61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

max time kernel
82s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2023 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[email protected][email protected]

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	[email protected]
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	[email protected]

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

[email protected][email protected][email protected][email protected][email protected]

pid	process
1120	[email protected]
1120	[email protected]
1568	[email protected]
1568	[email protected]
1120	[email protected]
1120	[email protected]
1120	[email protected]
1120	[email protected]
2996	[email protected]
2996	[email protected]
1120	[email protected]
1120	[email protected]
1568	[email protected]
1568	[email protected]
2996	[email protected]
2996	[email protected]
2160	[email protected]
2160	[email protected]
2996	[email protected]
1568	[email protected]
2996	[email protected]
1568	[email protected]
1120	[email protected]
1120	[email protected]
2996	[email protected]
2996	[email protected]
2140	[email protected]
2140	[email protected]
2160	[email protected]
2160	[email protected]
2996	[email protected]
2996	[email protected]
1568	[email protected]
1568	[email protected]
1120	[email protected]
1120	[email protected]
2996	[email protected]
2996	[email protected]
2160	[email protected]
2160	[email protected]
2140	[email protected]
2140	[email protected]
1120	[email protected]
1120	[email protected]
1568	[email protected]
1568	[email protected]
2996	[email protected]
2996	[email protected]
2140	[email protected]
2160	[email protected]
2140	[email protected]
2160	[email protected]
2160	[email protected]
2160	[email protected]
2140	[email protected]
2140	[email protected]
2996	[email protected]
2996	[email protected]
1568	[email protected]
1568	[email protected]
1120	[email protected]
1120	[email protected]
2140	[email protected]
2160	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exemsedge.exe

pid process

3920 msedge.exe
3920 msedge.exe
3920 msedge.exe
4360 msedge.exe
4360 msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

[email protected]

pid process

4472 [email protected]

pid	process
4472	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

[email protected][email protected]msedge.exe

description	pid	process	target process
PID 1428 wrote to memory of 1120	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 1120	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 1120	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 1568	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 1568	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 1568	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2996	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2996	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2996	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2160	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2160	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2160	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2140	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2140	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 2140	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 4472	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 4472	1428	[email protected]	[email protected]
PID 1428 wrote to memory of 4472	1428	[email protected]	[email protected]
PID 4472 wrote to memory of 1260	4472	[email protected]	notepad.exe
PID 4472 wrote to memory of 1260	4472	[email protected]	notepad.exe
PID 4472 wrote to memory of 1260	4472	[email protected]	notepad.exe
PID 4472 wrote to memory of 3920	4472	[email protected]	msedge.exe
PID 4472 wrote to memory of 3920	4472	[email protected]	msedge.exe
PID 3920 wrote to memory of 3208	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 3208	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe
PID 3920 wrote to memory of 4952	3920	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:1260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffe099846f8,0x7ffe09984708,0x7ffe09984718
      4⤵
      PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:4952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      PID:2000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
      4⤵
      PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:4928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:1100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
      4⤵
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2864931001389473502,2245785608453850300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
      4⤵
      PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe099846f8,0x7ffe09984708,0x7ffe09984718
      4⤵
      PID:2648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
      4⤵
      PID:2392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
      4⤵
      PID:3984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
      4⤵
      PID:2192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:1828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:1060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
      4⤵
      PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
      4⤵
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
      4⤵
      PID:1072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
      4⤵
      PID:2212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2490603592296377125,1851744668143360495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
      4⤵
      PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ac9f30591cfd1878c9676c64f9bb6db3

SHA1
41f872fff124774904c73e79ab6c34de86399276

SHA256
ffaaa6d6ce0550c17b6c3b709ae368da88a09cc063972fe9755e58b67f9a3bb4

SHA512
2dbfd74471986fdfe58e31a5e143dc572dd3c5da89e04347d0e633330059fecb5ea1094598cca4dbd78ee357a0d04909a30010f2ae621c368822d5abf6255ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17242c1a46a0066b1f588997595e4bb9

SHA1
808cac0b7a961ef0e1d7a44747b507145329b9e0

SHA256
8da28210cdd4437fe75c91aa7935dd2e882c78d424e55248d32191f995546d27

SHA512
7eaed44f05d814628e5a4b361c11351064fe67581442b3ec11cfca3229737a7f99c59acc39b1275dc852b8b03bb1ef2b63f73ce676ee8b46443e46ebc923bfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
76cf506bef3a7a3fcaa809faad2c2790

SHA1
dc38623c50cc293566a5a641400e107a837a9dbc

SHA256
e156035b45b679340c87dd28e59f6853f109bfb7c59093e25f39b8426a24326a

SHA512
76cec2bc5f50094136c2ccde76ad0ba9791c535da1be9f1cbc1059861f005f30235a2b53a68064e5997f75fbdb32d3dc770f1157568ee0b63f09aff493f9cb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
273e446d99d74b3148c17d8b269d9316

SHA1
ed50850a8af21aea5165fb5d29819dfe5214b072

SHA256
d507f59ad8d1d0849b3c4a8a4454b32e85b38f0cfc6e2d7aca3798ecd612acb3

SHA512
e16ca58132a55369152bd129d0be3252a11fcdf3bd0c7865e527c327c91220458169a246e37c573df8bcd784f15ce2253031e838518f8fdd5fbf9ee73c8802d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
25dee07d353072b325f3eaa9d38658a7

SHA1
5e4800c3500fb8c163552b94b6a3a50e3951d0b2

SHA256
7ff58d57540a2b6ed9851e35d4cff0684b8dc56b8c30d69d7745cd51dfe1aab6

SHA512
d17a9fdf5439704c68a5df4f2e7a80a247b675a04c462f8c7e389c1283db62b5eea0083787fa7824bb87e71ecf56dc6ac5446fc047f9498650fa5b94aafdf835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
1.4MB

MD5
4cacd110650ede9ccd9736cf87d22647

SHA1
9e71748497e827175e6e2d5f4bd4f2085a55b93c

SHA256
aa1c82d24749f0f67b8389cdda1b56ec70204dee9dec933d579e9bb57920c565

SHA512
cdc11ef8f6111762501be900d51585d9c1ab0fb5dba2d7b542f7a67b89547b3e41cd6779efcd2f9ee8cadd47bf6ad37e89e943a38b4d67b91a4466c33c1b99e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
182a7769f03e95c28640bb17a337efc1

SHA1
3d84459efa31e12eaa2b3ce384254549235641a9

SHA256
18467c6090fa576f13d811bc7ac8a7d423b0e88e5c9edf5f988cd8e05e22ce88

SHA512
c00e8bcb30491fb9463352987aa2d3fabdc468c2ffaf6aa45050cc0610c0e3e016ddce00ad24b08214f960a909dc312b001f4958260b7a24cb09289476a13c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
8a71b6591fb613279af865c827865e36

SHA1
2a915c0f84656131220c42bbbf9a6505d0d86d01

SHA256
01a24f618cce9ebb1acf3f499c5f5cc70f9e6d0fe7d5b4516c73194567230660

SHA512
3f978a03a045a5624db26b7a7a6641da2d1bb6f1fd29bebfaad717f66601666588cae44297ab77163905697654314cecb1b316127ce46a56ccf53946ab99631e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6a4a7d101341389336632ad3dcb8a4c7

SHA1
6cf7ff837018ef1633b5c96e6a128315816bc99d

SHA256
fb562c7794f0f9a4c1feee0958322c47aefbb3d813f11c75b284d5e27529339c

SHA512
1400d07235fa33c113dfd56157e1d2bebba37de72fd9d6bbc0e716113ffae004f56a9a9fe873cfc143ced83642badc0bfb7318b26ef7070336cebc4716f049cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
bfab5d73c8cecea69ed237f6b0d6de08

SHA1
531e49ef20232927df38d998ca3d1a829b7a9321

SHA256
7b53e1207326e6afb705ddaa3ce473e742fe7151d09a4d64e49412f63d0e45a5

SHA512
f18b598093daba7d51bc3488c0aa4b8cadc929ce093ad4ed231af2700d5f84ceee75cfab1cb2e30eacfefc9d6b01f3680f0a2f7e6bc4fe98a4a0cfe4cf27d036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
1d63a4f2fa0663dc3daba65c09cb93d5

SHA1
43eda3fff9f8f87d5d80f6cad610507f50422403

SHA256
7c96999bdb01981122b0ccd5c0f307b34a151840d01f7c313316bfb920ad82e3

SHA512
14b73f3976e91cb8fb27b7d3fe57b19a8e7667f5a11675e4374f33f45a7cb7cb498428925ac5cdf6c2b94e0d9780a4394b27607d795a90618b07e23b44e9caad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
77390fbf936f5aa0b12dbe7daebb4f33

SHA1
e850bee5000a362ac68792efeff4a761f4e8c414

SHA256
78e96f6de90a715554f31c5a9831cf231b3085d6876299fc0aff20bba2c9f53b

SHA512
e797dce080fd82927ad3155959ab65f6b611bd32b6ebf0004231a689199b9a09e51338c8fdcf856f04033767d5c686d224d29af5334a94aca9d02500faf47041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
e0a96ba0c90112033c8d03249b80cb52

SHA1
68db589dc181fec24a8bd138cfda55d009c23870

SHA256
ea34a3fd7bc81d5fa4cd1f4a4b496f797f06fbbe4f983f96abafd0502d70f5c0

SHA512
d638b48f011687e4e599aadd74f045549c514bedf0ae8b08c23229507c0c2cb26b1ecb1b5aa5cc238ae69838854487155081c45f4445e8cad450ed05efa72c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
c2245eaf410ae4f76cf86547f1d0d1bc

SHA1
38688d50bb8b2ed7aed01382c3cab6928ec5e97e

SHA256
1e3feee8900779c8a05a69e57bd217dfb405f9b1072dc01b16ea9e9cfc4714dd

SHA512
384be28481bf47e8265b15779f189f1608d10d38c01d4eedeab421f2ea02e7238daa75be3b90ffe3464a83d5d9c279614d7fbd7d12e5fb0a98b7585143694f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
acc701886b5aacd0f6882c6605475b92

SHA1
3b28c6a17c987156261c10886b41e6db08904b0d

SHA256
bd0d37f5ba244fe2484842aff2ec3b534daaf4fcdd7da7a4d7fc3f3019b0606a

SHA512
9b4d47cd15baaf22c949bb6e4a9bbed13fb2b6d8393e5c25c3bc87ecdd37758b1ca8f49e1c4cce905a14bcfcedfdbf579668c672380bb6a9310ff10793c65d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7ffe18161c9c26fae0f20fa14856780c

SHA1
422e411a626f3f756ba56c0897d6ebac287a5464

SHA256
defff7e2f1a97a5f10cfbad1698223a38bce7739df7c03295236f93d1819321e

SHA512
1702bd736880f8ffd869b1b0da3932897c09a5d79daae41145a74c27031882a2947b78b0141a0c316a626880339164ece5102935cf6094573b1f224e4776cb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b6f38c056ad432d2d0a9f5f06380741

SHA1
890282957e49e2bcd34a21055d903b82df5eb729

SHA256
da77da294fcf2aeec7e29ea025ca3ae4cce90109550446c6b86956213b2fe041

SHA512
a32fa74dd1c9486ec2e133218a2b7f599d29124e52e1eeba0017197400eeb1a1fd20268fba0a471ec3c7192203cc16501ac5fabb875711144a6037ae35b9886b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49ff806833df89b4ad1f0778ad8a5b92

SHA1
ed76c87b6fe829b632ee61aa8828ec81534a461f

SHA256
f431f05228dabc2c74c28fd78d6944b5013077c4af31720e8282ec8a4bd010d2

SHA512
f59a4d96f4b40ee8768534bec6cc39bff08585bd65a7498f9e802c23770dd84895d1744ac4d312c723bd8a9ab0973ea61b9d0cced9c57a84fbb7a6ed7a9e064c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3449efc418b4c360cb2457637f8ca5bd

SHA1
5aceb25c7d0dcb9d28e720c909dc76c2388143e6

SHA256
d58be2b435e7b9f42a39e5208bb3c1fee00aa860e46c3438fac2da6d20ab88c9

SHA512
5fd46a1d8e9ca5d0d533c3ce4cad5ec21687f9533b956e0d0bb2040f0974847b82934d084c339708aae89b1792a706178110d91f91dae2591bd14e8c5fa905a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c679cf0a526dcff7fea46315561f4c65

SHA1
997cc51d9135cdb7d664dedd67e30b2c9df98453

SHA256
c1380a4b92e1ceadd769eccdab900970f0c75a9deac9932edc311ec756610f72

SHA512
24658be9de607a3afc56070e6d39ee128069ce26fcb3878c3eb09919b479ccfa003f1ff010e1b0e85f15b151671a236a8e526bd5aa92e52db0cd9ed93a43563f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74f7fd48547082a5109484504e09356f

SHA1
e29983a0611c6b0c41119a502a2d987c52ec083c

SHA256
986087c5e682531e2b7a3d8045af568c2edd0458e93768504864ef8bdb86cd2c

SHA512
2ca3c37aef9091bd417a71e8b3b75d2b73ce892654dc4fffd4b4bb4d8835600123e41be1b026b814a197712866ab8588c9af4b0d768763e4f6afdc79b92c7610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdb3af9439dab04abff2727c25d31ed7

SHA1
8869b97086bf93d74e592cf7c95bfd6ea4b3d13e

SHA256
16eb50cfdd42e413dfa6e480f62e243c60028a178fa1742d4c0d4fb751d7b9c0

SHA512
5688608360a011c6c7eb0282e044114a1d10c557a5be362dd8382f5acb1451a517c87ef437984343de739817c074fadfc36e4ef8a1be7da99c7eecaf6633ea5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb830f2701c649297bcebd676bc8059b

SHA1
a8a37eca47df3b14a4a89e7dab69c1bd99b5b75d

SHA256
049fdde69077275e49143b3fae7788d6fe1f4dea18cee85849ff7816685b93f7

SHA512
da1b94600fccb69e76eabae3ad4968b2bfa9cfd59a5504664b32d386a144ff3d31e48a347185c711ba2766de0160fad9ee4abcd4ac4fa95f1d370c32aa84458b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
4c1dea334d88505736ac1c3a41a17c9c

SHA1
15355eb2e312e8287a64608402dcf50c0c6317eb

SHA256
2a0834960822e8fc7ed9161a6527c64c38af4e44f6764e4f5f6b402a413d660c

SHA512
34a5af3bb722157330c1d74c0048c46efde7a98803aa7761c55468da3c015e12adc79f1282f25a112eafa9b27c19e04021c0dd407194ae6e95e40063b62e9beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e029efe70912cf57d40d04c01776d41d

SHA1
94eba5604a8e4523d23565ac3ebcdcda4005e4eb

SHA256
57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

SHA512
3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
ff1b4c0baa9d9391e8841c0b31155ea5

SHA1
e07b03362d84371f5c3a82e158c60be87236a525

SHA256
2f46c83a02f1c8ad99bc553336066d1652834cceae69892a9555a6d3d604539f

SHA512
85a2b38a07cc7740e30a8f7a8f2e06093b73dbe02e83666be6bc5e4b7467d8c1d197eafba4d4a5ea7168badc3865455fe847a164568d3097d0098e69bcf8daa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
444550a1dbab8482751159fa6a6b7060

SHA1
a6fa6d738fd9dff8a5ad7ea813c5c528e9da3784

SHA256
27dbf40139ee946b4b0d6f4de9fb445c6e38816bc1e05fb6d5f3d4187910cb46

SHA512
2e43e62a40fe08df28ff6181206d9bd808cc5a8f11199f719437ae6d52ec5e914a98e778098ce9f91b898fed00cf2722c4027324c3f54520e3dd43b509511afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13347125757171703

Filesize
7KB

MD5
64fd51caaabb0767f6ca26bf068bd6e4

SHA1
9cc43dfa7e54d97f874a14f1238e22350af4f0c3

SHA256
04fb42b3ef0553ad686a0dce26de686efc93d80b0a0fed5fa4de1786b918ef08

SHA512
fcde1ed928901edf174b512e5f87be0ae73f431a612e490b7ff0fa2550164d78977800dcebd0d1067dee94b371b47aeff6812be685a0f068c1231e680b7fc68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13347125757968703

Filesize
3KB

MD5
24f84fa90fb5c41079812e1e0f5a9f6c

SHA1
5b62332d2bc93e4bc131f071468271b0c6608269

SHA256
f72403d8b08ff0add8e164bcf2cf7fa79225eeb8dd578fdf2bc8f5fb389de336

SHA512
af7843cc789b2e43bf6e5655792280dd24bb29605a6e185d971a5e622a2b39e4826188c8ba2debf3387b7f00dc35dac048c220a7d6aa07c86f3494e4b30a28ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
11f0f25b2626f25adac9ead207f25e9d

SHA1
dcc8a96d305f89c359970daf88e0afd1dc941d0e

SHA256
b69068feba452115b4de140ec8415aae91502c38f920a6a574448a90165b7288

SHA512
caa1038716571ab0f2d4077b07a7cfe685b83f280e11c88d6fb02b9ce840d7b2ef807a522d6c007346948c23517cc3ffef187dde9af4f0636bd7d843175033dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
eddc994e5c9b78f1b21f000436d5daae

SHA1
6dc90e0493d4a6a75ebb096f12e4457a069c63b2

SHA256
4b31e0bcbf8d4eb341ab6f7b9170c605780ec6b491a0aa4dc2dbab7052f5905c

SHA512
3b0bf414206ce88b8a915c7fb2510fc3afaa0921a234d928be2f9ec6ede4c1a70ae85927a3b5c39086d44ba69ec1d25d3af7ea3aa0a854a332b38d161ec5d595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
121c033d90bacaf32e3774c2ea5d1d40

SHA1
61d5efef76a36a0139a494ec2e3432f2ec9e9925

SHA256
ed34bf50dc499eb65c9bbaf9e4389b1a4d9419fcb954f240e37a5933c55da718

SHA512
00588726053bb467b2f9c551f06d0a9838fbee2f77decfffb5cfd27c04e5472cb18f71160f0e094ff1c10e9f836ce34f53dc277986dbe40ae75b4f98d98ba904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
200B

MD5
4109d23726f597ae90ec1697614a2516

SHA1
27ce7073951e475f75d47a2349546341e07a0978

SHA256
d01ae19ca7673215e433d37a2245c1c3bc06faaee28385ffdc9f2aabe1cc6e7e

SHA512
45b7f36b776462f0179c0f2d5f8e9599ce3c12e4189dcb67115d43756992c7f47e5607355484064c3ffa9bdafcd083cb59ef63f9624ab73b2980fa39858887a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e145eafd6f5fb1149059a7ecc9a02360

SHA1
4110fd656f183bf8433059c0d1f0b8ec47577855

SHA256
fa34ae3e91bdb8bfe3202cab992abd52ba07e7dc257dba805e9dcfa2341172f3

SHA512
350bfbaf904ce3b9e8a46484aa4ef25490a0a3cad22cf86769edc5f2fc815dd2fe90d7d26aa5ba4d462d0a0e1c43200be3b8a383532740838896034978a6a50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591beb.TMP

Filesize
204B

MD5
f69ece025be0c54e8fa73a529263bae2

SHA1
fe9b830118c3982c2549364dae0f797fdb95a04b

SHA256
ad4d7251e5ddc83c450317467ddbb16f803055d478d4fd728365c11685be8683

SHA512
0594589a7a3eb5c4e708dca00f140a97a88a19f2a00ec26f84d28e5adf726a6b94331f64893cf4276e3de832ee2ca7978888e51d964adc12bbe32d42ca2098be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5a00745a36007efb39908e5465a49cb2

SHA1
bb8854a8566b5e5ee65e6336a73399fc0cb2f9dd

SHA256
b48e4d63d0355c65a80c95ba16f5aa74a60ce7724bc16c69a8922f30583b4819

SHA512
c2a93a4f8b6de7516329fbaa134b2a8b00cf197ef1ac84917df7485acc1a83db39af350564c489837c435716d04490f9b0ed0027c540f7e5be9377a4346d3ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
a1d57351a737e7633b5261380a564839

SHA1
0bf18f20b97d35d8f7f0aa367737f011d8a54a5c

SHA256
13c95d84c9b9f7d3e661b42c2b02102076a8138cb4610e25f89d1c0a98b79813

SHA512
a49e66a0465cc4651c3e1b37f198daa8fedb73b38e5e8ef6598f6d2219cafd8dd7a4457cabe1184fe50efcda85cd4d4b5ab6ed26df9892a9f1b92eb94702c94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
77031c5f1d920a9b0cc0ebb4939ab971

SHA1
da17f9885103645e8c00752d28692bbdac14d063

SHA256
cdec30a3ac6c62f7f25bf119224a86a15f1d93945de29a26844c37ea9b521f17

SHA512
6681e46c72ab50433e1f972368b46341b833640dc00350c38f136c7d3343857b6eb7101298a9542bef7e1fe9c2b59b3e5683c2f3e2bfba03d12b7b471ff32219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
175B

MD5
5bb608a9db6a1c0110a2f9001d234d77

SHA1
e3a69aa0afdac94c6de4e53ade08a782a8f631a5

SHA256
d28d6f00901ecaef5b838fd51a416ffdd179450c5efed12c57b09adcfaf0ccb9

SHA512
ba461d2656e7d5074e9475d88186838d590fdfd4c5bd0f33e3cddda9426b9698b59c4c58f149720f4bade3b1bc213e20f47b56b47fc8c29f5488c1dfbbe449ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f236d7379e539be0757b0e78d09d4424

SHA1
53dd2c756b2ba4a833ba2da6b7f46bac5719b4f5

SHA256
1d9f1caa5d7719dc9461ace9ce3ce886a736df633e93ef37a0c9a2ecb7792bb1

SHA512
e3c0c1198f22e1aafea7bb107354460e1520b06a575be8a19addf11fc078a8544c6b4fc2c8563e3158663f627908d11ecff80dfa7486d0c96a56454522129222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
815f63dbab70a01d17cf85bafed246cc

SHA1
4d3d5fb9dcf562f8998c0a288f1b5c28eebf33ef

SHA256
6116286079c5b62c8246d7452ae98486d4bb9187463ab21f2a35745c86060d86

SHA512
2d7227045ecb37008801f7f6997f35031eb61f14d79a519b63349d0cacd9d76598744652d94ff1978c6d8174c01f33abf19731509c6651eaa09609cd3a0cdb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c9ab893058d9a7346d24fca16d52dea1

SHA1
6790008246adf32ad004ba45e62d0c77686fd06e

SHA256
3502f930ed22445c77ed9cd4cbd980b250f1d6623aed337d78917dcba38a1291

SHA512
51d7c04e7dcea7a4a9cb14f974b65a755ab833f2bb1330fbe0d0f79b1c0ed42e31d4c045336d043c44fe358b7fc5dd73698bcd384e17d430b51193a38efded57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a6e179e8906a13607103486c1a87d48a

SHA1
0f83ebbb2a5e9ac2e95c9ade25c6752b0369af4d

SHA256
7267fdef5b4c1bcb81eccdd520ddfae1db12d90de957a4ada19ad685f1671d97

SHA512
d0d1c4301cb356572836d1168b4056c9dfeb64e1616b98c735d68eb65e5c024cccddfd68dc4da7a9d00ad4f831b29a2697841c91db095bab6d664d8c5b02ebde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
255573a924f9bb76c9bd5c74239c4029

SHA1
666d4007ba2260fd5a6988f2c848b52788d7a66f

SHA256
3362f33b00b9efef52212b6bd078bab030313826e0ee8cb857dce844ab9f93b4

SHA512
08fc3821cb11ef21656b208337edf1a3648672430c07c48df97ae0d58cb771ec1ca7aa8184196903b2dffb554241fcd85e17cd33358f51846375de9466aacf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
832KB

MD5
2b3e408603fcd9acd09da581dfa2bae1

SHA1
6e1e416ebe052b26069981e5694bc804b047fe00

SHA256
0a789e3afa6c16f2e5161deae805f4c7be8f280dbfa09a863b8c1b4c2bc5cc10

SHA512
658dd14d956a3a5f41847765ada21e19c567785d282bc0c03a37afb23edaac4eb0f81fd7961552b880014dc92fd8582726fb10500274713f809cd8fdbd83599a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
25KB

MD5
596c754665dc3ef9437ef542eb4b130a

SHA1
2fd7ba914e8df3314850a0f0085d5388e7d45811

SHA256
bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500

SHA512
d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
622bddeed5ad46d4ed632ff8d6ee1795

SHA1
8b5206958261af3eff0aa9242c5be0f399e5e5f0

SHA256
9bda533d121065c8ce9fbce654beb48e3148a3cb877704d4072c08cf5bae0ea2

SHA512
3e5c647a685bfa60c2208c5ba71324742f120aa1a2279da9057b451378586a7ea0eb51f5b2657a59d29ba5fd0e944e1b60d049d341c7e263f8d83f43377ee2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
becddc0b8922876d7efda8a51f895735

SHA1
4279f93b22801747c8f0cc21f6c19f445355f736

SHA256
194dbcc55c8f92bb5f8023f730377b95e66909e1d7bb811128db027b502eaa21

SHA512
4c1e54871611c8faefdecba1f52537123f6bd55186ee5e5939ff4da65a11a75d07c252e330139f9d4d727f0a6e9ac819c8fbd857c58594ee0f7e6f4740d5e79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e24b9d37b6509c347f1cc9db85af7b9

SHA1
4a44edf0a91b7961cc8cd0dc9dec4b16968519b7

SHA256
b75249dd7b6708072780e57e41c18afadf0fb2da06630303f91470e47caa0d3f

SHA512
da08729312f437b6458b8dee9b486ef737e451bc1e550771319b363f7547ee33faebeb66080324022912466f49b09efff63c297f598c245d75b11da3673e0fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
da7ee64ac772ead9e979e5e3626d63c2

SHA1
d439aeaa770f83f870458386765a22650da9abab

SHA256
d90ee3c2ad399c2980ea93931bcb7ddd1414879a08b2f03324ca921ca0def5ef

SHA512
060218432fb2aa84f0bc730da1c3ce2c7fd1af6afd5065e840fe6f159a9163cf9b79399b8c7c5c5eb97107fc0cfa63dce8335344add35dde688ced70e6f33f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
32ac88acf34a8847c0c3bed930ff94ef

SHA1
8b00241da0e821b58a74e42c08b2533222d30fc1

SHA256
ee557395f56a6bef412ad4f2fca756b42e6d494aef56b03bcfdd63c4a570cf5b

SHA512
20ab18568a70e476c5409c3d18722d4065091f3b7fe4c30b29c32e27a2a6ec21d43f803cc5fbaf8d8d05d9edb5e12748ec6f69ae313fb16c87b48b4b42f36761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
f4246e1ac4f9d0d19579027744722256

SHA1
4a0985673c09a02079df83c762feec6d687433a9

SHA256
84a19f8a9e81d0302a66d0993739603d615f1b8f85c8239cdc0acf771016a318

SHA512
4e5423d5bb80ec74be01bc8a867aa12925a512c4b641f26c20f4f95caafc1df24d1fa5136a9c23a2fb4aca1618e195da9d9b716ea7f9257d448bb2dda582573d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
231b0fdd7a31ead72b445043b9e7b24a

SHA1
dd66e8497f2a019791a0052d1f6a42205c123716

SHA256
59d2d2473c0adb15ea99723ae8bb004df95ea0b7283e5408a0ce7813a385acf8

SHA512
c8e30eeb29a4cf8ff2bf80207e4ea87bbe8383cae2ad11bb0a8d12d1182b9e39fc7b2e0f3c5db507b7e921e5e565293b191e41c0d9555bf7d47ec7f7ce6e8e6a

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3920_APAHHBNYRFVRFCRJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit