e92f6b496d814a6d0dba13353508890390157a06ee7428b282b9a3615b91a5d8

Analysis

max time kernel
938s
max time network
947s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23/08/2023, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bootsqm.dat
Size

3KB
MD5

06506b66082704af93dfeeb3681a933f
SHA1

800dd6bc11c4306d2e56ee2879649e0fa26c26d6
SHA256

e92f6b496d814a6d0dba13353508890390157a06ee7428b282b9a3615b91a5d8
SHA512

19a134aaeb0aefa09a0bae2a1319b61bf7f26385258a77eb0eaec05e86f738b36a6c72d8513c5cd74f659b8fe96c17d0787c7d4f2ae5738531be4eccb9687bfd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1420546310-613437930-2990200354-1000\{1A815354-41A4-4D89-9E6C-3AEE1E1D0CB8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
4000	msedge.exe
4000	msedge.exe
3820	identity_helper.exe
3820	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4672	msedge.exe
4672	msedge.exe
1468	msedge.exe
1468	msedge.exe
2404	msedge.exe
2404	msedge.exe
2020	identity_helper.exe
2020	identity_helper.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
2976	helppane.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2364	OpenWith.exe
2976	helppane.exe
2976	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 2104	4000	msedge.exe	98
PID 4000 wrote to memory of 2104	4000	msedge.exe	98
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 3224	4000	msedge.exe	99
PID 4000 wrote to memory of 2708	4000	msedge.exe	100
PID 4000 wrote to memory of 2708	4000	msedge.exe	100
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102
PID 4000 wrote to memory of 3008	4000	msedge.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bootsqm.dat
1⤵
- Modifies registry class
PID:768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb02746f8,0x7ffdb0274708,0x7ffdb0274718
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17665535583128086969,10260394228248745385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb02746f8,0x7ffdb0274708,0x7ffdb0274718
    3⤵
    PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:2220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:1168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=4860 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3633012681573974865,9606086228224219030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3224 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1f0a624ce806cb600becdf291f01bd6

SHA1
36b50ebc04080c1f8caa8d326efb0f5fdbc916f5

SHA256
f83896715cf0bc215d5bd4d86a142c764f7c4d1197465197e73d0f15d637caac

SHA512
d94ea409b994f8a133e1a746838ecefc58cfd2237fde43fca809ffcadc590540e37e0e674a2bb7ac94f91a22acdb374d6eb04bb10a3807e1cb78085b35d1c469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
da7bd56bb98022cb956b843379646370

SHA1
97005dd914d92a55ae511fd2f289a74d3e4cf633

SHA256
dbdfe4aefd8a7c06f4275f23a2091a6a9747192bc74da2ef8912f46797078c5c

SHA512
886c34955ff69ee6beb3129dd891fc37269dc030060529c934676908ccb06e44d368967862fa122589f5e13bb04ee420e58957565903eaef5b81bc629aa3f0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9e651a85f51f9a73aea400d525b49339

SHA1
15760bc0578cbfcae8d8f827e11d2c6c3fd13d3f

SHA256
163e69aa5c6aaab659e179676117d8f07b0a2a88c7867084ce7d256d64b6119d

SHA512
1f595d73ff829c1fa2fa6cb4a7cf5b963350bb3b198f7a1a547610f00de5ae133ea8caa7bfa14fc7976410339bb72bbb31df650bd9a3e3a24554599272d8be46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a0ad61a3d0e6e812199d387a6c871a8f

SHA1
d4527f9f74e388bd4eeea66214770ead55fcfd57

SHA256
fc156a4c54ecdae7b32f3cbefff627ddbaa0e70253fc999f201ead1d696e0e31

SHA512
14581c32959b841d8e7f378dfc2e3f2ae9968a31865a6596d3c1ef742d2583cb8e49b949806e2c5925e0e9ce7bb6fae2076174ea1ecf596e7eaa543eba115383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c39e0fa4b8d778797a42837fb16807a2

SHA1
ad86839490dc9eb93addef26b64af697164114d6

SHA256
48fdf888623a324a64cca29be580542b5ae39f140b24d2109c52898509528925

SHA512
964952100ea3ac36080756fb34df8a42bce02d90b4fdc048757b1d6b8195fed5ea624741a51120a870a728c2d006dfc66da1be7db1ebd5df7b60bc4c7fa49280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2eb27c3779b6ec5df25f2348bfa0302e

SHA1
15878140565e12a6b518acd6c4679e7d2dbafe7b

SHA256
81ee8747f3449f979adf8eb25219c9e96dbca6b7a5fb5913ed88e1183f194a32

SHA512
78654c1e8eaf3bfe120f919a903c57ce56e77048006956476271e4865cbdd1769139fa694e11d3e676c8451ff9148159fc300cc8501def7394f9db42035164e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
56f68269fa0b0869344619f7a7bf70ea

SHA1
dfa485f0a8f947ce5f0b18af2fad334febe45938

SHA256
2829972f1be500cfe2a56767508e573f0eccb970c8fd540f768d06fe6ef19382

SHA512
93263c9fa5c7352bcfc71336fd01dc14701e0e5f41bc1c19398612621c882d07d6ed77e5a94726513671c0a860367d4ef699655f48d635a01faa37ae36a43090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
09d64a875dbf5ceca516654ccbad8c72

SHA1
ef50dbd04a5c39a53ad87e645955fb5df9b4ea7e

SHA256
439c6e60fcf9f7f32effd18945876c67542e59d7d01ba3d28401358afe205dab

SHA512
b2eaede84dd0bdefb8e3d39a59d722db6d3ab5367cb14f52c983f06685bd3987e2b95d53183ffeabb39929db789416f449ac2d6fab677fdf819b0d5cc9b5d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2733f3c655b93fb26eca8f5af9f9cd25

SHA1
822f1a0850531e8b00304ab56a74793b3340991d

SHA256
7546d8bb81830386307f9e153d12d52147faaec1d976e7eeb96c6fbf116c6c4b

SHA512
75460a9e80280a608598713c16ce6a65976be801124ec065d93d85456ad25d68a295e6d3ed649240c083b5448e5599cfab31a084349d56d453e12c8e74b142bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
22e214c13390e248b1967e5aed84ffd2

SHA1
dbb6780f1c40f29bcfa1e77ec5a48ed112d5d785

SHA256
f776d0c1835eb4143a3b463c76227b8da2e5de356f511cb64217a94fd043f7d0

SHA512
f58422e255ce77d50ed04d5a78449b7324d9bfaf29784c2774b17a67693de46f04758c778310d2e1bbe6ab057de9e1b041f48ceeec1fd25be5bbccf6d48c287d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
464a97e7ee4051dfc9dee473e397bd40

SHA1
558ca10a3eeabbb2da0bd537e11d88874f9ef97b

SHA256
cd713b577401812c797f3a0efafa8277fe9ae947aa2773c3a6d8c693f012922d

SHA512
c7bb405dd76e3351f1f89a19506f19b87fbb6ffc518017aff478aaba4871ae2b6cf0d4f0194703a58c3ec56687ec8ba97d357ebbe6b62d9ca41610855ca83149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
42eea3d789ad8d8f68e53cca4cab511d

SHA1
63d1b15db47d8e3ce0af33cb9af1359f3c98c8b5

SHA256
fac4a5a322ea932e685e7d5fffc1f921a125a190d4b279239b9deecd2a3d042b

SHA512
dcfcd6c7b017898abd7af74a9da1acd62dd43d84be15163160d9eba60229ee6d4f750bc5006f348a982871504f2f7b99ac6b5f6296c7cc6a970b05970fe3507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
42eea3d789ad8d8f68e53cca4cab511d

SHA1
63d1b15db47d8e3ce0af33cb9af1359f3c98c8b5

SHA256
fac4a5a322ea932e685e7d5fffc1f921a125a190d4b279239b9deecd2a3d042b

SHA512
dcfcd6c7b017898abd7af74a9da1acd62dd43d84be15163160d9eba60229ee6d4f750bc5006f348a982871504f2f7b99ac6b5f6296c7cc6a970b05970fe3507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
922B

MD5
2bff2d3bcd12241b34c6ee83f4b1a46d

SHA1
ebb5190afebb5fcc7df0c84120e2a68d6caf5eee

SHA256
aea950af99716af834a2a2dea62524f23eacf5240ca87245f92ac509b282f592

SHA512
3785de452303a32f9d1fc330830f5a6c88e09434c4a57d84e30a2aad97a2ea040e896421f07aa609ac3c815269511b3b17bab24239c326bf3344d28744e10a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c1282429eeddf009b83813b4f6c4262

SHA1
65ee1b3197f53acdddde96bd887de903c3b6418b

SHA256
1404db4e3bf6def0e3eceba00009e73a759c7bd253f60ada02148b41790d7b0f

SHA512
18e740a6447e01832a39d1b12ea91e91de7c7615bc47228a21f76e9d6fb8ab66276cbe5dda1fd9805c3baea3a0e452dd80d0c76f64f7763081280c1ba868a8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fdc2af39db53147cc67a7597ba9beb0b

SHA1
8045dcedbaa2d252e2af35a9e45bdc13fb44d81b

SHA256
b45bcc89e78e179f70af68454d9c3362a289aeeebcd2ff3b6b05f3e05de67059

SHA512
941c84776f75b0c19b07959e642c2988aa429c941bca81275e103f3a4d02dd89bd5da504728ce072699a12cf5071b565a2a3b9b3b42e4e48b1cb897973ff6670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79b504b14af7b526b2973ff6988263ed

SHA1
156e3068859058528d185ef38f2761ac3c01d6fc

SHA256
44e2ba1edcf980dcc9b50f44da612c3a7f9939b96d817547f3516a12a078f2a8

SHA512
b4b94540816d0fcb39368611646ec7f914f7214a619ebb886ea3552bcc25e8f2bf9be7bc6d30752a94043be7dfb6d222ee7c120a65c53a8585a9f0f87d5529c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79b504b14af7b526b2973ff6988263ed

SHA1
156e3068859058528d185ef38f2761ac3c01d6fc

SHA256
44e2ba1edcf980dcc9b50f44da612c3a7f9939b96d817547f3516a12a078f2a8

SHA512
b4b94540816d0fcb39368611646ec7f914f7214a619ebb886ea3552bcc25e8f2bf9be7bc6d30752a94043be7dfb6d222ee7c120a65c53a8585a9f0f87d5529c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
093fbb7da01190672bdb8cd7e3e6b445

SHA1
b85eb350754af6836272a593b8686b16c3d687c9

SHA256
1939f91b0d5ca379f45f6336b7f631492fc737bd3a9a9ac935c2b5f0b7192d59

SHA512
16b5f1802f32c2256eb4cf7f6744115b65ea73bcf3bc85ccc07a487b2b276f72b66fcf69e01b2a8d0b089094e53cd1b69fff483593599d7843fec3a425098d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b4590580fefb0b06e64c832f8ed0516

SHA1
041adc06bbfd8b37b03355491e17e2d9b9e28954

SHA256
dbd1e2878d99c3f285fc0d9920794b0ca4d936a731095d88b36f0b9ff07f5990

SHA512
8ae7a81b34d44d986028e1c4f90a52ed97cdbacb4f67065791000c6074f211f459662e1338d98c304934d35c3debba7693995f8db9be797b60eb71d092c9725e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
5b21e17c94561e19ba4933096256ce15

SHA1
75c5884fbedbb2b71acb40b71ad9685ed589b8aa

SHA256
062ae1001b99bba3780d0dc96a5da0cfcd14bba8739e7b01c05e85f7675d4255

SHA512
4044253edb489e06ecc4315c13d1d742c7391323aa18df13d13ebc3c4fc102b149abb690e17d9d250d544e5594bf22c43d59a6f36997742cb76dc43626ea8bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
dc4aa904a49b931c6e686c5f4e6d120d

SHA1
e2d516cc68654c2ccec78a206760c92f35acf9bd

SHA256
679c1d58f55219db636e0005953d4d899737bfd3f8feefa9b606ce1763dda0b5

SHA512
6b0c1c2bab7b96716943687ff0253ce6a376a7d8e82356f831be3c08590ea0066c56ecc9f58c4af366a663c5d30a7d9bab5644da4d208d0c0276a20fc2087b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e9968876b55d2a1b3d4162397aceb32e

SHA1
7fbea48819acc8cdc60697ea7c25a54ced865854

SHA256
15fb0e3a26eec1b063b4908d6abb98a820af0de64a161dfdf8db00255b83c4d7

SHA512
843be783f2afde9554c41cd94e10ca66900c9eb2b4b5f589bb35e8ace0cdd72cdaa9b327cc2686ed84ea61cd1b420bf49885b6edf403ff2c2c0a5a76494a3c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a8d4a94803e107a8f5062233c3932661

SHA1
7462fa6d50576ec3ca8f8da2b293e9eae26ef7ef

SHA256
f209996fbfd0da55d733842bfc915963a477cbac1cd6f5a24372729ac3afbef7

SHA512
d0831db8408b40c65bc322600d45c6737ae337913db755b86a53b9854cbd98e9533713d54b928c750a6e22590de9ee953003ffc3a5c2729c2ce53341e47c6d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13337232648893314

Filesize
1KB

MD5
60d87aa5999d984487171e819f74adf2

SHA1
556d6bace1744bf9cd674ad93b2db50b8aff56b8

SHA256
eec01a7656f0eeba467959f6b4881968b47c2d8ff5188df17c60c34d8adafbab

SHA512
5636f640ff885743fefcfa2ead4422dea60772d87dcfec8166efec542068075dd76855a600096613b74eb09d2e2033dc039e3f6f070c31efb38cb411f73a2d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13337232649075314

Filesize
1KB

MD5
6b5fed40a69f64dd45dee69cfd9bfe43

SHA1
79ee14505b02369d76298877bb0a3b33c29a997a

SHA256
b49e706180d7eb742cabd271f11fc20c8040a8e4f31f92634800ebef8cd9f599

SHA512
55f22a261b854343a5afc6494e931dd7c9f8675ff9a348224772b75876a625d6b3f178e104ce60cdedd8f111f724e835ecc624bab67ad0bb6293c5179a7ffb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5732f7d0ffbaaf5bc19bebd8c0bdd06d

SHA1
3b53d5eb5144460b8004fe2a5575d551e5a17364

SHA256
49954cd764722269e1ee1110406d73f92a202c877c1276cabcc59ebac02e806e

SHA512
b075ce4fd7ec603134f2db536dbba5edfe14f9853bcdd71d434efa12f6256037d7df826ac489728b3760573a10ecb3cfbe9294bcab0a36512abc35ae41f5e3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
18d83b4a6c8f8e50a7856b57f3c08ada

SHA1
0f54d1db2d6f5e87d81e3cdbb8df77e02e7ec794

SHA256
11c75a3917aceb0e0a4be0fdca9c5271730e0f1fe2ff682e5d4e98615946ffda

SHA512
1e8ef026d68c54f2f1802ae08594d08d0cf7f05899962e0300fe58ce8eb00c499e6c5466c93dab78f4628b7e9a59419e24e81912d9de01487360858823151b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
aa608327c376d54c0f8ed2e9b8286249

SHA1
b4fd37d9a8ad8dd25e219af82a17799f4cb3e914

SHA256
547371f3c863609c914a2340cc6a63ca94d34c700c0a2b9b6b360dee0d069bdb

SHA512
0c77c6c4a668a98b78f227f85627e0d24bd784f914dade6c4852700fc02389b9ca779d78a1c66b6b4d6d8f068db3afa6aeb27cdc4d150801f108d6f9a668a95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a1f3252e201985a2fe26162b8c2bcd17

SHA1
fee688f0eace2f4e9ed2ef8a6a0e4787095d7111

SHA256
22144433ffbbf485467f3f48f8c636b405530cf10a0112bdeb605e59d9cf904c

SHA512
4516e13abe8d24de20cf564acdfd0583eb5feb72a8f6906317555aba07687f83e533f8ec5671a48d1101b6b078df8391ac0b12890548da4d2a869ae214560488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
263B

MD5
ab51e3c1fda01b745e25b5f002351dad

SHA1
2cf0e3e25b027ed3e5e3203021a2ec62107b1fdb

SHA256
521739d1b53b36d9cc6528d634c807590d6f41959d84f11988e22c65a43631be

SHA512
e01fa61f47b3c1b2c8a148421977085781f945ec50841e1a5e2caa07215f7ca97752fa1276e3cb5550738b94ddc99b14906d18e8d378d19ece43f32f9a6b58bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
0eab788a7ce417faf184fd7179bdc0c4

SHA1
f7d2257e54a6e88439346a279b28aeab99306e56

SHA256
f3e04f8fb92af9641f75382a255ebb75ce6d12e18e39d51f8e5d7834c321a0f8

SHA512
d445257f94cbba48b6e3bacadac24a2cf6cf0bab706d1fb18af38c52d3d103e593fe914d35b3b4fe71d2e7f790de35a108e4516abed95f060440161bcfcb584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
93e8fa5bd4c7fe67669ba8dea6cb5868

SHA1
eb1f81f970767a8bc2d74000c160bbd6cde57ee3

SHA256
ba4da1819e73256c20f82fee1d9fc2707ad6f48bdf86a6cd9de6e2591430c1e1

SHA512
c2008d810f6afd6554d388b265a34654d853af867cdc685f929a7a98c75ecbbf3ccd2633264529ff31e7d45525dbd93efc980dae980365af60121aae6a7d48f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b2f8ba469d33c32c64a3f6b609682cf5

SHA1
3eff0d58c6f910ff0b215f8074f4b4c9712fc704

SHA256
e1d82ee978c020f2fe4de9321510125f0c3f4a20132f5afb807c9f0153748a6b

SHA512
d0564aeb2afde38f7dad9c7303c355bb93edef19a76f21d86c1828e1308c1be8f1615d2be0a50eca3aa8a559854b44cf973c5826390d42f0af94f0ffa32323fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4a27dfaa8f1ef9678db45f45cf839b36

SHA1
67dda2e0a9695c5f315f196c3d0b35829729e2f9

SHA256
15330c873204108092bd8f2b35d00fe31bba71b14db1d445c208d82c9bc3ad36

SHA512
d5d64471283d517bf1fd4d94ef0e6ef7924917285eda5d5d3739e133ed089e03c713190a7d515debba5527044a9e59f2eb249bd5c6128a65b33ab12858936d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
04dce67633e8341801c0a8ad4ee9dce3

SHA1
96ac7c21f1122e94762891c293c41c44f7291b5b

SHA256
ea26a49d0d0582dfd0e2a97a2156cd5ebdfcdf46208095e53f2d4bf8171a58e6

SHA512
866547b5217d912407a8c8af835cdeb01ccc145f1ded06322d794b9baf6d0bccbdd582ba3d111a8300702dbf34e320f332e3c25f31ae9f40c8e852c0b58c54ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0e2da8d203053bd6e0d2a16ec2309926

SHA1
1fca8c56e3a0a13c01c52c2a650ab67e5b2ebd54

SHA256
cc535351842a0f0957e33445223d2c4129a3c5f477df649b79c55835307a4e38

SHA512
b69eb42c7dc3ce49ba21dba1fb2641b2963b2280bfed7de608db12c8b0e711b9da3065583c7449bb850c3f208f55e7955479847510d57e482b5f2b931ea27113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76417c21246f49250e1bdbc82ec1402f

SHA1
bb0a5fb09965c28d2432f640aeef90928f6b9486

SHA256
be7f226259f67f43fbda2b3ad233e77b0923fe4942c7a281da4718aedd8aa85a

SHA512
64b876f933e07c6e12c42a2beedcf0c85c57261b3ef955cb439134a3c90af47dcf9c6882e393d3c505f6acbf063190c67eb6dfa68c03cb21e243a149f18876d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1590f7b28baf1b3404a44c53b7199b0c

SHA1
5c41ab3e0874fe6987a34c391c6d13b452a29d4b

SHA256
4a3be2a1c59be99cdd3bb473d37c4b7a022dca7cc561da6aa0e6ef3e8f200d1b

SHA512
7ae0a9c6a41b39685dbec17040ae06be77f4c093c631dab059bc94e97ad14344d1b655e1afd56cfdab11fe1f3a8191474f1cecfc81840632e7396de0db3ff119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
81f96c13d8e78a346df5f381208d2b21

SHA1
83b3976ffe9f4cbea219de22f7cc78262ab1afc5

SHA256
e96b98ac1a3af8b91e5bd02d45da037272e98d22c87176caf054a3ebe8576e37

SHA512
7f097ec30a25af181e99a970596c64162862c533ce5c7d16090e9dda4fcc9d4ca6344f87d257daada29b09b10692e0d78945e28d83bea6f73296c8bcf1df97ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1590f7b28baf1b3404a44c53b7199b0c

SHA1
5c41ab3e0874fe6987a34c391c6d13b452a29d4b

SHA256
4a3be2a1c59be99cdd3bb473d37c4b7a022dca7cc561da6aa0e6ef3e8f200d1b

SHA512
7ae0a9c6a41b39685dbec17040ae06be77f4c093c631dab059bc94e97ad14344d1b655e1afd56cfdab11fe1f3a8191474f1cecfc81840632e7396de0db3ff119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2b20eaff12999c2ba291cb808ba43447

SHA1
febc4dff1e5eb7dea308333a6762c3fcd96f8b3d

SHA256
ef344615ef6febc1dce749a09d8721292e68d7531876b948e54cc91fdc8f283e

SHA512
e2d1c124d601c13cb977171a21b1b4cde6c1ed3a8d54e78f5c14adc64698e9c42da83d3d5c0d9b229a5636f9c028ac0cf03a5de5fa657138c3b1e5bd2f79771b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
1db36568fd483deeda5caefdeb357d23

SHA1
fe2de246430e856818a5127e368417f504b3db86

SHA256
9622342366c9fbf11ebe604e0cc53d7b8ac9483f30ce938ef1e347ebb7da7d71

SHA512
eb9276ea865792a1baaddc813560a4c03e4f2c2f7773e043ab72b24c1753496868c6c70237d4075301d34677705605a2b92927a872fc77e3583d44aeca906fae

Download Submit