d850d721ee8c9615848fa3056aeebd338a23cf5f3cacb78601d21df020850c20485b4afbcc885f3d49c2c054f5532504719810618b07e14a6fc86c7ef700b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3862d9e7cd19ec8e84eb5cc6aa64ae44

SHA1
68e350b53042aefd72902e708ab862fa91c9b814

SHA256
4edc20fb0c6a66a24045780b53d04e9628edcd3767ea72f7f3d18fa894311ce6

SHA512
888cd2fb99cdb4975e56c8f1b178c6cc6bdd439668370ac910fc4863fb7f253bc8cb6e022aa379775a5c51964609d34afb01d3f9d550d42069ae3017f0d4841d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
221929cbd4ce0c35872d1eb6c0498abe

SHA1
bfad9004d505883eddab7727df630b7daac2306e

SHA256
d3333708cc0b13b12ad82d78f19fd058ea796567550e15e39db6a302f2c1c899

SHA512
d8f900739c7e60d5d9460a5ed2666626b70d0f0dc80f6c687e004186ea030b084c59811d38163fdd1a576f820b465db5a9d61e889c56522da112ec45eb162c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4e4178abbab4ce49affe2aebc1660abf

SHA1
ce1f796bc9ee307bab02cc803bab09ed93d0a63f

SHA256
0ebbac969d5c32ce86b0dc4311d4b07767dec2d60471654d226f0b0dfd2a15ce

SHA512
e2a0b4ec175c1fc96dd0da10dfe2a2e519e992868fb002c155640087b9ae02aae4992261b36c322dfb34e88b78bb55cc49df0a0ce68a9bf4376dce97252248bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
50d16783e15f48661e4d563d8b6d9e75

SHA1
860ffddddbacda8d5869327c6a5e7704c4c8cd8f

SHA256
9d83b0822ce5a34fe6e941db0e931facfb800bb7852b5677b570971e19f97909

SHA512
368b43edbfd7bc22cc2121425299b1b1e1d366f5f828bd061c329d299cd54c77c52863573a0f5c327263b2e02d8db88af8beb78b5c300c60952e11d7763c41f3

Download Submit