hxxps://guns[.]lol/ar0nkaa

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://guns.lol/ar0nkaa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
2596	msedge.exe
2596	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
6008	msedge.exe
6008	msedge.exe
3956	msedge.exe
3956	msedge.exe
2324	identity_helper.exe
2324	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5560	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 3504	2596	msedge.exe	87
PID 2596 wrote to memory of 3504	2596	msedge.exe	87
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 2312	2596	msedge.exe	88
PID 2596 wrote to memory of 4752	2596	msedge.exe	89
PID 2596 wrote to memory of 4752	2596	msedge.exe	89
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90
PID 2596 wrote to memory of 1760	2596	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://guns.lol/ar0nkaa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac52546f8,0x7ffac5254708,0x7ffac5254718
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,9179869514300755820,18405020819893382225,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:5472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x384
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac52546f8,0x7ffac5254708,0x7ffac5254718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5170871896999954163,16989222374072851851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac52546f8,0x7ffac5254708,0x7ffac5254718
  2⤵
  PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ec5292e0b071940af3f2ac5dfc10189

SHA1
4f34f608259d0eff811946b935bafcbf0815a084

SHA256
fc7c65eb4106d0ae746f0e73e95d3894f1bc0b7f8f78b11df9598444f65b4ca0

SHA512
1018cb58c10d917ca6ec07efe26af008a57d5a54962ddbcd8f6ea4289e8271499d1507fabfc3f801f09c2ef8ad1605b1fa9f92d859a0cc375ad84059800c074e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8099f34de1d648fd948c45dede685e3d

SHA1
566bfb213c14d8d72fcb2ba19d4f0835b1796137

SHA256
fc030220e50390076ce0aa5bf50489f6d9fc75983d61c63555adc29ef1f961a6

SHA512
fc29cf19d44247cea0148391503bb755b13281959a6082deaf4052f56a741c2f2f93a0402b72687488d54f12118a630091f9fd72c9db6c46263bf6a55fc1ce02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
87476a804a594791c1076b8556095b1d

SHA1
b4801dd386ca831c9f7c1bef017abbd42c02404e

SHA256
b7fc95d7dba81558550d3ae9cbded30cca2cc56f880f2f6ceb76dae907f08e9f

SHA512
ddbfa355ada96d8e293998d748f7196c1e2ff96980963a8f351f73eef64a3ede37895643382c1534c32c88cc7f68744dc229fe3b998198e37be7929163b4d46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a5b04289605da823a7f55de03ab293e6

SHA1
8b032b10cfaee5d0fb641dfd3743a9d2e9826741

SHA256
65c480a02e6b3a6e4d1c91d06809d163683923d620fabc8b1d58fc9505ebed3d

SHA512
0ce6f073dbc24a8893a4614f1c727dee409d95232a274cd80751a32c368a5b92638b06e95ea710b9665ae2e2cd76ff69b57801befaeed94ad6d35406a6d2209b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
06a76cedef44d6747aa499b2aabd3707

SHA1
e2a7db1ce638c46755aec197c207a2b81c72a87e

SHA256
9744ddd7134ebbfaa4924ba02b21be3d90b6956f5ba47692a2cea182bb14d5ff

SHA512
7843427dececddd2bf5f0f16b730cc7332d174825b873e8d868786bc5241eb48d290f0efb030d98bfaf2950ad0ed640572365e71f2d11c9bf52b811e5e342b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e839744f32178d46e1e6785662b6323f

SHA1
0377a85af9685d2cb32d90fc43a44f9c1fda8ae5

SHA256
fa851d7ee07b2f33910a6b195c074284c9b4350bbd323ab675b5f863bdb9545d

SHA512
64b31df1c7561af2f6222049586883f7cc227f3047fc5a2d660ad95b86c1eebf7967b0558113c8d94054b21ea76c7af0c20dfd0d6126f171079c42083f9eae72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
1024KB

MD5
bd13a4173bed6a9bd6c38c90032e05a7

SHA1
2252a248bded3436ecf1c9c00bc85d1e8f7a8ca0

SHA256
6e78138dd335555e5bfea750bf6bd2f02f04a8ee4c06f79a6dfa244b0978b0d6

SHA512
7a0f013e90148f8183d74aaa784b254d60f2ffa65c6d41bdfcefc0eb5d05a7836828b1f667912e0c283ceb69253e453f28a78d4e082dcfa3475f1fd0fdcb345d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
50868cc87f67143d2683e27b0842eb48

SHA1
c678312b8443127861096dacbbb41a3d216c81f8

SHA256
112360127b314c24dc9f8116bb4eab89a6c39d0efb78c9a958519f0fcba258f8

SHA512
2f407120cb94516fca67f09d885bc9e0aec26e520574d9774b5f169c2e5e9ebe088662fec2bf7c676bed274e6fa9aab92b347698b4daaa4050b50286b9ad03c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
fba8cccd9252b393b03fdf05a5e5de78

SHA1
266fa97c551e8c52c5c8cd6e8e795233e62aac79

SHA256
27f865fe1ffbf6f7bf36a9ea4d6fc7e7683a7192206bbd8a69df725f46eb8bf7

SHA512
a44901d1ddd1771f2dae1b6f2438e5f200f6bf9166893498798df9391c66b59db4f4ed831f44dfd806ff14ae25e76523d659c5b51e4b55895a92a9ebf16a805a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
fecb1a19203519c312853f4e8a474e69

SHA1
301f18533ed262eea55d943f6cee4f8617754d2a

SHA256
cfd49a64aec50dcb261f127bdc72cee242385a985f1091985befb49b299d0c0c

SHA512
d1e4a23a4ff2423fc36e09bbd1e0962305ed9651fba5f8c5a65ae10e58aaa6bb95315cee382fd1a7b5fff97fad57c66a7aa4bdfb161b1c40625fd2aecfcbed8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
ac4f5c657d44ea1ee04cabf6be7f74b7

SHA1
693ac86467817499ba84b00afae77715a66a81c4

SHA256
b28b4c30189ef9a51aedffe7066b858bb0c8304ee0cb9c7ab8e861cf478094c2

SHA512
131897e4813a7fd158c1c63c0fdd703bc8809376b0472abb77ba1537a6284219732d39dbae2873e448acd5bb2f541b52fac029d82d29bbb0215094bacbe13795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
707cd31d3918da286e50884e6508bf80

SHA1
e6f25d2d19246248ea7d8514f3d499bd2113a94c

SHA256
5d1fe0f4afcf522fd3b432baa93a248e930b6da18c6feeae7344852bcdda6814

SHA512
6925e96e01137b52e9d83cbbd13341a054a9028129b210fd56f6f438e0759c263252ff57dcb15dde0e90332a97f97d9ec99f8a6eafe5fea4fcf8e8c3437f3e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
ea0fad270f585e17c1be977328ca2e90

SHA1
977eecb27c95915ab9ce6268f1e398183b7f51b9

SHA256
98261040c4152f377cf7537afda6ce4c19fe1d0302e30284530003fc0bd87667

SHA512
e2bc3e1909dbdae8308b8eb9c8ce3161d9a1080ceff745862e3c503d92a8a82640cc6c67665168e4a711d649abe8064a4b0f1fa9dec82890d1e77c67be49c15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
0a65d4a16c8baaf68faa79b3f76fb44a

SHA1
6d4abe8ae1aea6395febd9ee71506234a72391dd

SHA256
1e59209db8a6ff896d6d74331c58c106a9179b619b2f1b02713619cce3c4c9db

SHA512
adb0e414799be0546c6ffd7a6c42225aea5aa1c3fb814893fe0eb268f6e96a8efada38109805796f9986cd16149decabb29a3598b00dec5b32f1daa30443fe57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
e6a42b36143639d61fc452dbfba1d791

SHA1
a8db39cd66dcae430c4eb92ede8acba3cb8e7f7b

SHA256
c3093931f3f47c59f3be20db61f3b487379e284e822b2c68acac747a3f68877c

SHA512
946fa9336ed604cfba5a72b2208ee3151bbbb7c97588bb3aca2a13f61a6c39f4b3394ff7a43761c749ece8c3981f631162898b54e73a0c720280635e0522df6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9a64694c80a7c3acdb614a13aa4d24b2

SHA1
36d53275687878c6152130ba6d48f281a04d39c2

SHA256
e60062e09c4d07a3f0d0faedc7471a0207fe638ef701f12b297bb42e6ff8a07f

SHA512
037c297355c1fed6486d0a4c31dfa414c87ba1653407df31652bad62bba0fa0e461decf17a7890e29ecbcb80d0a145471f4fbe76286cfd1f003c81581cdf722e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
19bb8fac05626b780d0d191fde589797

SHA1
13143879fb36348f60e688e0a7c0241ffa07f5e5

SHA256
1ad98f1f7fd3c056be37b24d1941c2b88e7f8b6bd01e3a3319dc74aaa5e6945a

SHA512
fc689079642f1ac7960ff9417fc9d16a679e81de5d1336290e7672e5c8b54e6ec9838ed0b3d2d51dcf90d10a93f5119bd15ed0780b363f009691293c97661707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a6a9adb6b48e416b8a4bab015e121f6

SHA1
cba301458c3cf22858fb641167043af2d7f52e1f

SHA256
818011c6944db062167c077037fa1ccdfd5bd0b064df0fae28d7fdcff8067d98

SHA512
11b77e680345cb979e60494e1c0a1bdd8524655ba28e0d2f4094cbf0bb9c8eeb4ec75c1172638519e7fdcd4207a6904401d483b980502b841e6443ff6e007762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
330ba0275df08dced5c1366a07374ac9

SHA1
19da6bbc51baa9f72dcae18ca5b466fe12607804

SHA256
ffc55486214ab121d7dad9336f7fe4c19946219eedb1daf5104b6256da1a1925

SHA512
e0956fba569344f1d022afa7f5667c59fcfd088ea47139d2c1d5643dc3d544542fa14b9dc075e4f3cf6b8203da987abe2a8156c026145ada2853e36b4c9068ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99986520f53c839a83492e16fe9f70cc

SHA1
dbfa370f70f0783b0e7565d7911fb1ad42f21cbd

SHA256
b5c99a92f9ea7f703c1113beef3f378cfe7c177cb5a901a0a27b52ab6cd3626d

SHA512
67e35990b417184bb7be1061fe2893b0d5af1f54638b5f6d62711f57dc1957a56b43578306f5a80acb1e01395e08ad3f8c9944e4b8ffa7ea325fed0435727892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
449654b1ee2e82e8b48fe55249f87463

SHA1
3ac5b01d273faee3253af5840b2d17e8b601b73a

SHA256
8985c51450434353a19ea0ce51e65eb9792b20dfa70de5c0bb85aa593f43f19b

SHA512
da64a35f8afbddb966149950b160452587254d798636a1625ff7b41594030816906b7a5f86f1413992eabd3794eaf5ae2569c5c96392b2378adf3a17a3115746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
159eac969012a1c6469ba623e38173df

SHA1
74f21a7551801030752408f10d66e08495028408

SHA256
ddfe936335149a35c537525a787765b0a2f4b8e0fb42c3f6745de874ad3d5e76

SHA512
acfd4d9e8b15798e47f749f5d1739d6e2250ca9ea0f27f2981a9186c6ae8399b9157361898cb62ad380cad644b2a75b0834ec9e1428029952884596eeb1521c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce003aedac686cb7e3886eb017a77ce6

SHA1
5b5793539f554d42916981b77fc1ffb35a23671a

SHA256
318fe8295d28ac179d9dacb44bbd6e39e297a2f9a30a29131b590ed2e578f8b8

SHA512
69bfc9f3019d8e9182bc9c6b5df011eef22e5d16f32d938c3e632948f3c3f6710afd40f57f372d38682256a9df13140c1b1a86130ede436499bcd96fe1b4e1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8e588304fc7696ddc90795f2ae0895f

SHA1
2d8fccb319b8621375ba7b708d4c451be8b6b446

SHA256
f88aac6a458145ca9fec4e25d05b1d4270e53c74533ff1b5a7f85a58d773f783

SHA512
576eb7516acc810837e869f960dbae4e6f995b1bb754cf7be26391f1878527ae98447873fbe8754e20887d549187850e34b3dadf1c57f8ac403ab029666a46bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ed561f4d5186cc989b61209586aab00

SHA1
b3fb716e3858654b1f52b4bd5fa7482c6a70a093

SHA256
6821f840f98edf5555756b53c7de006ab4acf6ee050a17fd85f8a3d2c1278680

SHA512
bf154e1aa5689f71286850c2b1aaa9916313d9564066cac279fa4c7859d14f14c801999cf63772e939e84b707af6d84f55faeecb8fa4bf91b5b5edbaf5b4f875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
653B

MD5
67cc87f8d4e6c79d80b45ad1f2e2c46b

SHA1
2c05f9c0baaf5ece76884bafe856af85b86060da

SHA256
b3e9d4f1a8601e502a663a505d3d40b14783b93686cb2bddfc1973b4f98d9e6f

SHA512
5faaa42729118cc655a69748fb51c1194b8e4d5683a938357f6180467937723d71ca928887c75de8a4ee7a07af5ac3d85185f38aa1a8b3e80c8be72f3204a887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
40b1c1500f2407ae7a6180a28e042c7a

SHA1
58fae05c638908696c4a84babadfed66fa8c3536

SHA256
4d65ec7fe0fc8db74b9b9788fec85d0189dbf0a84f0ebfb5aeed2c4ed393dc18

SHA512
3e3ba31a078f872f9e4ff44d8d28815cf54e8b6a3e780e9a324993b1c74c46d1b210d2638e2c4693c45e1288d1c61868d407e5e07e84ef22db61f3a1d0fa8965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358037961415362

Filesize
3KB

MD5
d06a9668ef931f258064e005f4e025a8

SHA1
f7ee27406e1bdeec4a53364f02ebda4cfe8f0d12

SHA256
e215fba10b961de6424a037fb9a7101bc37d85676213e659cd1b07c99e41a172

SHA512
f07da775ba6da794c0df3766081db06be03c4799e07535f6748746ddf90c7f553fbfaf4b7f45fba4491ba3787ad7520f4aa0fe20ab05794040a057c3df94fcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ef99f2723a5010071344394e2a1fc896

SHA1
e7716834c9b27cb8f2920d590f77e7fa41d49588

SHA256
71e7da06d49a7cf53f913f41edeb013b3ff093194a7b98d7cbdddd6fbe453380

SHA512
289226b0d15ec20ad94d4c32ba5749b529a60ae3bb1b2981d03d5de025126c10dbd989f75ab532da470c7d71fdd40b3046a4783ff96d5d59c59eaa2adcfa83b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e1326eeb68dc89ad2960fef90ae35c84

SHA1
2c89d39046edfc3c6811f5780485a3c77bc78372

SHA256
7c3fcf56ae0cf168e7b9b40959854cc96758fcf393578be88a115a2d550c2ced

SHA512
db86741490a4fc8dc1f52a8153a965c04d7dcb9a933b5ac547ed5850521140303d240d3c3d872a1204c89fe9b4fd223e24c1fad84f77c46e45134024455e5b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
74fc022c48a9e67ef6bb8017c5ff9b99

SHA1
0c012efe7d57b3123fd1f453c0b0ec73292f01be

SHA256
5cfca53b08bd5844573f2108a3ea5ac9bebf663ebd8db1c37ed1aa732a227330

SHA512
8208a4625e0cd853467a8117e58513ccfe6713e835efac73669fc52689f832e561b9f5ddb4fcf87256cf1e7ddf61b0da5c5b356c9905a16fc8697ac47d51593c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e915bfc30f87b0fb9b085631f0b2798d

SHA1
9ef133baacb8ffa3000ff780b226b6c0971ea2bd

SHA256
3460364ccf1b52469fd74e8b961c0ae2dc3b064340e036e4e7ed60940164beae

SHA512
7c318f0b9bc990feb3237cbaaa07e9cb15a188455efe583a702ba4f60542c64795041cf438ec23e4df3915ecb5a2dc1e47e47d8ad8df5a9241a1709e335dd274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5852de.TMP

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
4daca88522db92d424a40345f8b0ae8c

SHA1
b0db9797797a67082d73458e03e1ea56a52078ea

SHA256
5259c40c01750161b4e74d7323d553972a60c0048604bce733d2bec4faca793e

SHA512
c5bfb3534e569f8c6475f49f14d18976a7c0fbf2512601b90b1825f1a6b05aeef477966d61fcea919a6768363614f4d242603c5e6a600160546a5b0892dafd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
466KB

MD5
7709de8345a2b055608b34d4274b60d4

SHA1
c02612b89fd76bc2d354dc7a9e60343618cd16d6

SHA256
e79d36722a9489ea3c3faae687c92ed3e1453c776d0853b28457c37e882e10e4

SHA512
e414a3d63a5388e7c44a3e23f7c6ac784f6f40121d55000ec34035f5bccdf2fc2f0d09030bf3900d5f3c8200759cdb234b8c88dd1e80ca60f81f66b7c7925232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
e9e04454439429cb2776fccd83f4bacc

SHA1
61d9a12405def1cb1de213a0d66604f643f6b8d2

SHA256
5078777aa5c59312ebd4678902f0b3bc317e31d0295867bde8aeadac86cc4056

SHA512
a7c354e3c179e38b331eec84a1247b1d78ec27b4b559a891153491ec2105e3e7d9be31ad6ca576716a07be05b2969cc2f21e7c4ab882cdb2d1a937d6afc651eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
edfce161f0501883e09164358c4d6707

SHA1
35fc073ccac9ae654b6fa03ada2f97b4c2f1e48e

SHA256
719e1a525cda4ef7b1d184218facdecc47ccb4b175377a53885b3f3494977b9b

SHA512
1555686f5dcedf296934db53e85e4a5171c4402fbdb6a558ba38b95999baa28e38ef03764fa7eeedbd037f2d96035da679841787b0190348cfd84340cc0d3255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ecc8621b446f19abc68f6632761f5828

SHA1
3efada4ad8d01b7e6e765deb8e3d83d5202815d2

SHA256
4b3a8a8d4ad766b1bfd864e0237f2222673792bb7bc22dc9eec2a917ac0ae86c

SHA512
76f76719d16a08cb949c21e10084c9b50530d7805cb5b68c1f45dbeee79e73be056f238800ef150b5359a6c8ab699824fda065bc3ad1e43248023e8706498b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
0cd9fc101df7db4ee94af7f28dbc80b8

SHA1
3a08ec783db271b47b7d628dfe8bf231b8459c90

SHA256
3d7c6ed5608fb91008ba348cfb982086d361a04313bc20e77bc736f0bb04a026

SHA512
aabbe82d6aa43564406d5d16ec476ee9bfd3007b8d2b6928269bbc6c724d2792a230c6c26ce46114ede1471844f1f291c0682aa4f06bc23e74ae522914153f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bba3235ab54e7576efa8cc42cd9f4080

SHA1
c55f52ce36679e50175341460d94dd28aa019a70

SHA256
ea6a3bdcb07cc3a7b2b76d8ace41c3b47af5beb7b6a81122f2066a0440d21acb

SHA512
e92e2645be4771de0dd669f224d0e490efa5ff89c88590f86cabbf61abf5b6b23ba8fe5a54923157471008943b6e0be2d501d48cb33c402ef8f7a4fbfb0512de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fcc8db43ac7082e13eb8274b6fc21a93

SHA1
2b773d8db7a02523db50afb84e32fad4a591b490

SHA256
2f9d3a26d0cd6c23e184e808f8152ad4e136377b23dd2085919b0345bb87ca83

SHA512
cab07dbdbc53f5b1f8866fd95f07e8b68fa557b5e2069dfd728d6ea5f92e741ff99170651acd0840c3fe5580854866fb3c39e390a0e909c97cad6c2392297065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
23988cefe0b4ba9ce79199166793d4be

SHA1
bee99e1068674b3278ff5cafadefaa28031a1e11

SHA256
9c56730b981e37e806313bf7cc9e7aff7cddfe96717afa43155367b73e210d21

SHA512
8c82c79505e5b3b258636317ba6c0e1d7590a473589681f81665d19feb1585263d4549162a1a1547ef5eaff9803d41e171df1d9c45188441350d3d84dd101162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
25KB

MD5
5bd00f5103ae7cfe8b3ffc53e19aba5a

SHA1
86a2c393f3fb55a45e8b352df59935e6dabd8408

SHA256
3ff9bca3baca0698e2ac5df01a5fd26d80ab2bf0e9c067f73ad934ebc0fd7d97

SHA512
c5ef76a734365feb32aa4fdf5bde4de5cb550ca1b71eb728ff2f587c2656918408169464546723287a2247d911785780b523cf9aa6c962e11c88e67fbfce4961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
16KB

MD5
9c82e51ee7bc5d89cdb2e5c20058aac0

SHA1
498e8932e81c3e10296916cd5f7c0e2d9896daca

SHA256
844876b3d472c2dadd17c6cc8908892fc791b894d1237a71ee81ab9e857e583c

SHA512
122cbd1811307e60359fd072bfc979dc25f7791f256ca09203e142bce3691394ea417038e0a2982d59c1b341c3379c787242cb805fd9ff3645f0f478b0bad88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Filesize
16KB

MD5
53670def8aadaf204a9dc10c815c10af

SHA1
1c0ccd5d430d2822415749a2a992ee6593545f14

SHA256
8d3e10f2a918852bae603d8f6f8762508192efed176912cb1a57ca2f116e249d

SHA512
8f7815eb3256f7c0fa5776832a1767eb0c33f30d258ffa4ed6c65ced4f67c68543e254e6cab133173afa539bf78fc1aa50ae35a7cbeac64e11373bf1b6bf265f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

Filesize
16KB

MD5
0fdcbe4464c8ade03389878886f7d6e9

SHA1
556377235bc4e55c1d18472ddd50dfe61be42e27

SHA256
e4fa14461baeaf33d7811f4718e80f588ad89c9fd0961ccad8a98ee47e5485a5

SHA512
2f8908057824d88d237e0d15eba55d7fa331e6acf6bd1627accaa4c58b955e3667fc98af9f2ed340fe0c1fdd09a09185d0209bb06e17ff10fe89f28733dad7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Filesize
16KB

MD5
d274cc6f97c6d0f9c11a5612634462da

SHA1
135994646a4b819cea202f9526376887ceec042e

SHA256
23b394bd761833945b325e21c27e1fffb9b636f7d8e2cb547f313af1904c848a

SHA512
174e970f93c1f541f2c1cd04f04d129dfd65855c00ae0cc3b15f5e3a4529952922d0cd9fe461a0cca7756751cce235cf570af4caf3a57512f7cb33ae7713c5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
29cf19dadd4263c590237bdb4a45467c

SHA1
4966a542f795b1289e9a0c180b2ce0c919db880f

SHA256
268e17a79898ff8f62026c95af54616c748a0a171acb422c2db37d87d74c9f61

SHA512
5bfe164a561a6d9a0cebda6b1c5480e882d31706b55d59bc1b25b845288855e387a0c3078384a4483250daf8036efb5d6a493668586f1b8d6300b10f8f7f2f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91eba38856e8f7d8a3a7d5e15b4e54de

SHA1
0eee71611362b90836ed84c49dc027655f0c95cd

SHA256
56d1ae917cb45e4a5523bb3cd98957248c6b84222d1a583a5eaf061f99c0c7af

SHA512
25d5f7367a273ed4c8cba02df4406d8c774ac4ea7615f71e3d0f5c2377c110a913723c09b2c849d1900f95f33adaa3d81035147bcc4d0dfa8c490fef5b26db70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9eb27345e0859c060c1fb21dbda948c1

SHA1
eedd6afa612673ca572733a50645ebeac8f5eb33

SHA256
23b2c20a1b021ba20e44524d898ed0a2b7f9c4f74dfa1063256485ff719fd3ed

SHA512
ad5483a42e1b596be1bc3a229568b95cac111e561d09204892b83c19199d14e4807012b77530034cedc1c2a83b4ee3781179c16e4e4ef33e4e6e916f2cd93f71

Download Submit