hxxps://doaughartifies[.]co[.]in/#010130/"msedge[.]exe" --notification-launch-id=0|0|Default|MSEdge|0|hxxps://doaughartifies[.]co[.]in/|p#hxxps://doaughartifies[.]co[.]in/#010130

Resubmissions

13-02-2024 10:28

240213-mhx3jagh36 1

12-02-2024 18:14

240212-wvp25ace39 1

12-02-2024 18:07

240212-wqp7bsag9z 1

12-02-2024 17:59

240212-wkpnlsag8v 1

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskmgr.exeidentity_helper.exe

pid	process
3812	msedge.exe
3812	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
3684	msedge.exe
3684	msedge.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
3600	identity_helper.exe
3600	identity_helper.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

5384 taskmgr.exe

pid	process
5384	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	5384	taskmgr.exe
Token: SeSystemProfilePrivilege	5384	taskmgr.exe
Token: SeCreateGlobalPrivilege	5384	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exemsedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exemsedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1896 wrote to memory of 3720	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3720	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5040	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3812	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3812	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2024	1896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb0846f8,0x7fffbb084708,0x7fffbb084718
2⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3889472202526013044,6177254120882587010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffbb0846f8,0x7fffbb084708,0x7fffbb084718
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
2⤵
PID:5684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,13718345792452373171,11574734497609391465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6104

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb0846f8,0x7fffbb084708,0x7fffbb084718
2⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e51aa999d52f40a29d737a51e36ddd5

SHA1
8c114638074ba676f76edd9c725fa13e97f03717

SHA256
435f26a972977080bafcf9bae4fd22f4e568e8a14c4619af68c14c1c8fc5b7df

SHA512
39d302bb4605cc438cd992372a29eb70168543dc81bd27628b8a4eedd53afd265cf3009df4acd979fe0ef5cde40f06043d8568628046cbbedb9c2853d89d9e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4213768709c28a5de6b97f7ac5181575

SHA1
b224174530d3b60778b430c0ef5ca3ff99287711

SHA256
759166330fbd5d9ee9474f4fdb836d256bdfe32a6de37e6ffc07f28a2c5ef7df

SHA512
cfa259a0841a2b654f7537c4a6a1ea95a53191b4afd011973877da66a30c7448d1f1a0b493bdfb99a5f17436c6957a9c139b1ea40e333fe7601158e7d7fbfab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
29fa0d7890e1760f52a2f807923e9cfc

SHA1
2da2a05f6d0bd19714a077066c136d84acb472e7

SHA256
3688f8deb54c900e53841415b5ff3f48b11c33594fbaf8a62eb2d61bf9376486

SHA512
1f176489268157b4a587ee1b3a5e6e5ef32e027bcc38f135cc58c2edb8c6e28c53de09ea2e53027979c1efbaa8ceb025f40376ad1118eacbda40ada2af41da31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
894c15f992bafcf909080bb3ed079173

SHA1
feea314ee7f62d7d2e7fd9f5f0a2f67dedf44106

SHA256
19ddc8eb6f3b51d72524f2b97ce7b1bc458b1191c58c47eed4edbe6592197501

SHA512
92c3a320aa9d3d157c2f3b53429e29e9c77070f7dcf50e9b43152408d26398d15174deeaa49376322e311d14a32e864071044cd610ffde2c3d5f7e09c5f881c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
079af181856e3af51b238ff02f07e238

SHA1
1eb5e813a43367a004e0c70a0d59f912c92c6ee8

SHA256
94a5750010884d50e6fe465037bfdbe1fd0e7007e09ae7c5c4e5c3a54af4c0c8

SHA512
2755870e64795f8697d4a5bb4f56bb87fc958bb5b74b16bfc7aaeb1fdca4c95015858af8e6b86bde1d3c4372c8936cedd39b62a98983a10bab6e86bba4f78a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
e49ed30e5b2066a470876b019443f786

SHA1
8e4971bdb9f9672546cd900e54491c361680db5f

SHA256
496139254dfa2199a6e22117ef6e4a364c710706e448296cca7b53c65452a4ed

SHA512
fc9a6403e00e4703fcab96ea72c114d1910fcb8a953ca79a7b8d4230e24b0745ccff3b210760a8fb8e851f2f5d285af6cd379ba6dc8c33ac4b3a2bba003f00b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
63321841f82e451717ea4257bddc7c91

SHA1
ce9e847ad8bf9d94dfd4971ff29156b57f22dfdf

SHA256
7052108ab94f88f81d6d86f7987c6514c84d986e97d178456bfb923fa3031eb7

SHA512
7361ce0e4853e1a6947a7329fdfe2808a91a56e4df2e4fd9b2abf836d52254f4afa306fa9488c06246ba416865fb209f9244b86711753f31105a3429bfd1fd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0adff2d41ab43a64a3c0416e848752ca

SHA1
474eba976e64d5c2d9725ab604ff355cd5d0dff6

SHA256
d9cf03c47139a4629384b5ecbdde259730982a0789c8d3f8225f7f75c6a67aab

SHA512
43be4d2f1ba3efaded975573fcce5a9ba42272a2b47f58aff45c194d71b0450ac5eb2cad72b53d878cea8bf86e84c3855c1cc1c1109a05630dd001241fad9153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
859B

MD5
ee704271a711483fe2cb76a64af16494

SHA1
21b1e32ac951e354c7a088269501f46dbeb8b5f7

SHA256
75f6de6872986fe83e46dff619a917de9bf94677c6c0029fb83e2fa146f986cd

SHA512
0976d7dfb386f51e475bf6d8893ed1074acec6e72236ba174da1e95a845af11f85020aabdd19b5ba2ece7decf0a63f7c650ad34d82c59786925c4ad10033d3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
9aff3659307b54c1a3f4067f24b12367

SHA1
e38b385d33d49cca8771a1d1e03d27d73cf6eb84

SHA256
12cd328f17ed6ee94f326d130c7bf81dcf3c8ac6fd615c3b00abd41b968c093a

SHA512
76c5f10918d1ce289a7cbd57176c90118db0e72002ccaa7fe9e0e8f7d90d3cf97a4973d3b0dce0217e9ddc982cc729bfa3ebb22b4997fbd52ad2e2f41c74132d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f7ae02ea4154b48e23ad5f25cafda0d

SHA1
6e3bca05d39cb573e14038799a9df8ebd650a2a6

SHA256
74bf2ef1f9f2c8aef427759fbf90ac2f27c187578923b6213939429e6fa0f4c6

SHA512
c58a021a16402efa45078f381083bfe463bde654535a9e39718144461dd687acccc8e1e8bccbfa5bdc1ce23ed807f9ab33839bf8cdfc6eecea0751af68c04800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fef19ce96db5d124450aa71ae5f18af

SHA1
eae9413b69c01f5e6c006186d43091a83df3ba31

SHA256
af33a02e4c0a1f1c3c3321b30e4cb6a1341a83ce2620ca21349bf11c0d3c0eee

SHA512
8579af10e82063b45a62f16688eb75a5c8095a74b0106d7542b4d72b39d27a49e72b289f9cab14a029df3ccdef70233f105b432ae64decc0dc493c51d1abb236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be749df2840969e0d2baa20e20e26ff5

SHA1
1539cf69a5b07781fe2b98b53436bd1c604ad16b

SHA256
4e316d1bc10d753d43546d5b0594263f4b8866168b3ea3a08d9fcea0cccf5187

SHA512
e677db1dc7941badd36f2e9592292288dba476291c88d9c7f67f6209ffad1bc64411b7a669e2d35a6f971314c1d096b0ebf6b7da3fde45f9e292fc197639ba22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16e230061a571cf6eae589ac113b0a0a

SHA1
0a1a0548b7a78d2663acc9fd22af61cb3800e50a

SHA256
117c528c9f3f5ae34f9db4379f0bff58c68342a5ea9d049a419169a6f0b2478c

SHA512
6d4172cec94322fb5f317794af22943d20d189a6f0158c86f6b3f3a882fafb9cdefe742044ab52bbde74ac6acf3786f2582afe880b2bbf20c8d5a8a8034a5b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c217b4c860da521fa6a9fee781255205

SHA1
a692a5c86bb4fe916b81350bc672abaefc03c421

SHA256
956599e58adebbcca6a51a6f79550dcd534b0d99acafd0866562fe9ea72701cc

SHA512
703899405dd45f6141b46e3591d8e11be26b6135e5782b542f5b8577004a746041c3beb17f616174080cd07f96a49df46241713ba95aa97c2a5ffdb11ee99ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddd9be31e2e86624cd316f682074a922

SHA1
7e82f8e7bae75a8d1cb70b48f23a82ab08c8f0a4

SHA256
5d73ca3ea87ff9251939182325c982ba1848fe2c830d28305852cb25494563aa

SHA512
7a406c6c6dcbe6f69d6ebf9950558761b561fd4016e7515ffbd9c4b9081e9a2173432f7fa839bb56ef68ead86c213fd25f7172269abdf41973b72b1834ebc3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c7ec27d94da04714401b9adf0b17756

SHA1
3e18d51664cd7c8036552c1557391ae0e7d3363d

SHA256
57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52

SHA512
067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
849248ba1a95800299affdd82a4741e8

SHA1
ee9be3699d9f1f91f9515e056c59d08c6072e593

SHA256
0a828f358b2d367451978ce477f9dbff0a9c628774c1af6b86ccc22a40fbb112

SHA512
1ff06ad7b5c9b08e98f84e1dd817a1523dff5183818dc40369382b9347f8e27d16a95aa4846e5a17ff58794a5986711b8d00c4368868043069bb1038870ffa26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352234874117151

Filesize
1KB

MD5
ea3d10fb4cdcfe56647d4d5930ee7d5e

SHA1
e4d34f13a2949150fcfe809fcd737535748dd2ef

SHA256
51c4f4b4ef3ed16e4c0c47214382b4fabd0ff26e6b9b729a3906947a2cce1744

SHA512
9c4e6bab6e840b1de2375cb8a82f5bff9077b31293c76bed318f7353b13abfdf0939c8d3438502c2eaa1ae0ef56f22981407913e669f9cb9476f8bb350579b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352234874290151

Filesize
2KB

MD5
dc52b2e6709b45d00c5e20d7f06aaaa0

SHA1
42e68890b029500de22df0980381fadab110ca90

SHA256
b341b86e0198f39f8ae268e8ddbdc802de923b670d9f09d12dbee1c3e910a792

SHA512
8328e538b90cb02ba49d373d1f9a81a4c2e3b588350327a2d7c9fb144d5b90dc2f44efa405102b37eaa3cdb03021cd58a11174fe4148eda48e1e864a84de6d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c1ef854d2d54bccb73e5de9ba2e184f9

SHA1
70aae84be025d912dc901a78a40e2969e55c3350

SHA256
189319483f3f585902907aba624f156fbe6e8dbae12c44ba6cae5fed17a78f27

SHA512
6f10affe9d517d47bcbb1e85deadcbe5c5e745e112ecbcad392bf71afc0249b36dcad4874e8f87ef45543e49069c311292397072695c3fcbdb492c2172b7880a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
00a38e16f54145b4519f7068ff615ec1

SHA1
8062d158050efd4d2e9023cf7589ea7bbcc3af11

SHA256
fa26f2a54fb601257ef937c06d2e60ec283bdfd6b26aa749ffe688e771631d50

SHA512
ea5fd4b5e2f72fe7cef607620eb27a97a1b3f980aa048c306a04b2acf6917ddb805cd1c73df5d863df36d04991d3d149a0dadf4ea61f095848d4ccf967bb96ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e8bf5c279a03b491a83164332bdce558

SHA1
99ae13e9b61e865c5d932e9c43b8ba770fd5470f

SHA256
a61778321fbe1ba8d94b92b2b159ece89b9b019408d3f2fc49fbf9b7cc38c8a0

SHA512
c320093ca3899ed8776943e83f66e3c8fff3d487a49a305c2bf41afcc39854eaeda9662a58c826199a2e89580c8f0cf258d21a15ad8f10e770e690018b017db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ed84608597151a55b969d8b1580d4462

SHA1
ce8032af2aebdaabd692b93e7f92ef0cf019d998

SHA256
0fab16dfb1bd0de51bfa5cf291f8f09ea44a95f9cf2ca44d6ca81db3a391af45

SHA512
32fac0c094f050068e38d33eefbe11f0a0747e8e67dbc7f2d5149298af0b2faa50e4a282c51e10dd776607b800a7f875202f0ced16178a51ca33d75e8c3eb552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
42a4ff80fc4c15a65a4bb29c41a90bfd

SHA1
918efbf9d51257a0c92c3dd291f7cc198015e242

SHA256
7675ff1e8a175d22f5b446d2d8c605adcbebf80327e4c00670dee6f737c2daaf

SHA512
54a0deff85832eb97a766f364ff99c3db01bbe350d8770dbe98698b99362afedbaf5db54fda1ac1e03c53abeb7a26f1361c713a8472204a8b33a96bd1e52fedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
1a28638f3369838d5f685a32eec873a3

SHA1
78d42a8900e306d000790c436d914b1503f12ec0

SHA256
5adf73954420a54351f6070be5db9aa4223470fc5cd4422372d5d4e07de11700

SHA512
ca0196fbd599598ea226162b357d060cde49d7a08a9848276fd7da23c3904f0032d9cba1102fd83ae05442790849dec949c66329d7c0a5827832f8c3cc1552b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
120fd93495ab948f4529f30335ca3c11

SHA1
ff2397ac0148c7fd04a101e9ee8f451526cfecd1

SHA256
c52ee3912090a5cd53e533e65b8f439f55aef1faecde4b4e683e04fa5d1ba038

SHA512
be4cb24515f74016ee9d1faae9d1760240ca4fdbb5bb14519fef245195ba87a00c5f28836c415b3475ce349d9107d7d6f0fc481eb2e7a56e9c9cb498a915a279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ab347419b79057e07653dd3b944cbd7a

SHA1
921528c5426aa281c8fa3ebd4848110033726baa

SHA256
2bac0aa14d71b6873c1b4a4d70f3595124f42f2282393622b38856a240d6431a

SHA512
bf671810d037db5b611b5c11b0f06a3e3cb7d304fabab556c7f8a5ab37452656a9c0b0ab93338e155cd57b395a3a01264b8d74d945e960d29f1195ccfb4fa1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
37d5482517e7af7b379d84732d43d87f

SHA1
6c3d62499be47502a97982f8bb781b084791f30b

SHA256
ae1492d96339e5ea975b0ebe7f44cba53d27ed118ff7e2e7097f598e24beec02

SHA512
04c68732980a6b2f4df5c263a6d056d7efc8ffd9218a7b0bbbbb55c2f2c12856ebfd2bf48cc398224a95852f31d03c98a7e65894b7cb0fb0c46760ff27f50e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
4ceb27a7da8bca468f4d1edfc9432ed5

SHA1
5b01e0e0fdd409432a77ac61676e5fd408caf8ee

SHA256
73511da06738526ebcd23468b836e54679b244f74a498f97b48239c5a88d6de4

SHA512
27671b952600ba8e9cd203886ae5ab6691d67c918d6ab9612cc3c776608adf0b1ee63f3ff09983c1841581ed284b8bf7201b0a0b78ae57f702a222bd235052fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8b3ca15b9da5e641bee289198a977988

SHA1
dd1a6640a7b1d909f716035683ce1dadee00c85a

SHA256
5d034dfc7304e298060416d6d2b4a98b8bb43e80a8fc479350444bdc8de38555

SHA512
8dce5f45c07549ed2deaa5280532e15fb0382521850f3b7c9ca3782b43df078cbe800b1785ec7b176cc0025978acdbdb17cbcb646f7bd3ac4607b9ee2822f570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
38dcddd60e50899cbed120067899ef46

SHA1
579da382fca595a676920e223540121d374f7494

SHA256
39d2507e90a14bd66ab91eaba2d1cf6ad2e1edddbc8e9d6f3d5b55ea04a0df0c

SHA512
9f09d509cf258dbd1a2d84a86e026a330bcbe45d7133fc7e8bd54e49154debe23990aa891799af4723297507dbcf8cf47e52aa13abb52eda1ed730215b2fb601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
26d663b1b0d0e22ed9eac024323c5aec

SHA1
32f1ba6aabd90be6ad89ee7d9ae029742569ccb8

SHA256
c1f49c4ee65365d6e8c20c7243fec520081334d7eb5ebfaf0736bb1b333e08c2

SHA512
08d2a9d271c14456c7fe8fa0b8d14b93faffc92f8d348dbe13edbfcaa0becaf5035aa58b583daaa23ef29a931ac6dd0a821f0010850fd9b747c3bdcc6436acc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
44d48c3de3edfd4069f65d521d2e0d72

SHA1
6ebf0819a424bd5f53664f51a7778eedd13771e1

SHA256
ba847935f052707c068a49c1507a2d4a73287cff5037b8acf7fa80d5219ab2b9

SHA512
4a6e77e6f5f962b169ced4403ced01a53675d1973edb4dd0e095320ac23ef89f7c4f007322227c643c1e04f4f7437f35d503f52c6fc15ca3c89661290e6ce540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f9ddc7e8c2f07a39e57718a01395853

SHA1
f8f16d08ab86a7a165a69862443005245de64e4d

SHA256
59f3a5753a032599e0bc395e26603a9c5f7fdda67953a345974eeff7ea78686f

SHA512
da73c999db711b620377dfd5de4c2a8959a83bcd7a2ac95d70ba69382638b6212ac6b37db02fa82f9644cc330eb9dcdf075148c7f58df7cf02baef1b889fe016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf1ed264a8495b76f47210bff571923f

SHA1
76b32510717f761a55ee796af6636896ba80a124

SHA256
44de297f5f8ce01c04404f0384050847c48c783d065a314bccac3e0385357dfd

SHA512
63b3dc20263947cb035a156194cc198c7d5d0306e0babee78084e2aaa1c2163c2cf094cb11f5c600d908c2705069dab86ba4c0e3c02b8dce6f4cadc5d0438f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a15100bbf67776b333f5a6d77437d13

SHA1
1b79bc9c68bd00228cebb9d206588f647b124ecd

SHA256
8b179c41d606cf33bab2a735c75c73adf4da52a144576445f11d7660a11b0f3b

SHA512
de82ef9ded28acc2d2d7e1608af5693556ffee824516a9e664a87d94250fbe9741c0bf0b91d43b386692db966be4f2d2fbb7e739c5564311f4e7eae444392dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2cfddcf235f92a37e382e5c119e92487

SHA1
9b49619c054ec611e936243e059f4f830adbb636

SHA256
a4972031ead096292446accc838f7f9f03c3f371a1c080fba6ef85faa668412a

SHA512
ec380a5b18eb954c099ae8d19206fe80d816075e1b95d5c1306053c17d9f2e293c3edc0748888318e1066ee9464b7236258fedd736c83d496a4ccf1919406e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
a9d9db18773e495490fae748aee2b24b

SHA1
9d2766219bce0c0053c4c4062b7611588950e69d

SHA256
39228f82f30e41befa0e76aba0a94f67867d898f660f43dc4596ecaeb14bfb40

SHA512
16895abd14f3d2e51d65cc51bdbf54c166e33a998cb5ac131d593ae9815279e075e04caa51c2c55243594aa3154c37e4054df0a50bb14fbad62c7ac838ebd06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ff1a88e3a2cecc5834629d8d737e820c

SHA1
5e4b83c10415601e6adae180b8aac35043c3bdac

SHA256
ca36c3d2cefb278fa4f17dbd375a656ffbffe6c3b2346607f84e8a7a7f2cfe94

SHA512
34ae305cc85eb27f662a70d559f2843663f13853039e7a6f0a25a6ba7bfa776e7973bfc90cde8c4579cbd7b8c372801b5fcadae395b184d3b0922f421e5b8ff1

Download Submit
\??\pipe\LOCAL\crashpad_1896_NPQCZIOVRLXPIPIZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5384-233-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-234-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-229-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-235-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-228-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-227-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-236-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-237-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-238-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download
memory/5384-239-0x000002ABC3620000-0x000002ABC3621000-memory.dmp

Filesize
4KB

Download