hxxp://youareanidiot[.]cc

Resubmissions

24/08/2024, 22:59

240824-2yqeyswdnn 3

24/08/2024, 22:51

24/08/2024, 22:48

24/08/2024, 22:44

24/08/2024, 22:43

24/08/2024, 22:41

24/08/2024, 22:38

Analysis

max time kernel
56s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "242"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
4280	msedge.exe
4280	msedge.exe
1520	identity_helper.exe
1520	identity_helper.exe
3756	msedge.exe
3756	msedge.exe
316	msedge.exe
316	msedge.exe
5288	identity_helper.exe
5288	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6128	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6128	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
540	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 4176	4280	msedge.exe	84
PID 4280 wrote to memory of 4176	4280	msedge.exe	84
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 2972	4280	msedge.exe	85
PID 4280 wrote to memory of 3484	4280	msedge.exe	86
PID 4280 wrote to memory of 3484	4280	msedge.exe	86
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87
PID 4280 wrote to memory of 1812	4280	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff204346f8,0x7fff20434708,0x7fff20434718
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16989833893363329491,3473314160269407516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff204346f8,0x7fff20434708,0x7fff20434718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,14683505682236265074,4513554731701635099,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:6048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6128

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3911855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\03084731-0880-48d3-a745-62b9ffecd570.tmp

Filesize
10KB

MD5
458899dff46dc9d09020b1ed8b9f976c

SHA1
dd81fc815ead57d9ae515a588e5778fe2614a4e8

SHA256
e220f642b1973c3f319cfec3c0b8e0ea6cecc12c8fe9f1959008afecd758c8ff

SHA512
fc46e341dcce9696f6b1b0735193151189786696d60506c90e53199fe3f8246bbc1705d4a3aa179fcabe9ec7370e9f3c59992d9f144951fa2e774fbd825adac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecab19690bf37bd1e8e68398d733b596

SHA1
7397095e6a70f1eb744440151665d10919f4af4f

SHA256
302974aea32996496b15fb1018feb7fe1f0f826ed4e32862c36776915a4ce8cf

SHA512
c7e05f9e72114bdd8e12b4bae5d105674206363baeb1271cd33f4d0cbb7334ffc2489ecca256f27c8fe7b8f871df7f96db608b5b151623ab5635ef293babb217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed2db50ef1369c44f8946a0de4ca94ef

SHA1
593fe1bff170180ccf95d86c71976318c130571a

SHA256
820b0896d03ae11d1fcb126b9bed4a23c0d3d1fb113f4ca1159f112b3b8504c5

SHA512
06258f7b3197c012dba44afd0b862a712fad776040fb33ebe5498fade4049f7298538c5ffadb6ea8d497ebe341c8f51b0118cd0650cb32adfa5fc2702db58598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3ee61191655adf67423e5d42aa625f84

SHA1
fcc0e412d85fa9236dcace137706690e0354d8d4

SHA256
8acb1cdb392db4d2c56549bf9c65d3ad36f94d53307ffd6a769318cedf4fd35f

SHA512
df0e535a827620307b0fa8641c5faf1c71669f3685f68bb887bdafe4e9d155a1c298c6e4faa7eba2bfa283bcc4282b71215a3e9c22087f9f26c00a6f75a79e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
76d67f87a3743afe54a4ac0aadbaed4a

SHA1
7333daf6c7401c2e396f9446d85604b106a4d44b

SHA256
da65b0547b8e6b7f85404f9d1a8c62dc4c36282339cc1acb3ed42bf5a3729ee2

SHA512
5f0fa1369f71808092b3a124d208bfc4b2175cee4a32d22c811b94fa60d7f01f026c60e7338575d1facf1db838dbab49491869e7b715815d4669efa61ff8ffb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
d0ad1d9501b7cffaaa01cd93eccc2618

SHA1
4a64084b37fa1aca7dbc66bbeda0f6cfe7858777

SHA256
dddb0181d17ecf8b04f64c867f8fc62fee0e30fce7092f398e98de389a4347ee

SHA512
b6bebb8fd459c882808c18280cd12023dc4b53983b5e63bc74a93405a9199f62bb779ab34f66335aebc722e8ce9164a2f4301bc21c5b2985fae5ec0c11e8a334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
14827a5a0e12ad867c9873938aa142dd

SHA1
951b422c6cf4e7b04f7dcbb5cfb4932b6fc21785

SHA256
c5cabc9e0a04f4f907f151486f7d6b24edf2a4cba0323bbddcbb736c0b11c230

SHA512
470eab81af7bb00a36c13fc777738c61f9c98786a19c1c7fd04e58a3fd0d9189578b50032037fd4f5e4cac503b9fecab3f623308d48759419515307d2ba63cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
51bf602450b9af399f34105ca9c2f798

SHA1
4036e0cda18c1a67a03a7e782faf6bcaa92766ef

SHA256
5041065ae940c959e0ba559de10d76169f76e34fe843b4aefc52465116b8dd19

SHA512
95277ab640eca7007049517121a870226dfed63761e00101d80d788c86790a31cf97f429aff94e9e0c31bf569515502c67430cdf989a4e038ec0aa962b42378a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
61006880b7f91885b14e039b7681a2a3

SHA1
3065f64eadfff20de731b2f50fedadc5c4e13e1b

SHA256
e03ee55d798f43ef62c56bf03afb3213fc1cc48ca3cc74c4b8ac1d2e5d0614d0

SHA512
5ae9881d14ea068c33579680a6bb578a2fa031233b58cb0140419f6c75a5f62262aee7d58a3da68d7aaf956ff698d784f20e9bb59a04e7e0a33d2de6209e1e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7d2e2a6cf53917bcea8758a7b7ca2879

SHA1
5c58bbef3cedfd645708d834cdc0cee7e690cb64

SHA256
4eb6b412640d740c004022663be556a94820e9a1647a69f3a6dd48200b2451bc

SHA512
524fcc89adf19f06afaea92487fabbb6c4ca654b07b5b31b6bb8973457a629473fe393a12bb474de5446891486e96b4ee03bbc342601901d4b127b7ef810e43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
89d48e14f47dac926043933aefdb3ca9

SHA1
c6ad1e44e6c25f4924da491bf095e8ab4e25bf34

SHA256
fefa9e947db384b5be75a01a03ca242c5f337c1dfedb8eb2e2beb321bda073c2

SHA512
6c738c91ef1972cb316728d7f67a535195baa5b3c3a12908462952d86d4f6966bf1f923cd04fdbacd298f1954f71824bce31cec44eecbf0a8ad5966be735ec48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fc83a2c5e22c5811576d5a0e5335f522

SHA1
c3f6dbac21e231aa8d0386cff02a64bf12295379

SHA256
0706e74b836dc47388bca37af902fd84a23f60a048a2d122a0c752f0ac6a9029

SHA512
fa24e05eaec583dea249e5fee2261e4113cc54723d731334aaeea565123746c619f450812289666584721e25c4788933dd745788e3ca189636efabaa75aed05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
633B

MD5
d6cf6018023feda589afa18035ba0c1c

SHA1
f138998ce0ac1b34d516ec4e9b064c22f733a219

SHA256
7e82389a96f3b8f8426fff0075b7729f1eb562309d1501ab4078f6f6194ba2df

SHA512
bc36c65e374207281b3a4155665be8533dd54ccec83a4ee067942fa6ee1cbfdb0acb32e021a8ec3f0ab3654f5c7eeb9db9eb12fc98d227cec84270c8aca184fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
c87b6ce7ea447f5961f9ab627caa7236

SHA1
f44534991d9aa3954dbd39d1ab2993f77b74f551

SHA256
172da5194c9d1498e012b44368d0f2877e8d794155d7a52e2fb2bf67ab991ac5

SHA512
3745e1dcf920283de8365bd138cd3f5918a9729dc463d8692c0afd87b0fd879264878d13e60ba80f851a8868819a01c8f515d4c74f5f5c5b912369305a2b548b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
021f9e8a7dab4f4f7c8c16c47032e70e

SHA1
60e258f3945ccb2f2b1f4b61d4416d9eccb7e0ba

SHA256
648e8e0d68ff0bab0982fb03caeac7ec512cd94e7eba27724b79acc4cffd0675

SHA512
a6f20bc7aadbeb5e522f4ed03bfe669acb93b174567436f29e0180ec4e500867623976e5eb7e40ced445579d442709738e2cb93ac18d1ca8ba2c767191c6b81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
b88f247eb29ab18ceefffcc93358b1df

SHA1
7695a17a01bf978f93603de7349ca8e52bec87c4

SHA256
5a36b6618062d5914e152044e662f742f99f433655d106e7e59d2b005d5702c3

SHA512
82ec3d18f129fd6d8691c7890ce7268b8211b1b21486e37dc43bb9000ceb29f79f429c0c9a933d0356a415823f53502ab08c5eb2af4fae272b337b31ec70e558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8c24a254adbcecac0b27b9d3eb6ba4f

SHA1
b6f99bbcaa5a92181be5c42086d753046184391f

SHA256
7b23782b76d5e57d936cdc3aaec87fc997cd29dd7f5977ad820efa031368a698

SHA512
9e128d7e444da08ae072b654765cb1e920adefb9a22a9b6d15c0f9e3e2433e19575d1feeac6aae8e1f993d51f9dfea1b6897791fea3bd1bd7068564be22d4892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
368402fe68d2dc649fb96a5dbedc179e

SHA1
8bba2fa207cc744d371339c899bcf9e333eb2c42

SHA256
fd2c432eee1d7d1b39d557c1ebd840b541394eb0570ffc46970324e591d0a9a4

SHA512
a6cc42a4eed2f4f72a3526efd93210d53605a39965c55c8e7631a1b5890958b28f64907abe157a1c100eb1aeab3955ec92f5482d1937d88a67d7b36980098c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acf2478cb4f018707d6f2edfaaa983c7

SHA1
b9cc64a8a9f99c992ff7d6fbd8873e6114b65b0e

SHA256
f3428f6a9e6e5aaeeba37f915c3560c06e4b8de6577d1ba3794fc1b1a5f45c79

SHA512
607e7e4d58448e1138e2b57c70a0acfb22ae6ed6f676cadacef2fb28db60c7ac363024e04c333d8db91ed3d4d3fba7917ebd87d0c43287243e88beabeddee34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77308ae6c6acf27979e754dba1521b7a

SHA1
15b891f6560f22321679e1077d452f9dfc006df1

SHA256
600263d43660c39d720b827db6923ea00bb5bc8ae36b7c32fcde811e5904acc9

SHA512
2bbfd7fbf730af8a5c3f92c9c8da421431034e58deaa94a91afbeadeb588f1bd22f5665cbca4897de09bb39b6649444d2f4f0bf38bf0ed8d948994bd629b750d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56f68618bfa881a5111daeecd306928b

SHA1
371dd716716b50b389251da1a7b4978d517ca2dc

SHA256
a66ee05c98f79c4161fcbae7f3de30eafdf95bc98e43f2fc0d8c92e02c99e87d

SHA512
0eb6cb3ff796c45cee6a7ebf2f504e8185aa16ecb925149b4e722a4a003c1f9bf0816973ed5bb69aa95cff41435edfad5dbb5fdffed567a41a6cb52837d0e819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c64e13358786aa240e8b56780bca6f6

SHA1
d9fdfecb86afd360d1b9c8ac3a45f74288686789

SHA256
104ccc16cf49683f887b1226d05bc840d984312f9d56101671265a025f72dacc

SHA512
988fe8678f63b47a7092d6e4dc98dfec01225b97491a1e26e1084c4de2386862ac319c163835347c84754b8f44dff575fe795b0daf65a7df8998a0c9f740d305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27880d73d83445e6dda6e918ad0a3135

SHA1
e12bc6924f50f0062df6e4b0ab6114a91c291131

SHA256
87054fe6bc127c58a375e9d5613ad7769308a8a5d839e5419917d51a09e215da

SHA512
79bf3d4c8f017c866f9d1dfdd042110e64f191f13ae5b771e30b7c2b74b1e16589c90ccf90b38dad3a04ce62dd286eb26bd123d7387855c58a88c9c722e08efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
3ed3bed3c95e9f57d67142af48d63d50

SHA1
6f5039dcc3549a9e9fcffe4558e90307b3ce79c0

SHA256
32e9b5b0cc4976c09a60797b9b81c9530635b66e0abb221a191fd31394fa37ab

SHA512
e2756ad326df47f6552e901f317c7726706e1b16413848f67c6b1121cd2351bbb307b0628bef450bdb525a5a9526ebf573345c8da8ab1682f65510a6c4107905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a906466bb4d2056ee394625e8b215f48

SHA1
a80adcd504c7d1814a6bd01faa9fde47c5f171ae

SHA256
bcac098da09d5db444566a5234a32de0ee287f4e42b59678eab2b4f91009a48d

SHA512
b79f2455575b92cb2b0f4672ff46ecae565d2f78e8e57343ffaab4450869c48e9d9ebf1affd981d1496b1681551ce7210a4c44d7680ffe1a1eeb6521ec25cbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369013004045836

Filesize
1KB

MD5
fab7015b9ba0861fa9df7d22cb652cdf

SHA1
a2fb4adf72239aab8de6c062611bbcdfa76f646f

SHA256
5c283fadbb489501656cc618960c3298870cf51ddc20798d9fd9cdde6b9fedc7

SHA512
a794938a2ba953c44baf2bac41f9ca67104c0e0a8ab96e1ccf294cbe068ad3a05a9e6aaebe86e27dbce486dccc67d407fb6308c800dc0d46d504638bdc461261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369013004634951

Filesize
1KB

MD5
37e360bc8362c22e5fee708c2dc8d68a

SHA1
82feb5d1c717d58e27bb53844fbb7d879d9a2566

SHA256
9bce65fd785a7a7153dea975a483c35953b0cfe5b3475c984790e0611f4bca43

SHA512
4789a60c7a52023ad526f3a40b7fa82e1082bc1ed448311162d76fa712f4c812604704e9cdd98944d81cb17f5e611c0d99742ff78831be201544c62bc122d6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
dfe6016ca10e4f67ba69e47ce2d1af76

SHA1
d00e8791a0167b864b4a2740b9d68a1109291dab

SHA256
894d2e3d2615929e8f2b238f681cf4454b3f268d9a4aae1848b8eaeed5aacb9d

SHA512
2336578d1fdc9c5fec94f49c93112a0ccfb4cac8cfd197bdfcce0393c442866058934f315917752a37e815fdafc8a5f081ba15217bd9fa5e8da408216105f9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
948737f94e8c5471ad9c838359434d21

SHA1
8c9c2372ffafaa228adf63f3d3d7133a2baf1eba

SHA256
2ca993351247300f3fec8549013e76b52abc080805bb21d1fea9b6999d9db70f

SHA512
6ac74acaae8064f028085cc9738372140e1bd34ec8afab07b63239a7df389c8c40db1be4c4067b82889f46ecb7d9ca766fec15d48dc66a6eb7758b8a4698f72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
6a8f898f7ac117daade83cdd602cd646

SHA1
5419d5a3304f1c6c526cafb069e820885994a4f2

SHA256
f55c37e6fba30c9cca309c104f35dc2d3b60a763b3fe559e11a9c823bef55d39

SHA512
6f7d4a848ef21cae913a03cc2cd0afb61db43721bbe2a79e6ed32fec677807b33890b7651cca43954f3d524731d0873cac4b89d022fe2b776be5a48156b6e757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5f4e601d61a87fc716672d44b69cda6f

SHA1
28d882ce3471cc4482462b1cef3b1c95c5e719bf

SHA256
8bab05c799059b34ad51861e7fba0df775363081b6c2335297437b6155ae464a

SHA512
eb32251b9a06a5cbc1a490c199fb50ad4f288a482972e984b2c898efd4344b821e770d0e2dfa24ffa1ac9e0e81c9b2573cbe4fd10961114285328f3d07c29542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
962af0eb225ed19a925e31dd702bce59

SHA1
b9a5a72b100fe59db37e48261cdd512ba9e9bcfd

SHA256
b09f8ff66dd03decc2eddfd6cfcd7afebfbe5280dfa1d43324911d289187a274

SHA512
7c4ef23a0e8f3adc1c7f3e999e65c69fb52439383db07b2be0b863276d06345bcf771dccc065c20af7498ac7dbedc8e684c84d8892bc58be83e8d85b017a8afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
eefdc6bdd467e39429dea69c2211171f

SHA1
550d07e6e1143d4730b7a6768165e7b16b443d7b

SHA256
392c193729504e971083846ff7ca6dc2fcb1dd5464f43d24a7ec5011c51ef898

SHA512
a479425a368c7e2f22a26c3b7dd03aee4ded9d4068ad97d218b87537e13e045118cb95d73de9035bd25e7b20acb7e1c9cd1465438db39e2a55ec11e4fb115b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3a72de373f10881e94e7000616a34aac

SHA1
e8ed0e8be90df420905434836a7615e8b4bf7077

SHA256
14f44774420a31f4758c6386707129c20661f1fa28f2383f6d9e6d8a6bf74980

SHA512
d9970a1c9a1444e74f97faf13287455a353aa0140b934de3bc36e8d175a3f0f166caba4a06f1068c3c23603803df150f8c15fce29d036eea7f7b73f0268cc80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
2067478bc0f1ca0b6bc1b75e07dcb3db

SHA1
9df14e6c88ae0a25627301912c3d30175c8d45f7

SHA256
0cf7e4d9bccd892c7f32fd76d2b9a47887df551f9234435ec46f36f28a4b7da1

SHA512
5f265e0dd31ff49a12a957310f431bfe3bf4a9c1634a0f404a1286471795f39d3f23610c63cea21a6452883bd691a5399a6d6189441d55047b5ef9ff6aa0b382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b3280d93873d8255588dddb097fb1614

SHA1
dc5ac99299a939557d82a745ff4d1db8396f2570

SHA256
23bbcb2848cc30cfad30879108a57fcec65f4b46a1cb617c017551d9d2ad6f8f

SHA512
7f8b942226b0fdc798f19d72e5876d68713a893660e089386b806eb81fbe24c9b284f04b452bcd6691d46dd9fd17e02363758a0897dd9ce569fdb60e53a307af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
6fb545ce54aa4bbe7f518acb75ad2b63

SHA1
16bc653eb2769c057a10f24767fb85eb4caa7ae6

SHA256
b7aa397ae1dd1a558a197c91ac7bc4a3909ecdcbfbbf690c1e6aa492d14311ee

SHA512
9b570e8239310a74c4f6e72b2e235e974b38de521d6b32dbbf2a5f80bb0413ce90ff52e6e484e716324e70ba4c8b7b923215441c94979d3710a8a485bae10f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
272c58740361ea6e2395c2fe265f2bc6

SHA1
d668d6ce3c93c908fee75d4b2830f7c8e1bec9ec

SHA256
4787c4e995156ccdcbeee525d38978cf5cd82d99153104df9d2754df7a9b3739

SHA512
027f5d9666fed13528703593d889b888339f9183df77baba47a97842dd5e214a1d94b03cfc4c46190e43501193ac7987f2a297ef5376d32284a9d932d27de108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b1c1bc3f510ffcb2b9f4ee6743db1f2f

SHA1
121a0dd89199cb22b1b4bb90a3cc6303b33e7e91

SHA256
ddf230a1d7b423f2bbe1e2181169261e8fea8b4cebb20a142f9b7d050b8fb9f1

SHA512
d29aff705c5d1d0b89a205f72fd1513848b99bcc2d26da59a7eea0a31a93e4b6e116189b7525258f84847616e015a2f31bd3980afc806097a14b9bb82bc8b56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8f64192b247a8061807c5ee19684b15b

SHA1
aab9b69c5bb18a0d07a89b9e2eaf5414ba6c7de7

SHA256
4af450b72b1ea6bc0249ac85a339dfad745d004f2e1f0c76922fe30d6abb612f

SHA512
ed297d290389b8bf6e3577f182828ad4627f353ac937bc10a0cb7be217fe36996631890f736d0e64c4e1ac90b3c9ea696cb4faf6a05855f0140f24d73f342f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
14f255362df9d2dbcc1e347bde992aa0

SHA1
ddc42d9a1c26dcd20651b303b343d2562a737e9b

SHA256
10f8797e924fd29d1aaf93fb4a3c2714c690847a94df7f2ac3c9f678c633e806

SHA512
17f771a7df83f26d28b1a3d391df66ff8823db713eb76a3b59ecb28d58df8f573d338f5ed5bca4625b8caea3077586dbb152fccb34ac658c91ae8c3d46f9cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c72eec71b2a2d739a95671d0a25f115

SHA1
2e9e40f4acdff3d6a89b0ff2813e1ebb157e61f3

SHA256
6a1bdc5e870f649c9fd9339eac6c6c666cc8d99e394419e30f37293d47ff63fa

SHA512
15bef878bf513e68015f6a09e15b038af31bfc52f978bef7509ae4218418ee01f125990eb6b81e239731259599f9a3f24da5ff671281482b5a1d84162803a3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
144f2214061ac1763586138e3b420071

SHA1
cc320164df1a2130045a28f08d3b88bc5bbcc43a

SHA256
a787b6772e3e4df1b2a04d5eee56f8570ab38825eed1b6a9bda288429b7f29a1

SHA512
06a7c04bb382ddec9381b2f2799317cc55472e91b03d1ccd3d236bb807187bb5773e88eade5483ee90930664d290886143d3d542de2e9bfe1ee90f7c15639183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
68e847b76d0db612a56648fc607ed3be

SHA1
6938c0c83e8a3e393b846eaeaf7edde0813d05cf

SHA256
1052df47071bede19e9d070adf83d7c5d8906b9f317af705e4c24382ddc6724d

SHA512
125b67ca6ba0476a23e7ad4926bf552c78d2da6ee95c71d81edf4b2f9ce7b66fbf36c0b08d9b56154e43fb643d0dc034e6b28b15fe92bab1dd875f61d533f52c

Download Submit