a945a56db0c3b346a4891961a7c9e02b06518e5a7cb49b0492e02824b2651cd3

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AimStar.exe
Size

2.4MB
MD5

249095672a78252b64dba88712e6ad31
SHA1

ad66bfffb271041be010430725627883337dc448
SHA256

9ba69269c98656a1941e3e927e26449c36e09d0e540330b1676f4703b52249ea
SHA512

d5f71d53afab5306195c0759f5456030a610050a46aba7811387642ac04f4221159b7d1c518ddb042bb44d7e5189f13315f5b1bad99023b9f2517ecf6d08401f
SSDEEP

49152:G2GLzRyFH3GOoBj62830POnEs+I8L1dHh5QcmYD9yDiU:GxNU3GxgEs+I8L1H5F8n

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1312	msedge.exe
1312	msedge.exe
3992	msedge.exe
3992	msedge.exe
2824	identity_helper.exe
2824	identity_helper.exe
3104	msedge.exe
3104	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4500	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3992	3528	AimStar.exe	98
PID 3528 wrote to memory of 3992	3528	AimStar.exe	98
PID 3992 wrote to memory of 1920	3992	msedge.exe	99
PID 3992 wrote to memory of 1920	3992	msedge.exe	99
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 3036	3992	msedge.exe	100
PID 3992 wrote to memory of 1312	3992	msedge.exe	101
PID 3992 wrote to memory of 1312	3992	msedge.exe	101
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102
PID 3992 wrote to memory of 4084	3992	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\AimStar.exe
"C:\Users\Admin\AppData\Local\Temp\AimStar.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aimstar.tkm.icu/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca6f446f8,0x7ffca6f44708,0x7ffca6f44718
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:1800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
    3⤵
    PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,819823686244828629,14252694183727508136,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2084 /prefetch:8
    3⤵
    PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aimstar.tkm.icu/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca6f446f8,0x7ffca6f44708,0x7ffca6f44718
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15156220889753862967,5355876792638755428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15156220889753862967,5355876792638755428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15156220889753862967,5355876792638755428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15156220889753862967,5355876792638755428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15156220889753862967,5355876792638755428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cada984b36f8c521615e7b397093e6ac

SHA1
91df139d94904bf62314732300ac483b8933067d

SHA256
75558dce1cce08b7276bcd0cefe95ceb97bacd024146d95594d19af45de52220

SHA512
a7d7db8e674113991cd0ed1327f82499a6400e4770f778abb2343e0eaf3d0b37e8de090b0299652ffe2fa62731b04bb1053db4b41804756393217a0bab5473b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1a920e251d9c4cf3a1162472508ed459

SHA1
caf0c075e396f183f8578980827d7c32d5d120f9

SHA256
7fba2e24475a699de43fb1ae2f7074ddc51ee1aacd7a9f97ab783c2cf014e382

SHA512
f26458105e07b0818521db0578b07c9713c7a2941e8ba45ea5a3f89e42c21e39c1a14082e5c880b852238818ec0004ebc6c9bae2c819b2d5bebe493780aa1e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
e8aeae7b01905bf4b746f55eb2924910

SHA1
b4cdfaa70014ba4b3427a24d7cd26084088e466b

SHA256
4ee04ba9a88080bda751e5af8e2435c82bd3a0c70f65f3e876c7b40971c9343c

SHA512
72696aff091ee3f413cb1e844e03dd48a467c902de9c0ba58687e477ae6fb4b28c624788d827de50130200805c5907c6c03c84afeaf425b0810de9659e5e936a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
0d35c3f0172fbf48e56a189d8f6919e6

SHA1
a88710af1b07073d473ce1e696d213fe76af6a79

SHA256
f32afc8c1f648bdf0282b924bca25aa2ac9729b271b3d7da8c908394b54041a9

SHA512
4019af3c072a75d630c207253be6399b53cb41e99c5705c582fbbc99c9efa64f2f379d658fd50ff232a37a18c6d5fff4f5997c87e6dd5f31b3c692bfbdf9b7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
7e6b61d1dbff04047eed1d870669e8a3

SHA1
d473c14c566f180191e38d0ecf1a41605eb9a974

SHA256
ed2c36ab95015ca803af44b782e5fb8a52958dd98a6a6bae5661fb86bf08d2c5

SHA512
034903b5478a6e88196012f1357c308ca9a93bcd1654e4bf0c9dba6c313722c13e44c35393de925d3554cc0b1e780dd5056505d7407390af0ddd2bc4157bfb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
112KB

MD5
4ef2515452d62e9794f69c22f0a9bd55

SHA1
ca80f5eb797a6b42d66517982a5e447ca9754a4c

SHA256
4881e1fd52505ca9605e6b451f013fbc2f9db8cfc52240ae07e37ffd1507ddd0

SHA512
d46052c60ffda56df049bef5dbcab7a834b8805ec9a189575d61f99065e167b9be261c56b98ae370a3afc1b83beba5add0a26a52db03d6a3c1200c2e3804a375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
843KB

MD5
cf0568460317f6489479b8b456215744

SHA1
ab72ae30ce6fbebc58085f6a8cf08f0c7c41d93d

SHA256
8a90f23bcc3e1618a169236043f5eadba4886bd7ebfec86a98439d2701dab1b8

SHA512
59bf01b98af0dd13f14534b400866abe4677180873f5c76777d75d29a89766121bca9369153905e7ba6cb263400b2cb1226203fd013781eab8a55610ef1cd0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
17KB

MD5
a169b9502fb97d91de097da386cea485

SHA1
d333d30085b1662093b58af61030bcad860f0672

SHA256
e8a9199549711aaf2f9941ecdaee60c280de0a6f8aa457c1da90408ab7f4eabe

SHA512
611c139c23f8f9c8f54bb9a7d1a48e88a70b917029fb45bedd687de1a12208dace926be5748aef6649f85885b32936d1a23400884bf125c591dffb147e57b74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
484KB

MD5
8f038f6233bd3317aa2a68a427bdca27

SHA1
bdbb263ad378feae51a5ed7a125994a618b09499

SHA256
43571c481db2a85e7d37b1ea1608a9dba76a2318bbbeba470bc95268f4756085

SHA512
6c3029d370a914fa22fbbf3751bc87c7470e82748c3d685d10de9c7abec0af635f25eb184e29b117b16bdf4241614f5222b8eddf6c3b93143465c5832bcdc1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
716KB

MD5
cff88036c48802dc6f12100f795a7e0b

SHA1
c1f027781ce6372543fbc049328fc55a573550b2

SHA256
cea7a961df42147fb3f6087134b9c373ebb3f79441718df309aef519c2bc84b1

SHA512
eb985b2a309aa53125d6be24fb38c2fe5d68f8e530c3d34eb8036f931cf264bdfca42afac124c2bf53061d4c0d574d28cc31ad64fa4e7cfaee29e04f8ee90b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\338aaaf17389b9bb_0

Filesize
189B

MD5
727a0511e7cdcdf7f6ceeebdaf45571b

SHA1
0e687eff4675b23d687a6d18661360abf48d7f06

SHA256
7ba47066ed00c8546da72e17a5972dd4e44da12b641e790b5cba38c65ec6ecc6

SHA512
d68b36bc37ce7248c8ff7f3fa566d1443db86e77de5c4131d28257b9ba08c3d83b45d13a3387336d1cfa30b17276a8620171be76064f28912e3abe3bb461a183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73935ce308511e2d_0

Filesize
252B

MD5
bed13bf612f2fd809ce33aeb00300c13

SHA1
47871bdb4d334b614255ba903cf9fcd60a39ff60

SHA256
2c04e9738843de03ab759f03d0bbfbb456a6525350c730b10c0bc682d373fdaa

SHA512
f5af5cb4416174caf1dd2cb9b048d7bf2e8dde436b4bdb457d2e87548d0590fb85f1f23750e4ffe02f1818c09e461d5bbc8bcc8bbf8761956f75763d50ab76cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96aa262453cbfe2f_0

Filesize
241B

MD5
a73ea829e1369df369052dc8e11fc2e6

SHA1
a055d0b5a29de85cad8d505b9a5405956141b717

SHA256
b06fbba35fa82766156578a962375e659b2b527eaa7a03bc6deca23dbb94ff9b

SHA512
302b5abd253745988d67ab2fbde2bf935539207a80fdaaba7ee3ee8c1db865e7534041622c5bd92139d4f53eafb982c414403eaac1927413566c2754f29c772d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7dbcf53c430e26a40cb5e627a163a14a

SHA1
76da1780db43dd551a80ed838500b3873235788f

SHA256
d484fdf327b8aaa9518838051b85ebcc7b276c3968283a825547fe8c13748fd6

SHA512
6a35938940a14258823ac281a456ad684dfe2062097875f705f77e0489b767ff4df340f207fd04b6ecda9dca839d2bedaf500a2b9b3842261a7e14246c21b236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4bd7a81cd8d79dc9e879994f917fe69c

SHA1
7bc4b61b71dbb0146bce55c43179a447f1e80d44

SHA256
b99f9137974c7af46427b2b401536f58ff9fc267df6e29d70e467b6e9f2d0394

SHA512
bd3568a2f7cb836bde78c2727ced495d7313ec4a98c4745ba768e32c8ee56c52265a519e851c16b8844bf050b1c8c14a6c561a41406df7239d9ebf8534922bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
c929ed65c22c63db508812be8efb0292

SHA1
6ef20e2e90e6fc03064467933d296b8744793f1e

SHA256
f715f02d7ea3b5124c8cb63f8a750fe5e2cfe98519c1288d886e325f6eb80c21

SHA512
bdfe54218749b8cd0e8a58dffb9d9a0afccaa416acfafaff6f359eb6a27b32f87926a7bcf534f7936445f3239f8ca7f23a8f9bfac3afd5a261abd50f3d47eb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
d9d6ab73242060e9d79325219b2e0591

SHA1
26ba32cf6307207562165e9d2603e75d1b33e6d5

SHA256
c396aca6fc6406daed3f36b6832459333cfdb6a27434e5309a6e42e59bb63dbe

SHA512
d4867b1235e0db0722beecf21646b78260fb4dde83f1746c6bb935cb24bbadabfdad86251483b35d24bc19a9795f2f1ee4da462b8701d4f8448cec5611e86c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
8e2e7b5418ed4141649bc645a6a7a310

SHA1
f1c77fb8da3de9a10084491dcb550cf2d97e48c6

SHA256
125bbbf0945b1eafbae930ea228e3cbc4f06a48c88bae62f15a669bccf4a574d

SHA512
70812c5f534333e944c3bfa43cdf22178391cc40c70eb64bd5ab5b9feb4ed0ab01302bfa3fbcf89ce616ef5996d163277ecd1157016b8073f6380c381c498cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
26dfc8f2be0105b6f92f95df39bdf726

SHA1
d14925c015b36e61ef154eede7164cd482d818da

SHA256
265839955a319d43708d6fdda799f074e0be5705802958bb4a4299128499c7f1

SHA512
b21d0963b3b9fd90f37e65fc576bdc1799200a349b332e8a0d9605446c231c0134cb95e3d7302af42bb3ad9a036e23c764be07ba8649fdaf2bc177e833c21b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0d30e4cfe1950dba000adf72c702d375

SHA1
f48bdb3aea148c8141fd563e49e445d21d9df107

SHA256
780026295d8c40b8b35ad742c3f6ba19bcec5555f1491beab8315ea885713580

SHA512
d75ecd0ab0dd973aabed7fc698316eeee469b91f04cbb5cf1a1f77213d840178620326e64f7134acd0ab95b4f9762f1cbe0b9d63b894480aef4d4967ae23a9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
559B

MD5
362ad553168cd629022f481f200fbf35

SHA1
0d3e18bd63ab1439b5a4092dac34ebfd9bf234b2

SHA256
5361ff73a0be610559968f93726a3ffeb6225803cc15bf0e0270ecb74de87c22

SHA512
e7dea619f4b58e22365c540b9c623ed19fdaced271ce835a53f9164a233c202948c79b49499256c83b7c448bc66f7e5ff14591beb6cb57fe91a462da3455c0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
6a70493745c05ec26f86ce69de4f175a

SHA1
378d2a261e8b39cfb7bf304c4b858d8afd518a56

SHA256
dec9a7fdd513cffa216df32c7dbbaa480a9953fcb13c94b93c54a142d3014b57

SHA512
a6b5ff3ed2ca1b88c683755031a4b0560d398547f87252f10baca0062b1295f4ad40d1a2bd5711e9a6238e343310a9a6d918cb204f4394ef185e78eff064b94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
6KB

MD5
1ddfcabc80d32bdefd1b6ee21bce63bb

SHA1
ec0b1b1c9d4ddaea7213098c96c793b1a5d4e2df

SHA256
cea00710ddb6e786cf726ff799184dfc2a1f51c740cd32a575188b772354575b

SHA512
8a83a46771f6a31e27ac2f3a349b1446f9b2b2e1ad668e453f755f037ad5b3d3244c4be120ca4084fa08b72a74af6c248ab9344829ec970df4b30fe32c6b670f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
c3c4b8cfdf3a432e33b1ad9653f62413

SHA1
87f7276dc38393a9558bdefa9ca6e0411ef6557f

SHA256
934edad8925d91e4e8baca76bef05a372c3ff21f05b2ad44df0be298d6917890

SHA512
7fee33be0de16b1e01add25bce825c1b75fd6c89aadfc94aa941bea1a6bea7a2846f18802ea1f9a1799615fc8ce9fdb550b2aef770eab4a18234a6d64253a043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
801B

MD5
172b2a46b20a1e151f19136d5cff93da

SHA1
adee4c5a4c7056bdd9054dcc652bd371674bc98f

SHA256
d0b0c9891d44adff4badf8065996a1f04e70137d1442d1342bc2d013bf578be6

SHA512
7933b70ee21bc431b7fcf895820ff5a14b0b63c8dd81529a7fd1c417828bc251cf05abf576ca438cf0622a2be0fd3c7be9ef54c7c373e778a1031fab00ed629b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
869B

MD5
a77a2015eb952e641adc106608c4ed4a

SHA1
3320406a8031ea144706a97af464cf4487b5d048

SHA256
9783709d1b379d6a02cb57d59391aa449ceaaab4396e34c2cf5f5499e70b82b3

SHA512
2b95e9cf07a127b8e89fe1727ed8053d051770b07844a831118d8a3f453bc910153610a231df813f1356564beaee65bed530521b2fd69ff78cf4e555e3dcceb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
61274586c7ac60cd7e62361fa22522a2

SHA1
5f45ed97d0e42941ae81a1ab14a2ebc7caf2702c

SHA256
ffa99eb0156783b4584918853b3ef2d48b04a1826cce3f29c8c3afe645a951bf

SHA512
d50f5aa7b97f33d4d9eac47b7263a30fb0e26c66e6f2915cda90d34b07aeca2029f64479231772c9be10f4e5da3343da7ab018efdb104653e498eae92c716d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a19075cbb6d971c87fe16d456a039f47

SHA1
37b9530dc397efcc5c15f51cb678740184281e51

SHA256
502951a0bc5e79d68cf86a7e2a8b8b7be652fa39283bb8dd0f3bafb3eb4f7b07

SHA512
8ed48ad972392c850d3d9c79bd2dcceabec436df02519968be3e6ac44c275006a5acef85acf362bc4cabb20e9b9554bd63ea72677fda22750770d76b91823f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c1ae237be9f6d2bf15fa22b3d2f1b54

SHA1
e03c0ca1ee1d81ba2001b0d700001ef2f3ca7d44

SHA256
d758f8f4c9f0f8fc9325c416c3b654f497efeda01bff99787a7ee266a3f7bd7f

SHA512
50901ff6866ef22349a89bdd0ab6640fb1f09f49c2b5d6e9eae00303a7359c60ae1d30d593c470d42fabba0e787d819a87a4f23e923af3b6be6ed39b5b92f63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b27e5ad956112d125c785fc84a735bc3

SHA1
b5cbe09de0c7c15bfa9803a2ecd15b822940cef4

SHA256
c1d9a59eaf631a2883d1069eb290ab93e92e772cce0cf65bc9cd2f934c93de92

SHA512
33e28741369dc3b1690233d49657fd6cb5e10202a5822f4a15fd23150572dbc0f1b8880b59b3b71c850c6d70651b5b8480c1a9ba08b9dbc39690516a896b6e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc1e0ea56827766913c0e9602ccc532d

SHA1
dacfcc1fde36101fef427102abf812caf517ff55

SHA256
1d5dae5f6af30d0e18e1a7e8f0e183f1d49a8bb83ac43ca1762ec82f133fe356

SHA512
56a6027c7e94d6a19fff877a34bfa384ae49c79e6ca076799fd288929a060ff1d1f54909897a2fb05031958f70e0bb7c475e81130a0adf38bc0d274a485bdc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
635B

MD5
d06123865aa7c42e68f1535a9cbba091

SHA1
ab560ae94c741369ceb8765872c5ace25d5657f5

SHA256
15a07389a4bbd8e44cc90e1b10e88878fa7feabe56527c0b032bc8f667db2432

SHA512
f69352e25d218ca63588326dcecbfcc288fbdbb337e081e4c39584b06957b3ff4bab4234fc8846224ff394c80a624c8e3667e49472aaf607ea1dd9760021d45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
470dd8d81200b97abc8709b8d1c0d510

SHA1
c67e8ab6d49678ef0b8f766f6341c933c3944c00

SHA256
ea1143e9dc40a8e49bb76946c5e0060d2c0fc4b0ea743b4653b701c0d5269c05

SHA512
519608d49606ee7337bd071a707deac33849bf92725b34ddc5bbb9c179ed7e776285f152cad1d624d7cfa6d30ea76e05cd9b4d4450dccc40d78452870cdded3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357140013233463

Filesize
2KB

MD5
93c93eca82f01b3273fb6d139563e17e

SHA1
4b160b69b9a00b7aeea59f863d370ab1f307fdc5

SHA256
9c99a6c1b202f7e3931e2e64f47550bfd8a28978d082e6c421d19c1059748869

SHA512
29aa9f615d315be8cef78482dea057f83caad32ec01fe62440b98b3dc3ff20f52dc6d2e7165d7db577f3067849989024672c6c25cad64c63e8622a116b1a67e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d6386bfeb898bb726631338a8b8ea85e

SHA1
fb49fe39f6cfb9d83139e347e71d542dd63f2c2a

SHA256
29680df2fa3d6cce90ad8ca38070429dcc2fe8889508c0bdeafb5f21e69eec25

SHA512
b6fe02de0d6ea07037fc4f07d582e14ccdb79c0db760e09df4f09eae7ea65dc8ad55be95668bc5400397b167a0d2caef324615582a45808d4d1d12492301cc15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
67270c2d60326a52838fbb7f51e996eb

SHA1
a688b7038409b6ec76c713fd79cf3534092c1865

SHA256
93e738a9050be303a6027bd524387a6da30815e8751ffeb28ed2e4f4fbb741b7

SHA512
491d02134b4ab17d1c750fb952cad46bb8efba594959fe34587deb3e631a19921604f17e62ba77b8c46df66d5fa0dbfbf25c04448c1e55c42f7cf419db1ccb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9df0d01e8bae0e1e07c8b15210c21bef

SHA1
2cacfaee5a50e0a14ae550033655d78505984f41

SHA256
62c7744cb43aec409cf67f9fe8bf2671b372b8901f958a3f8de2684c7e72a4fa

SHA512
4fefb1015bda760c4280a1764ce056abc144bb334eede7c511b1008b486efb64be5fdf27d9cb4539d484bb3a058cac0de32b0bf34fa9384a606b386064a52ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c59ddee3bae8785691af8fcfea8db2cc

SHA1
ac6156aeea53809e33cc06337437e25d6da5830a

SHA256
a28ee2ccab0824b1df6198f37e2f605a44f3875801871fe692a3e74d473c9884

SHA512
80e7ec869b1b20cb41d7de7d1efdca6032a86b13bf1e5dbe768d801326b8269174d1c984f06b6e4234aed15894d9049d8b5bb20cd50e841a86ca75c7c8167ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a1e2ef2813fb161671ddd6cf25c2e58c

SHA1
857a0b0661ed57e2de644e7496f99ae6a38e2deb

SHA256
741f78273e0861ef0bbe75a74f927ba429fe65be1d81912494ea5606b8be3aaa

SHA512
24cd7a16a4bebe8ab8f6111e11373325011c77d19b189b7f051e50fa205d3e2ddab499b06bd5ceb53cfa80ece78ff0b6a34cedd5cbe59b5360299dbad060c04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
538a5a543f564b7347e34ece11317086

SHA1
28fa5ecf8a2bdf7c2d448bfff809459a0235c2b1

SHA256
78139cfd76b851ea25a055882633a9e2c71120dbdd5edfe3f9c63a2e9bc68679

SHA512
dfbfc1c78cac922d3e42a46da8b3fab12bcf34c36a79dd635a5ba8674e88afda53ba79bb9d0e9374a8e0782af51d82aa899c74bd0afc454ccdc2f575c9eecce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582083.TMP

Filesize
706B

MD5
d8defc48f3340d1cc3098b31565ec57f

SHA1
9dd8b871b1ec02c68e24ef4ef9114166313f482c

SHA256
734865216d10b8637da4ccc39822f8a5bf0a686856e2e0238add57e50df921fe

SHA512
3e90e6558904a9f3bf2de5a847ffd5576b7cd755882a38d8bb5f1baf1e2cd7c105728b73689157b787380ef75918a57596e56fe920b8c0a128c0c71d065126e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c3938c23bb22ed78532aa381f6f72f30

SHA1
e78b3394a79c6a5c2117316414bce34eb31420bd

SHA256
7084bf742947b91f7b4fe19f73bc1e7ee303b8cfbdf16ff80325d02379f68bb5

SHA512
ac3fe294165704bc6b6acdae30f70df7b10bfd32bbc51d8113340702ae25e8a35b8acbac2200882a4a99c51bee7c6c2eb06aae845e215510142dc0be8f4307f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cb3a7ccf-8dcd-447f-be45-e622278cfc3a.tmp

Filesize
8KB

MD5
68c868e8904a1b9bed83ec217fa256f3

SHA1
9cbd7b6778da24be1818d554a5bc16f3188f9e0d

SHA256
00e484a15e104663cd97f60623129c60d46fbe01c1f635e298a6ca3870470f7b

SHA512
6f293cc5419a4b4f5b011b570a2691ada1d941c7b9344c80a86f1bb929cd16e4167ea8af1541e6cc7cd8df9308ed00bf8ccbd71b75ca815dd30cf7b772f9875f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
659KB

MD5
5a353826518245599f6a4b767425ca9a

SHA1
a48a241d646433ad30a8c8e7ffcb4c152f614d92

SHA256
76d556083adb928762c3ecb294f6d7b5bdf1ecfe8809e7a3cf54e98886ebbafc

SHA512
491262cd2ad00cb392a2c671947e7ba55a77a9331d242c71d2b068470b1a24fced0d2c61a693a5b322a967cdb861ff544efd100c72cfb9c426ead2555e7bdb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
1edf547ce2327d4c9916210c70567aa5

SHA1
4d4e5d545e3767b38f86732803b794b1206f93cd

SHA256
ea4e929a0e195d6dc4524a626530dd21b4a7334dc856a0f07370df0384fcd5a3

SHA512
75942f4fc734c48f9021dc1a8db67bc813335b2d7dc97a3598e84ee948837e4b9355579c933db80d84640eda0bbcb0f59fde5ca17700d843bfa9cff1b88525a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
0221d62879f61920337e5b73b7354a72

SHA1
a292c206dcd545c35071ade1239eedc71d4a6ade

SHA256
ba65c202c02d8f357870fa1c1d0ff939790ba45c5fc4ef45930e758dcea19935

SHA512
31aaa110fc6214d330db1e55077f5622272fea9c4bc64ed622e295a5e5b7c02f389956d8777ebfbf3c2b0d983ed3c8eaccf9d85d13c292f7e46d773f9b97ff38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
8a8fd4b361804e032aa7e09e2f5d9a97

SHA1
8eb551c52d06509e99aa2f5843f48ba8bdf29001

SHA256
0cd4c20a5faea8f91c929169af648dc6b58cfe62a45bef9307883d224a135da0

SHA512
d259278482274498e24b8737e4e53ef17608359c019976f00e040232112f4f7287e5cc81b0e697ff7b03245ce3e9aa1c5f82b5cb38235c6da632025de27fb89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1ad613e1d5a762105e5994a31a61262c

SHA1
564cc615eeb0d4f8cf46d42c9d303e268545fd86

SHA256
f969522942c4077fffd66256ff5e591d514710cd4c54d65fd145ed45d5c2abb9

SHA512
14e6be0398ed2f255fd9338cd1ebfd8d93d21289c5c4eeac926b606ffa8d72f91434fbb8883e7ed79de60d13d0e8dcb830307051657f261443187e9e9976a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
dd854eb7a3f0ac9789d239605ee1eefc

SHA1
a6479c8a285f10224ee484fa60fc2d497a8a096f

SHA256
a6572af792aa67519ed5681a99978f5a44c01db34a59ed62f2fef157050e717a

SHA512
98caa6625ab1d6de500d9d0e164db97f3a2fd7cbd8fd134a432ea8c2972dd97192dab4c60320a5bbc9c61a77e6a53962f6746ae58dcbbc173621e8b7b9d4d8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f0854633c77775d052f5bb97197bd57a

SHA1
fb3dcc4ba678062c8ba85404ab224b672d6881c1

SHA256
02c18ab2067d87c2a31c47197776578876b865021fc41f0a64cd8675c82443a0

SHA512
ffb48633b0653d0a27a4e565f7801f7348cf18e93d225e10f5fd1312341d6d4fe8ef9610ad9b8d7129ba6244815433b2878bf0e5dbbff98c4cb665a6aa8a6858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e33d6f516741547e1ad66c2b66a3aada

SHA1
cfea0dd198222f206b1940ab210d7063286da212

SHA256
36b74b3323bba5c95e4564d56a3bf35305b781993eb44d384629097ec453fa28

SHA512
bd1e71ed8fdc99dac864cefac4c7e8bc31e36d94259786f1f9b0ba7003bb2839098f0a45a726dae1cdf3c41c1eb1e65e3274dc68976a7081fa432390f374d6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac58c431aa0ec5357d89532354f568c0

SHA1
ec4f77f4e9d2c4088adad2a3e55032aa54df7158

SHA256
4d058ac6776fa14250deccfc4a2c5629110a377807af2a0a05f1472864032090

SHA512
534f2680453c2c81c8f8d6774c596c629d19d32fc12f3223e4d1b0e52e1d515bd50bb3c586f4835448b55a0d330c7ee7f97f4009a3568fe150559eff4bb429b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af9857881141f9c019a18daf3c6f8c71

SHA1
170982c9ac6fa59f510df5d986e832a5c0182ecf

SHA256
517b667987efa5eda3aec2ef709c3c0e0ec66629435d5aab604f5c24b6631657

SHA512
06558199a4fb3990e107a2d9fc153c61cc6d6aade01b78b9b7916e21a7f49ca9b92dfcd714dc6290cce909dd6a34731e99a368484067fa471e6742b6f9f8fda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6c316b6ef0775a464d533a773492e617

SHA1
0588e4aeb0b9e8cdab1f3ec11640c0a07bf04842

SHA256
828e01d9cfc74d67880a7b1166b8072c78625501abd736e649f71040ec13b621

SHA512
fac3f6254d28a4af09536036b485db5fa69b7e2ea397ae8a28f5392b5e5b1e6bb775703624a6ed1c06bb49758db48dc8090239c0e523d1a7a23db3f42b9c9633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7fe1f535da8efd024b49f297bb85332f

SHA1
1544adc932e6d5b29fae7b1a89b784075d6bde8f

SHA256
49710640b69646ff6f3537735d5535d9fbf3a4cad75b2d3913e21befbc6d1822

SHA512
9fece367b351828916c7328690d2b66a8a2090e84e0b65dfaadbd69c16879f4b6feedc36cc8a77d5c29ffa4aa5f052c21f0feb84d5a12461adc5a27deed0f739

Download Submit