hxxps://doaughartifies[.]co[.]in/#010130/"msedge[.]exe" --notification-launch-id=0|0|Default|MSEdge|0|hxxps://doaughartifies[.]co[.]in/|p#hxxps://doaughartifies[.]co[.]in/#010130

Resubmissions

13-02-2024 10:28

240213-mhx3jagh36 1

12-02-2024 18:14

240212-wvp25ace39 1

12-02-2024 18:07

240212-wqp7bsag9z 1

12-02-2024 17:59

240212-wkpnlsag8v 1

Analysis

max time kernel
389s
max time network
363s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskmgr.exemsedge.exemsedge.exe

pid	process
1552	msedge.exe
1552	msedge.exe
408	msedge.exe
408	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
4468	msedge.exe
4468	msedge.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1564	msedge.exe
1564	msedge.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
2900	msedge.exe
2900	msedge.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1060 taskmgr.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

408 msedge.exe
408 msedge.exe
408 msedge.exe
408 msedge.exe
408 msedge.exe
408 msedge.exe

pid	process
1060	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1060	taskmgr.exe
Token: SeSystemProfilePrivilege	1060	taskmgr.exe
Token: SeCreateGlobalPrivilege	1060	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 408 wrote to memory of 1420	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 1420	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 4628	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 1552	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 1552	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe
PID 408 wrote to memory of 972	408	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5628 /prefetch:8
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
2⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15076402579064721569,4088396110484867994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:1052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/#010130
1⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,10181018411143438373,7180504370090584381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
2⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,10181018411143438373,7180504370090584381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
2⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16190480531818794482,12668093880591387058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16190480531818794482,12668093880591387058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16190480531818794482,12668093880591387058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16190480531818794482,12668093880591387058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16190480531818794482,12668093880591387058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/#010130
1⤵
- Enumerates system info in registry
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,17174885088971522889,2669524194929433349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,17174885088971522889,2669524194929433349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
2⤵
PID:596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,17174885088971522889,2669524194929433349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
2⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/#010130
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7160918396404921195,8096208566736644097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7160918396404921195,8096208566736644097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/
1⤵
- Enumerates system info in registry
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97846f8,0x7ffba9784708,0x7ffba9784718
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14085722236970193032,4919777921829898725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14085722236970193032,4919777921829898725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14085722236970193032,4919777921829898725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
35260014bc717612386f2e6b9372e2a0

SHA1
7fbcc09d507b5317c8a2939ca398febbdac669d9

SHA256
5863c0127e85ea9fd1e5766d5ab3bcad8e35f19c8557bc0f87c432eb2388621c

SHA512
5bb4e3e76e3006fa2d691d3714f222fc849b3b9e81f87b0b1b2ddf061848044a129f719b420b9ef6f5e507030b69996d46295d8dbdc9e9ec694beaec117b964c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f38c7d78494e68acede466b30538226f

SHA1
a21d95bfc4eaf416d74535f32636148803ab1a9e

SHA256
b04e863465630c8ffd38e8b97bc26ccc9a317096501077e32edf06b642bf387d

SHA512
9e32d656f79ceb36c2ebbd6c6e2355e04437fbb2408aa710f2d4524053bee3536d69c7ca510b20a28fe245e8f82fa4f354db24b9c16eeb2a46142138759fb3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7521227e153665ad601a4d68c5dbcc12

SHA1
90b8150d6dc9cf541d7fb9d1397e31e1305df736

SHA256
4f1a2e27ffc294eea315574391737e00c35821dd3008c43aedc54464d1b17a0e

SHA512
b2a892845e51a71dc98a0a1ca239a1a949c8d74500e27943ad2155a3d1a7a67c6f774f15cc80f0f4d19dba0f292f43a9e9f27fd85975f22fbfdaa7553724b6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7207acd874935b464ab6a94714484d83

SHA1
8e8955f29b945381c83c304f4665c2d5e7f9916b

SHA256
7a3c9d2178e449e0ceab4e05af770d04f06f0135ea98d0ca4315e4b52ceda838

SHA512
23154ab7d0da3057a6f2e0d13cae34a282df1ae219af2c3fd9f7fd7abc0aa68e5b23167b6a959188ed847f0b7d7ca174e1976f06cead1bb40505dd2af1d711c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\103a7cb9-07ef-48d6-acd5-81a2b7a849dd.tmp

Filesize
6KB

MD5
82994b15acfe1bace66abd6292a5a872

SHA1
abeb26d9aec7cfbaca40d7b475ada9e3a6341c77

SHA256
310ee2253bd317dddf03d5bad59b86a0e609987815c5cba40200965543461366

SHA512
9e3443d2567295e912f4235c1a78eaf0f9158158d803f483cec91f1a9f0e8950c9630c54934b01d905c7312dcfc1eec58cfae87095e09b7309b664c5c5a3e53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c05fb63-6c9d-46a2-b111-6e7f0c1cc2bc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
4aef738f90191d3ea88f3ffaad7ff682

SHA1
3392c18023a61952890b66987b3cc34a1afb4e89

SHA256
fc69b089a5ff0720bcabee8f228ad4fa23e075e1c6a1efff3ae143fb737c6f5b

SHA512
4c561502844cda7a690ae8a6b9d7133f3f16961dff5f418a461fba381da0436a2cc98797d0086134c5ce2093094329d417e969108cfd689e55ec7730e68cc1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
5e5201a7992a979a010d132368c7d30b

SHA1
4828fae13b22bed9824a84928dfce0adc283bbc3

SHA256
02e4150c9ed1ee97ce54e16f2805efb8b2abce801f466f44d721fa3fd51bb5a2

SHA512
44062a277ec38f9c6691c3ef95daf2808350f270e2914a437455a2e732a5a4ce51413271f43ce3f17b4f0f0ef6d0a4fc2315ca8b1b106a384d37382007f13aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2a036500272889279c5a25b65dddce2f

SHA1
ac7efae6f584ae43922f01fe1377d602a3516980

SHA256
5cbc98d362044cab27241164ff53e639ce8563a6b6a425bbf91f9004c89d0f93

SHA512
c1aa1c5e4210daf93d064e5c53948f270a84b218d73bf7b3525502b262157a918aca4266d744e241524f1a14424301dad44a13ffbed09d2236a4c5e7c93748d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
fe150b023a149eef612ea5c22105b7b9

SHA1
a338a2d1eb05ba0fc3b02ba86d37675a70f5baf7

SHA256
311089a852d86b07f2d647c02598f6e72bee4a381bc18c175fc33630e303c048

SHA512
4e372295f6c6d95a5f5d7a06edca8f22cdd0df43f461cdeeb37124959e000cf633338a752b4448c1f3d2791ae6579fef512dd8f554b9c7826a2d50ab55ad60f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
148b4727a27bb9a473fc72c48fdc18eb

SHA1
56b101b2c2bd87a4dfeb3dd52757d083030fe2dc

SHA256
9f8550a229e46308ded3194e45fdbde515c7dc582de4b26d2117a46aa5d9f67b

SHA512
771063188202360cb175313dca598cd2335967d0bd421bebb4eff1ad53a601fefbfe6cc373ade1649bb156e564ba42ae9b1ec395162f7d50fd353c6f649eca6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f5de87aaf1aa5b04defd16537368ac4

SHA1
e8e9e46fba07d341e63f79ffebe2413509a5f6b2

SHA256
f5ad7aaa4c0f044dbfb8cdf69adb52947f0eaf3fa8e77981e08da84c68aaeed6

SHA512
33584c63ec08601173b32084df697eb1f1af6ebc2f8cafee465b5f2b82b8320165dc312540d310ad67d9c13354ce243c93a3484538001d7acfbb121a833609b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
725372f9a0c8002b291e5aefe913adfe

SHA1
0a0727ef29c8fe4f6a62e945fa1c374336461833

SHA256
7a3919473a2ca460a8ec7267716fa9f708b7667ec56b4e115cabdae14486a112

SHA512
a200caea8696f74cf4dc4c59b00eaee07f40ba689d358e08e93b0161a17deff2922fb8ae49bf989784b0a1d472ded17908f494df71fff1513a216bff63a7d2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3637d8b54f4724bc825b357d8b629f20

SHA1
1820fe612ef7c8f47946be25f4b537b930e1896c

SHA256
fe5c94cc9717b7f82c74cb46512180cd4360464e904d23b51e8fffdfd0c2eb4c

SHA512
a0d28106fb5ecad59b696e2540c74856a715361236b1d958c4dc84a48405ddbaeccb5e8b82f5d874a9578bf6665c04e05edfd5fef9320c47b79649f1fc3910fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
907190f3ccd4aab03d950e6144d43c7f

SHA1
49e12f13984cb6b8f3ed6967c7e7e01cf1077ba3

SHA256
68b9596fdc2dad6186f684b51d4c4dabb8f27fdadd96d400e3489314271cc222

SHA512
c0da94b42ef158269ac9b0ca7f381a500a53325b6de666b92104850024652debbd370d86c861bd8587a41404ea527383e1185c4c382d1c0170e732769632d0bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
355f3536e9dcd7027b0a04ff1e69585b

SHA1
f9e5708a0722d9162b1da0af4cfe185cf3e3ec80

SHA256
212a19af657ba1d2197f85dcb8228e40e272f364abbc2d9bcb74465d935f1382

SHA512
dc62007ffaae39b32728f01423abc5c800b8fdb80a3166b173f39b7472c68c6533ba1fa593886657f1c67a63eeab04cae9ba1ad62e0d145995c5abba0cc45ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bcf0a49e2bbc9f5834aef3d98529ea2c

SHA1
9badf03ea7f9c083a7ea16b5b72c43ea9a964824

SHA256
5fb9940190c1f541b893f8185ee0374da0c660d6e2957609e7ebd0fbaefab285

SHA512
5234f781cf2d85d182446901b36fffe293f76435c8c3579f8e127f9bd9f2f7ed3482a2ce3f126e7cb6c7487101e7985cca357a61be6a6854b4cb27785add7802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1eb09a840f788fc29cdfe541cc6e4c94

SHA1
211b4865616635bc5bc7f1857faa0bfa635f80e0

SHA256
42ee94b6ec5018049b734a1a5d5a77e7df17eb54a8acbfce2df1daf1896894d7

SHA512
762ca179e01a7ac19b602dfaa13d1d08b34a301960921006c10f3933bb0ce984114cb8832fb6f5cb3ee531546e8e19fef19d84acc78aa260a7f40431b7374ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a03f5ef77bfb1f7317eaab40affb75c2

SHA1
1f8832dc06150e1825134db40dd96fd530411877

SHA256
2e1a8226606f4c1634b5da802c09a50658ab2462a322a0d1470e699aebf2a524

SHA512
749734fa5d8b2ab1c518221f1e940bd82f846cd942f85545a1df96eea26553436808cefe17ad88464f6d9dac19cf08b0b517008a86669f89ce328313990874ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
905a8fd065c3a48682e9651969320af6

SHA1
78930e85b178ff2bca488edc909e964c31c0d6be

SHA256
56ef0bec3c0f69103f103db9b93637f23dfdd54fe4ad0887d7443538fe6cc277

SHA512
b4d8d55de54130b11d4fc26f9165811c91d4db8210595b698f63beb83faee48f5e93747a0b5ae72e91996b35c335405e24a359c019928a73b6818e45bcdcc98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be46d611f796abee76d311ee407e99ac

SHA1
8dfbe4f9dfec8a219bae9d4a5527f10a583dcc73

SHA256
37d93551d017d8ebfef2652b332db519423fb37ba33b044f8f2f093e2164f203

SHA512
3237fca96d3607f88ed083f0a61fda8b8f100b43182f33977251661ba63a8c5b20625059901a2c2dd7da4ff946b3252489e7e5aad88f37c6d1e094aaa71075bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d52dc2ca09d662937e3e669200ec0cb9

SHA1
d61e36c11bd13511e35c2221ce2d82f509d38e91

SHA256
288af9448609160db5ae774bb18de8d77e367e51f21919a22f85fc1954140fed

SHA512
dc294f662521adec1ae09bf0e53de9de7ea1f17f8cfa5ed42b1310d0127709e2755d586e6329fcbdd65a10654d5157f895809fdd95bfdaf2c72b704d70843eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
42b0082698acfdfade5ca2940fc504d0

SHA1
1cec60e0bbdffbf3b483b0bc83a753895f04aa15

SHA256
9833bbcbf618dc868ab1ce4b8597ea7e6a3dfe0f9236739ba57dfa9801718eab

SHA512
272317cef24126e42c2c3abec4cd4b3e6c95f301f688951817abb1645b442d3194b4fd1ea1ce0b7baea8b4dc8e2c306ea6c08c96ff6fb337b389c7daa8887b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
d930e8a1e2de9deed0853453ebf1fe0c

SHA1
ac7fe6a4628176c5d2f6f300eea3c751484bd084

SHA256
99795226aa51691ce772cc58884dbacb574a0af3f2dd9299c7eaeaef35c80229

SHA512
ef93140096aaed2441b2caad5e8fb7a021790b9eda9ae1628ff2b7e9291f5e6e89e0f34b4988683f0d433c274bdb8287b4b15d052eb331a48222190a3f70992e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
5e64adbfa22c2b5aba788c41f6d2ec36

SHA1
c36c7c1cce54abe0e5ebe659120b8a7f2fcc3ab7

SHA256
719e76bdbc081cb8d849923a5066d9814510b11eff7a573b121bbc0168984a65

SHA512
b1821bcf008c510eeda9eac57a39d7636cd0581b248375d099639feeb765ba878130a830194ba96b9cb5369784cb0164a7aedc6bc9efe7dcdb165d5c2be22646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e18c02b41a90cc785a643bed941ca123

SHA1
886df5d6ea07e5e1bc71ceb4d8fec26f89e13cc2

SHA256
e761cf80ebfd0f3f04ec9c62886a92fd3fa36954f32f9d1dc7d587e23540985a

SHA512
cd1cd66bf0cac2fb9a2b1ea0fd0c2ba5665ebffd86ed92d7b508a5249ed88647904941cca69e8fcc28bfbad436736578cbae8eef074c04f2668e4c7bf4b027ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0df145688d2895053d208d9d2f233a5d

SHA1
0bece44b648b5b9866fcb544166cfdac81e3da86

SHA256
e8f1f6be714f5e22e5b4e2018e6ac465fd7c0b67ecd5c76022f2f14c1f1c453b

SHA512
00d81bdb2bc2b60b010061a66443da7d88f4216a797e338c6c64b48bbd286c84de96746b0fcb875e3e39859791443462ae52402cf589c6d9650dbd377a8b3eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3a2b2d43f962ce9a3889242c7803fe30

SHA1
6761be07d0add8a4d974bea975f67b6ccc0d6c35

SHA256
1534773147ca8e860b02939c1ee05cd55c2b903d2c432f529e4bbce613f2d5b1

SHA512
ab6eb65e554fef203e3ce17eee86c3fc8ec4affb0a305cfe605999555e106f9efcbf67649562c0771aa1e3a33f3c082f25b57686b2037a4537dca79373429e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
80161af741d281e01111c6aa17f2cf7d

SHA1
98d1ae1a9fff947f999556a720f01ed5f8e8b15b

SHA256
c49026d6729606cb3485d3e1b8419cf1a2456fd87495fd43b8338d0289981c0e

SHA512
fba8c214e0bd1e42ab93668ec35ec23feb1d2c3461a98ab0a960c86740c2734d163a6287a5d34c147f33190da261acae69dc8e26bcfd348606a07433adfcd597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
549f2d4b5a33dcff345a6a4dc40b28dd

SHA1
6bfbc06800b60d7eb1de694459c450293f929625

SHA256
d12b291ddb481aeacc7eaa02bcf1d79011b4acde1ea40fac389fdd0b4a9949d7

SHA512
45d2318dd554beda854fdb8242f923f3d089e6048d8fd89d8f60acba71a4b003065499af8e8456cbb6118d05352cf25e617a01e37e2e7e826505ec470ea22f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
61243a98da65094ae48399854a6c8858

SHA1
b88d2153b6ed7cae5b01651cf5cc621b868b1981

SHA256
e22c02b60d0c29b2becae187eeccb5906fd8eb6116b436bba7b21801a75bfd5c

SHA512
dd6bad7d76cd2a14d683369fe2a9c16630c501e42569d35df5974aacb0686acaa8e187a2bbb2e063583f9b674069ea126a0d3698745e9cd029e48c9b9c4f40e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
408ac1b6229d12726522e56de4a71a08

SHA1
97e5b451241568f448b43433406b2f0b2dee4d97

SHA256
f9f8a0a928fcf11eaf9cff46bd1679fe80b71a7c819ac4e276aa8b5bd1a42ea3

SHA512
9d1da8cd9c3f2281209f27d20fc96e1d1e2f9b958f23f5a054fe23c427d33e75e0907e1d488f803c91f414d1bd4ff842d49c1341766fe38b0c2124afc00e4e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc49f0a385906c4537711480422b6f20

SHA1
1c895240a3a72e60e3c95c89013782b8eba91379

SHA256
dce3567ed87a96cb42792ea491f56666656a909426db8b641583ee3a79b11893

SHA512
1b7dffe419edf46c8c22010ab6bfab9af2082f3e0af1432434c37ea28d7ef0efac273388104b8d28b3028fe5bff173b167dea31343883c33dc983497fa63c97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1faf636b937f18dcdad1fe74e74b27a6

SHA1
b3975dd9831f9071513f55e89d60e07c528bc15d

SHA256
50d43fe15ab1c723e25bdcaf280e95095a05e0662fa8986f3de2796147f3813e

SHA512
1519546237f5a734e9c45ff4b9960a784f26b2a129e04ebf08e056f2b87b294e68044ec9194bf544b7aa7d1ddcbde22405ae7a50f92f1dd34eda359dfc4fe605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
774ea94e8ab2038c41890b206dae90f4

SHA1
33312994721aca7bcf822f4ae0ca2b1e561dab05

SHA256
93087d4c387667e0f337e7da2ff6ced1ba139a7e095e4b249457a41350c9f64f

SHA512
4e8acb923b2009aa026080707c330d92cade5f32b0a86e59c1795d8b488becb9d635e0c20219aec7efa566232d63c2a365eceefce4c9ea4ec134a562ad9276a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a58d8b0d5a0728a205452d0f51b5d23

SHA1
02450d23ba25c6e8091d139882a27c826c9d76d4

SHA256
1fcd9bb71e596ad18a935f68837eac4acb8feeaf17135c1a297a1d20c364803b

SHA512
cd6abbc5d3e9283e9b6f4420febb5c7c3a5c24fe5aa288cc970bb38bf2d41f90cf3195a8f5fc1b9308294a26554faff9ac0b6ddfe6ae2d90f088111c82e5be52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
14188131d84572b7a1d6579df637ef28

SHA1
0c7ce92a3c953e9e7d5059a5aebd505a074df8db

SHA256
063f712fb1aaa603009e8f2a5458e4d214414a6a5e1f5db05aed3318e55d9a80

SHA512
c2050c539a3a8497a47f23f7637d8c361d0fc831ff9d0d95aa7c1347d7354a59c93709853cc72dfa27ca76c7eac9c6a18811338a125ffc1fdd6459cafb9bfd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7da705f1eb401944f9c87b1f330faea3

SHA1
656567ab90cb1e57f4c5a5c1c7f59b3f4365df3c

SHA256
f8331d883af54b1751c62d1d8d19ee7a578c5e9145c621cf29dfd4f866560a2d

SHA512
711d46621e1161f55aa1987b4e2556fb0d071b1bcc979673cbaccfebf9794f54131504553f47ba5041828c2559710c4ab0c4c75f0c4a53e801ec4dc7e685c617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0aacd808aa4ef6243a3e2b669bce0af4

SHA1
f1aacef97824b36d9de30809143b21281f711dae

SHA256
0c658bb67738f0a76ad37cd7a084bfbca12b6c7a7206026a9bddfb8a8bdcc472

SHA512
d38f3bac855b5aa4f2df5917a19e287c417f2931ad2dd0acdfc8e9cfbaf6691cf1945bf61066b30eec75541d731ec92b81b3823eecf16f59124b871076546db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e83864e9499cfd729654c91efa6b8143

SHA1
ee3f1fbdaf006aa0f0573d89c50158cb6cb4a07a

SHA256
463abd11b0bce273afcb58a5988146a933af7e425ef3f2b51ceaf31d696e14e0

SHA512
f4d11010add7913a36ef8d69a978b7b52cd5aa05a13c8f56060f6a159aa1ab01859815cd84a3ba1a6fb402c0bda702b8d189a9eae2ed9bf4290238ae96e9ed62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
959f40603d5b3042f5c16e62671a80dc

SHA1
aedb46d328c5026f073a856324e76540c4247ae4

SHA256
861ad7e52dace9a72726508532cd5f25eb032d73e2adfe03d4b4742bfcf040c6

SHA512
2eed2ed1bb2bf6b9a2e777a480d84a12f559d8689684a98e7c8a4fd9fb1f7e4221684c68dad5055e2e915bc5bb350b7f42aeb78f5913e86f22b0a0adf2caae48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ca30cbd8ea256be1a61745635b76fc84

SHA1
8ce875daad5a0ecf37816fcb0c6a8d13e9e138f2

SHA256
0d7ee6adeaff32412481dd36b40e6d1bd58ebf7adbe65b5d8033aceda191fa13

SHA512
1d14af9b6ab49f8416356999a637bf3b34678f9b9dd9d406e167bfa981e8b3d7ed12ae2764bd36cfefb9931eabe4e6e3385f2100c8dbcfb5eb575a214b1a1fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9dd191cd718a4a631d8526d8fca397fd

SHA1
38991b88f1ebb44f9d73fe9dde979ff1d54e360c

SHA256
57d8980356c8e9b8c0696701134ab2886c313ca4532480bbf4b6d890f9d83eab

SHA512
c070d034f8a3bf988e6b12c4471239ecbf2cdcdc30f5eb5ff26c646650ca542692dc79de1f90dc205de167ee2a163e78f0387647dbdf0de5505d1c9c53e38722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
c67aca171f989bdbd5bbec4f3362aad4

SHA1
70cafa292b4336443301006f8c52e4d601b690d1

SHA256
2ccb531bffd651a1e09825677ff8850d6b1e2377ee7952ead4ff0f44436e4b46

SHA512
c53b4504987d8a4e56e6719a8836ff491466a15cea6f7dc59ea95eece8ec391280083816fd63c75356bc0727d4d4599394afae7ffdf10730f5feaef137d887db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
9c6e77a6638ff7ee14b72761e5e96084

SHA1
e6993e478f375121414230a37b40bfa9d8d106c8

SHA256
00d57fcc13d5b0d2ddf2dcb85f0eea98228a723819373fef1ac5fcb993a4524a

SHA512
f7517896bc16484d7cac6d35f10cf55cee7cc932fc1c4e83323b968f2dbc5954e6e3a8277a4425f0207b87d5f520860686ca3f804bad25e41e25ef2732a4d334

Download Submit
\??\pipe\LOCAL\crashpad_408_OEPFGYLOINUJBUAS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1060-294-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-300-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-302-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-293-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-299-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-303-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-301-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-298-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-304-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download
memory/1060-292-0x00000200C47E0000-0x00000200C47E1000-memory.dmp

Filesize
4KB

Download