hxxps://doaughartifies[.]co[.]in/#010130/"msedge[.]exe" --notification-launch-id=0|0|Default|MSEdge|0|hxxps://doaughartifies[.]co[.]in/|p#hxxps://doaughartifies[.]co[.]in/#010130

Resubmissions

13-02-2024 10:28

240213-mhx3jagh36 1

12-02-2024 18:14

240212-wvp25ace39 1

12-02-2024 18:07

240212-wqp7bsag9z 1

12-02-2024 17:59

240212-wkpnlsag8v 1

Analysis

max time kernel
690s
max time network
649s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exetaskmgr.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2984	msedge.exe
2984	msedge.exe
4288	msedge.exe
4288	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3652	msedge.exe
3652	msedge.exe
3688	msedge.exe
3688	msedge.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
864	identity_helper.exe
864	identity_helper.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

3608 taskmgr.exe

pid	process
3608	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4288	msedge.exe
4288	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

taskmgr.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	3608	taskmgr.exe
Token: SeSystemProfilePrivilege	3608	taskmgr.exe
Token: SeCreateGlobalPrivilege	3608	taskmgr.exe
Token: 33	6140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6140	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe
3608	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

osk.exe

pid process

5396 osk.exe
5396 osk.exe
5396 osk.exe
5396 osk.exe
5396 osk.exe
5396 osk.exe

pid	process
5396	osk.exe
5396	osk.exe
5396	osk.exe
5396	osk.exe
5396	osk.exe
5396	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4288 wrote to memory of 4868	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 4868	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2144	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2984	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 2984	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe
PID 4288 wrote to memory of 1940	4288	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe36d246f8,0x7ffe36d24708,0x7ffe36d24718
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
2⤵
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8
2⤵
PID:2896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,11683418821797432448,11504551642407158595,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe278446f8,0x7ffe27844708,0x7ffe27844718
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3048 /prefetch:8
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
2⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=932 /prefetch:1
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4300 /prefetch:2
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1532 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1440 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4528 /prefetch:8
2⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
2⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
2⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2704767557121283133,13918610983751224847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
2⤵
PID:6044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe278446f8,0x7ffe27844708,0x7ffe27844718
2⤵
PID:3904

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" %20%20--notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/
1⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe278446f8,0x7ffe27844708,0x7ffe27844718
2⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/
1⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe278446f8,0x7ffe27844708,0x7ffe27844718
2⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11486393691850455796,15780215829953354097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" %20%20--notification-launch-id=0|0|Default|MSEdge|0|https://www.ucl.ac.uk/|p#https://www.ucl.ac.uk/
1⤵
PID:2716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe278446f8,0x7ffe27844708,0x7ffe27844718
2⤵
PID:4392

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x428
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\45b412fa-f1db-4191-bd76-6231a81e6146.tmp

Filesize
12KB

MD5
55d8f07992620a08b9fb129566945e9a

SHA1
d02dd1250c6e078c68d4a239869ced0fdb76c309

SHA256
24f8cc64406dc7af979a24942e4a036a406f056cecbe97e754eb1acbbeec2f65

SHA512
1c6a0d6a9822c9bca593db199693c68ba310b8c0ad6e4e05f33075732b54d903bdcdf5a632f974228f12f30e8e05a296956e9c65579336f8709ec144a9b97dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6b44e84c-43d0-4409-9ef6-cd1ab19b0ff2.tmp

Filesize
12KB

MD5
6a36a1ef5f39e8fed8b82d12d4e9799d

SHA1
819970721cfaba54a72a3839d88e6c54d8a8c060

SHA256
b1cbe3662c1dbd37616eb866129c288cdac067221a100c8a4d0ba5a0fcf55d1e

SHA512
60cf605d30f3460c98e5cd8d4fe4c05c58386d0654c07c190d7128cdc97f67c73b8e9b242de6e31b1abeaaee483ed3a435ef425fcd552ea0f6ced83f015d869a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e51aa999d52f40a29d737a51e36ddd5

SHA1
8c114638074ba676f76edd9c725fa13e97f03717

SHA256
435f26a972977080bafcf9bae4fd22f4e568e8a14c4619af68c14c1c8fc5b7df

SHA512
39d302bb4605cc438cd992372a29eb70168543dc81bd27628b8a4eedd53afd265cf3009df4acd979fe0ef5cde40f06043d8568628046cbbedb9c2853d89d9e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4213768709c28a5de6b97f7ac5181575

SHA1
b224174530d3b60778b430c0ef5ca3ff99287711

SHA256
759166330fbd5d9ee9474f4fdb836d256bdfe32a6de37e6ffc07f28a2c5ef7df

SHA512
cfa259a0841a2b654f7537c4a6a1ea95a53191b4afd011973877da66a30c7448d1f1a0b493bdfb99a5f17436c6957a9c139b1ea40e333fe7601158e7d7fbfab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7ee7d30ca54635b1221defc5c23bcb

SHA1
c9bc639410b61e865abd5fe399814c9f20ad71e3

SHA256
c0b61b47d304219802e4fb0024f1d286e8e5d07ec67496428586118f17c33597

SHA512
5b5d9c07fc38f06f4ea54ef2674c9421c9b795fef7c7ebb18c3a81196039f2e580b8ba5aa7a603a3daafd60828a802b808142bb98484951ba484e97490b30ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
38538af0662da9287bab651ef73d3320

SHA1
b61a9c799855d9ec5b037dfded280701fcf8e1bb

SHA256
771ec40c51f2a9a42f2679bdd0c4bb57db4b79de37e2fb5ca1fa654ee65bff51

SHA512
ec905a91c922da5339c6a5df46504ae76d2ec3765923f7187e7345b671ad1808bfcaf0bab8858c518711c65eb0e891b96f573615a488bcb8832263712aa6c167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c9ae9e5c1c1bfc319b88c26c89ea65cd

SHA1
9e0b8be1b695c808975a6967a38f190f31f1502e

SHA256
7092719bff51775baf42f3d4628a76ec1fe01d790ba9158e2c65b6cc325169c4

SHA512
4d265db85d5487bae6f6511e5a7e6b0fb0149441154fdd8bb90cfc9daac4f3546244e226a3ac3e3b357f0c28f0fdd2776016ca081029472dcc1d8e013861995d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
98c44af63dcb4fb23eb7255eee5ebb19

SHA1
a191614e65b0cd625aa4c5f1cdc2b9a12df5e665

SHA256
b2bf7863d323ed45259f1344e0e20b6899a0eee5c4c93ab2b2def04cb6c4a497

SHA512
905b5294a408aed52cca96a4bab988f86ea3929fb18074752709cbbfcc28af3ec81621e4f8b3db0a39825912b93b594d60638947ce1615f8061883129f74a921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
4b2c67cf00abfedfb83d437b61d5a41d

SHA1
ef2a244ab1522255bcc22ca312f6821281559f89

SHA256
99f2459040020025ce068fec33b00a93f3daca4e687c7503d7d704cf57bc26f0

SHA512
ab49457a695f625efc11a45f15826b5f8c8670e2135d474f61476dc64eae84c4d9c93493e26e67343c2621047fb28a164c6d03b814427248b9970d247a33b260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d1b77f57a4c0ff5bef2c8d4e7b645532

SHA1
b4bf8ff966a89113bd8a763b050060d72a3fa041

SHA256
94b2be674e852692d9afcba5410c18548bda7aed76baecfa8d826944df935336

SHA512
9b4ac9c34e146c7b53ca57647e74f482689b218d59905c372f04f1e7306acd7582933dad28798a73b07c3fddfc978d88023d1d92904605e7bc0c893d0ec25ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
994B

MD5
1e7e45b0209fa2edb30b18b8bfb5f21c

SHA1
11a821734b579a1e2b46ebd89f716f28c1ec2595

SHA256
0c759333617136219046319461fb49b43499646bcd6170c96c111b9e958905ee

SHA512
3d91ebbff89c8b79f94e7c9d31fcad14c27f1633787b43d9eeb456f260608799bce1f4af7d26b990362526401b434458758eff92608c47f0f5a818f275efb168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
c481854db441b32b284b06a542abc2b3

SHA1
00225808c85c7f577487680ad68dc0fb272b11b8

SHA256
135b956a2927be4760f45a5714beb43305ad7e81a9d33e13f8ddb46c979faf5d

SHA512
3760d98d9833e92f1a29ca44be276cdd16ddb9eecf861c0eaa97465ab5385db1ccebbcb9af23f9bff56240b6629958c32ae09bd730096bc4c814900613997008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
191df688dec19737dd992e9efc93d9f3

SHA1
09caf1aae96dc2245021e656eb18d2db3ef7a391

SHA256
a897a1cda8d0792c342841ebe59810edf9c4f4968da92b72f565e600977bb5b8

SHA512
d1ba29e021d83effe95ac21602f49cd7c460abb425a094d91a8d68e76c01b08afc7ef0730f1067dbe901cf4e895d6af9995ab9a39bc1d7d76650f625ca0e6350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
5dc7c3dbe9637895a463ff8e738672ba

SHA1
2297abbf30e4acc3306e20e86709a60d54eb02dd

SHA256
f3ba15e2fa1406ca9005bce599f875424963adb8b70dabfcd987ba6b57b21b8e

SHA512
8cadb8d6d4bc7f84e29a4e649207b93a3ae531bae2d20ee827a5c0c595f3187efa852f251f803c7c28533e6c6cd714659c6d386e938c7a8f6b37b82ea323559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal

Filesize
12KB

MD5
0e1bd3f0f25518733d1e5a6729476741

SHA1
bf2ca1c0e02cb0e92fb98c2e2b5dcc57e126e828

SHA256
c0d5e8129185f0d6b51c6da9de8a597b4bd598e087b78f2765340977106fd93c

SHA512
42f6f99b96b2ccb07f284ae8c9cec46337cc036df5470efd605c7aa06aafe266d15065f98413827923c840e7634a418f4234bce26c003b3ef303cbaceb947d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
298B

MD5
18ad44a957e04f41c904d3e82c992907

SHA1
60c1e581116b67e089bfb6c6e29cffa73c590adb

SHA256
f0d0cc49cfa07a299638eb29289f30c9bf0f85867499b832c6380ee66e304cf6

SHA512
60230e3e4c4e7d1be3bcaf1f39d1c1c0a69dfd32b54a8094ccb025e494c2c8ecfadb4d0d7323e3072cd0bb85aae0c1179d7757ce1aa2b7d05e25b3e92066c061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
63ff93157ccd3e138535f3385cffb2bc

SHA1
c59261f5df1fc30fe65b8d98849981e90bb47ea5

SHA256
f317e9c09a79ed19b3c856f4fb89eb50babe0e73cbfe54089222558f5c20cfcc

SHA512
6ca4114f86646cead97b3c1a7ef095779ff1d9163d3139b9dcdb7307c8ae36a89e45b20e464b19fbb69ebfde1782a8f2e72ddb3b3a9bc4b28b02834cd06d7e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
388B

MD5
9aa29f6a91bd15c0671abdc82f705293

SHA1
89c4940b339fe8ec8d6459a8f0f93d2fc6766184

SHA256
725e1ff96afbb5752029b207de9c9eaaa355863717d9eeffa7e43eefce61edba

SHA512
20c834e4b029de06c9bc1a2ff0cdbea600874794518fef21078d7b40d9810121e41b30b2218700a451872792904b7d9ac84c07be8170e3e6f6ba6c60742c4244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96d5a94e1baae18e9f07bf89e7a176c8

SHA1
7c28c284f02d412a9e6b2de00cd27dd4501e82d9

SHA256
c991e5cf14f6c1193a24379b2368c78b865ee1c61967926c91172b7e62b52e67

SHA512
c5f576af25200e2bd0d6c3d283d5faf733d426d910c480b47f929ae3869cdbe00c4645b35dc22c410f9cc72238c36cb119580f69acc0b2b33135ef720fe0229f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26dc6fbbd6a7ff7c9d158f6755ed3053

SHA1
51e0894ff66b32d3566da9d64f5951daee9d41e4

SHA256
de5d8c5be1a0fbedfaa5628817312088ee36221dd0fe4131756faea0b58144c7

SHA512
9ce49459215339f9567bb32d02b96f3d31435ac44ed9397d4c539086d609898b75b4adbde091f639cd3a891d3d7e93a6597343e71ad6bf1f5b911e39e44683c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c20a5507999d40e07c0697756a1da6ec

SHA1
f53d05b58750b2bdf3d1e84c7a614a473ba5faf2

SHA256
75956653122df3b809b11dba4ca4352f31cd9dadd16a7c26f581e66faf7673fd

SHA512
a17679169901f887d3efc70df52bc2104cedc5982f3f17c5cb18abaf6b6183c59387e1f0a03f59f9a81ef883e5d7155f2c52f5a094978701b4f20e3822dea9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99dface95c69db86e0fd1e9957591b0b

SHA1
759fe01f66411949325c90042d4c624d21fd20ec

SHA256
2f02f9ae5e917cd7df71852240db3afc91409a9e5f8c1ec02d56b818af1d7114

SHA512
45ab2c51d5d07a5d0c4a2ef529dffe16d0d74f13933eb5f7f63414f2f5bd536827859dd81766661c690e1de234a79e5eef350f9569f16a21cde3de137fc077e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03795b437a0a9e7cfaae0b6e98bea1c6

SHA1
a6d091c8d6f0c76b1ef376ed21064b6fbc59cf37

SHA256
432ca685fc013e1e64a9ee1dbbc2979777fe069fec7d9969bd2362f9ef54f3d9

SHA512
2d246572fa30c98d93318f37c23373ee788c857ed101597cd26e461b0d91df246cd5a30bba668e13cf6f880766d665aa090c525d5f5d9d411b40a3aab632009b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
421928324dbdfe16dde5ac96f5a35118

SHA1
917da3233d10f58a04a50f8ff0b61a10341445f1

SHA256
1957f4a5178a2e0f10e9beacd620c64df5b4322ea6d845425c4bc1f5cc7510b4

SHA512
82c18bf54fb9b387f6a15fb3b3414996cd47d566b811ad35e96f3f96d8f1af78a99d651ad7b4018881a86df2e51e2af0dc0931bd9f65ea0948dda09d8ec6d140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a685ee2cfcad1e629d77f13c7b28a6d

SHA1
c747279bef1500bfb37071b21e720d68c8c8bb2c

SHA256
3bfa237a5317671e97018c8f23ba7ff630ce3b06c786421bdd43393fdb2e7ed4

SHA512
24932d61b107da8f77d3ccc45905284d726cad3a4af844307da739387ca19200192dc7da189f60e7b833b56edaa9395ce26795d26b2839321437f76637b72f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
470d3a208652890b2a3955a35eb05e5e

SHA1
c82b0eac6c8687a0c1126871c57ed4e183286806

SHA256
a44b0204adbcb62caa4ea938cc38100b3d1bbe123c370a480f0050b73442937c

SHA512
e67d30044b328e95865d0aa71bf2427e1add14521b96e5895ac2dbebb509cc0b445541beeab4bced3c4d0ff62f3c7b2b20089e838295c9944b1c7febfd1f0336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
be21049a7c4dfbe356cb98e84549bc89

SHA1
79a3b30b77fe0f373d4e13da809b9f1856dec3cf

SHA256
b2c1479e7c3654a922a7bf51ae2deaa6f9e456343fba28e8c8851221b9070cb8

SHA512
36570d1a8e9fc803c7badf0ff4f81a2b51d8f71ef730d677f149e692bd1eda8a430037d777057a628fbdbd7d442d431f280230ba1d6a478335d0c922afcac0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c7ec27d94da04714401b9adf0b17756

SHA1
3e18d51664cd7c8036552c1557391ae0e7d3363d

SHA256
57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52

SHA512
067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352235294151599

Filesize
3KB

MD5
3bd7d04ac6c8e15eb1b5357f3e70afe2

SHA1
425dacf574831c5d9fea9df1515ae63e8244b3c5

SHA256
dfbc250c7e47bcfc20d1847d95364f90fcd994f5a18cd1d15e75114be65d4814

SHA512
129f24e8b7aaed55bc6dab6d7cacc8c74fb9415878f320df408aebe8c713cc52039ad320012e8233170f20f5346c8730e8ce3644cae704b028d13de5d77bd557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352235294327599

Filesize
3KB

MD5
49d668ea69d434098b6d954a462f89ad

SHA1
202258767aa26b91d39e7faf0ed8f5dd912b267f

SHA256
70cb1e039362f61e60aee8051d208384dee0f7a6793e653e147d60e8bfe696da

SHA512
d8873b31e203d209ff92e31d23ef320e754a403e0b253ab1074c3a1a3579c434047ee6cc4ddcc5cd42dd883681dff47b69a9559eb7b48bc59e8a2d8e0aaab446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
abb9a81011082e9bff79c1268a7105ea

SHA1
5a838b355c832154e83d3909f3f939ede54bafde

SHA256
3a4b6908883acf4a5fe64c698adcf78fdd02fa6e2db36e9cf9ff8b5b189b8085

SHA512
aabc856ee259baafd49547d5e31cd08168ca6e66981a47cccf586b02159c35251860ed4bfed7eb53e571a7a35090ddc012adcef06692857923a63199b8041cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c96a01fac2f63df2bc813f0de9eab0a7

SHA1
f6ebfad77fb37c5e27385074ea676cdc288c0581

SHA256
8fc492bbdd17379a0a90ed285eea03ac10d4adc0f12320dc2f8c7fcc6648ba36

SHA512
757d2df53db6496304d6f11978c67b9c863a069f242cd59c4c25dc25dc5258899f53530e5829ad435b373c56ca67a9e248c7fdca6b3fd18c36f142bed38d6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b0d687893f87340d3402f176532dbd3c

SHA1
95601d9637a5e5ab8a91cc5ebc31d42ab3d4312d

SHA256
7c9ebc58b6e12e92102e4684f5564171a2ee02a6f7e857c853b3c955772b5287

SHA512
0b7b5d1317e46c6c35d91a2fc71c26eb16a93a955ecfd86e4c3dbd63e23cb88503a2ee5b017775965a8830e562e12e61e4601cb7195a37e21ff408cebdf72602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c4b66163dbceff8501d3587322688cda

SHA1
060f32fd727ed3cb335ccdd0947e561ed07edd50

SHA256
0919fd6826c7389a9a43ac01ff96f5ccb841270019884e462d54337f75c47b8f

SHA512
7c104e4f76b94ac0114895536eb9839d9cadd73ca608989f5407a24f091b299f0c837a82653eeff919f25259ccb6fc81dc7008cf70a4d78a20303a199338cefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f71117304b348818d97821672d77647f

SHA1
e4de7e5e3920c5e5dfa15420fb2732975763e290

SHA256
dd2a3872dd1906fa87b16b9e59247d730434c988e9d753633fd3186eaf1640ae

SHA512
750aee23b4b2e3fb7ea677f1f99aa71fc3176b7efe12da11f13c25673c557095546352c588c0876835ad5cea46ba0f9b5762a2fa0510f4844fbbdd4aa2bfc852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
eac6e6d8122096d7fd4a0caf2e62c04d

SHA1
bfd60e80e26df7db196ced8670b3049ea0540b35

SHA256
c8d0c335919624ab0182434ba87f3b42ca86cd27298e5335161f92821f9d490f

SHA512
9f8a461c8aad488ac1993faffa21cdcae6ce0f964eb0328d8cb3751e94686bb9d36bf5c5dd944bb0d7235edb7e4344f900b42f2b1b6df77ff99be1d41f3099e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
adfdb4c32b853cf1d37ef4cf300f38f6

SHA1
b516c0ad9fe4b7fad3fbc55cc0d05480c0bd670c

SHA256
d3624bc50c1d1d60293a6ee4e9853253feae66201d709dcd262b22421bcddc6f

SHA512
e9a0b1ae46e9834e172d4d9049c64cb1bb4d8fe05e8a43c44871380189f6751b459142319f41fbb0b159ceb6d42cf976041911bf972795c666ffac32ee1a73c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
9d35c58a631e0d0b8c4f24e543eb2456

SHA1
442d81dc01bec28a20ea9031225b8bbac20230ca

SHA256
c8ff5adbb5852e250990a20d3343e0e5c31eb8a9f72aac60ba36bbb08046876e

SHA512
4be30ba4ee2aa1b22b30062fbe3098aa9861453368115f444f74133f0c982cc90ac554d8c0b612c0b5146a871184b883c6a5b4b4a315568cf0596c4f6391dd95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
4b8e45d9b371ae9a020f5a56cc4e916e

SHA1
8758403ad85093c2d9d447cfd07de1c2eaa872b1

SHA256
429ed489b264e86924242eb11315f013c874ce9dabaf4be7860eeb15b8fb1805

SHA512
67d5e22d8c0511947beecffa6a187124b4b967ca4871509de07da6aa9fa3c4d2d03da45951e15196fc49ec434a4ae93733a17a3803e1f60289fd12d5d595772e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
175B

MD5
5bb608a9db6a1c0110a2f9001d234d77

SHA1
e3a69aa0afdac94c6de4e53ade08a782a8f631a5

SHA256
d28d6f00901ecaef5b838fd51a416ffdd179450c5efed12c57b09adcfaf0ccb9

SHA512
ba461d2656e7d5074e9475d88186838d590fdfd4c5bd0f33e3cddda9426b9698b59c4c58f149720f4bade3b1bc213e20f47b56b47fc8c29f5488c1dfbbe449ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
9d0822f21d47516a7f86d5c47b4386e5

SHA1
f149b2a98e95402762650743fbe7a5782a7e8aad

SHA256
a0f0ec01230bb3c9c5d860e86a9955459f4e1c2f8e9fe10b654a26a5b3620667

SHA512
353313e7d035a4d584ffa908919224591191479b5f2918c6e157248dfac8fdb23801243f9570b7e8d2fc679eea1f1c5ccb30aee64b9ad8c4a0458d1006a9fa74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
bae8d18cddd7a04f66eeeaf22df82c0b

SHA1
b4e96977cf2b3fbd438d2d87ec227426de01bf36

SHA256
4f6497c0c2265028cde0914983624e43a5177588f9b78b70931c9102577bb065

SHA512
750519ac9a9584c3741408865b6ee4501d6bc01c3aac2d225b4ad1f789197984b40b5815dec8eafa7cdb8750775650ab184be8fb678ef9fef2a2697f1d806eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
7ac71c1e6d5d6e62dbf18e4ae496eac4

SHA1
cc984cd40ddf26c5af703f76971fdd67c5a694e8

SHA256
6ac08b07394d7bdeabef447b3d4f3d3d760180185fdc99a1710438215465d1a3

SHA512
5b8395acd8d8d6add8a819e7016b473acbf3cc4a998515fec263adfd627e3d0af570b7de6937b7702ff795ccc37766d9422973bac30d774dbef1bda72e70309d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b5865bd8d38a4e7b4918a013c7ee1d7c

SHA1
fd44b35a7ce1b012a3c7082d83fd159d62d4f533

SHA256
7148b14b87e5b1e626fcb5350bfef321bd28ea21d93f847c80ee1d9ed32719e6

SHA512
256512539b17cfac7888eb031d79f3e89af8477fc0a9a3f617c5b19f856e722137bbab433a0eeb0b03b4b37b88b9e81ebc28fda783a9c46c93d53d9a35dc3059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9d3c71aa5cb691aceb5e2817983b149f

SHA1
7b820924bbf21ab1e60a609fd83f617bd41a23ca

SHA256
237b4091cae41ca8980d9b2db132e342e6f2c4c75b7c73b7cea177188637f2d3

SHA512
9bd497064fce623b1f5304a449d17a3b05c6f6712a24bc1fa8cb9b39a5462f82c05f3bdf227cb0e31d4b9b643575ff328ded297e95aa754e9a622e9b8fd0d94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
408ac1b6229d12726522e56de4a71a08

SHA1
97e5b451241568f448b43433406b2f0b2dee4d97

SHA256
f9f8a0a928fcf11eaf9cff46bd1679fe80b71a7c819ac4e276aa8b5bd1a42ea3

SHA512
9d1da8cd9c3f2281209f27d20fc96e1d1e2f9b958f23f5a054fe23c427d33e75e0907e1d488f803c91f414d1bd4ff842d49c1341766fe38b0c2124afc00e4e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
182f934c0981f3247156867a8894f1b5

SHA1
d271059637375c46b9d228b19c9ab5386eaf84dd

SHA256
0979f6f239dd2effa0bbc59756b7ab6661450f111dd4bdffab9980c3c146384d

SHA512
2183d27b8680715832f691aeab3939f9b06fca8a92d5fdfb59ee4de66ebbb02425d250e71b792c5ab535399d38ee1cd773d563223e04aacf6dece3227269c3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2550bda94b6e082c6cdab7c04bd31918

SHA1
f08d0b51692080d2c4b2c2cd79388095a348081d

SHA256
7aa4d5c7a8d75fa0407beb2993aab74006e564fb5eb608260c9d481ee5c909ee

SHA512
a7f27c9e16b9830397173ca0e4d620f7a83c179f523d576dc970887bc0db3287da3a9e8784d79752b4d8d88d52a7e6997acafd416439ec4d22d485df53667b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4c0124e9d8e30754bc45afaa97095889

SHA1
a6c75ecef2ecc3a8fb43f1c47b160140af0ee1a2

SHA256
660500f57615d3412807e0af4bdc561b2efd4acc840e5fd7e7197a1be4cd7490

SHA512
57b37adfbded80430720c0bc63ac05288da92116fc6ef5668a1d445df49472c6e980bd37285e786b086147b12b64d7d0914096fd9dacc1a6ca1bd912a58e5c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
049c2f3d710f13f835a3c356d24d9a9f

SHA1
d15373b922e7dbf343588995253221dbcbe5de25

SHA256
5d67ca7ec332db57a58479f379ca5c14b31c41d96afd1a160b6ed00c542445a7

SHA512
8949677eca423c7aca19e05ea2c21affdfe9c9160f8d1857cc8661cbe2c4625a5a1a2472a4e66c25c01e33db11db1f31faef3372573fab58da8b783bcea73c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64075e4a9d5e0d86c948e765733ebef6

SHA1
11d78a732d19ffed523f8531188b522e92ddd726

SHA256
9c3ec62ff4c0280d5d54735260b74e8a12cc5f865b0ea976b7640dc4e19bc7a7

SHA512
207106ebf6022e54a9f5764596b0e3e55eda65d990e178cb8ac13f68f922fa0e21c3cb41380aa6e7e34ca11689d15c6a05f0fe5e6ef5e0b7b6df26bcc42668cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
1b0cb513f2ac66101ba793bf6072d1cf

SHA1
c54e9c30011b3201d38fb98c3fd76fa8efb065ff

SHA256
ee0821d1b8433ed22d0d739b16c0fc1759f0afcb8597f353e4d9a0268dd47e3f

SHA512
f498f1c3daba7f6c6103c35dda01fc777a894b650adbabfba1bfc19ce7731dd6eec79af9b0fef626cd1dc1182001cbbcda9156db778935c11fcc19f35bdf553b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
b61c09451f576e6a746b63d24b22496a

SHA1
509ee19531999a95cf63c49eb195163720fb2db3

SHA256
9b16b4d131dd28bc9d73cab80cd0f677efac308e7b488b33c2dcaae9167a504a

SHA512
eef0bf68ab422ee1ab52d9f19eaa3a9225f92932ac9d21d6d5208beaee70ea5e95736118a7fe68d43b8f9b578356f2e01b01253c15166a79a5213e355572eef3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6017a1562feb27c4d2eb56d724034cea

SHA1
e418d81f8f827a4ea8bfb6c8748dd3ae6481e93d

SHA256
d0612cae450657d22d8c13fd91a70265ba568ce256ee0d1ec7df6d20a39bef58

SHA512
0ff36a17956b9d8e457ee90ba4007ffbf4c9c48b16434faa5ebbaa5c3ef66b3db616f500253f9cd9fa0e4e9e174f2858205cbc9fcf26b87453803bc4ef0df87a

Download Submit
\??\pipe\LOCAL\crashpad_4288_YSPPGHPMLTBENPUP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3608-174-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-173-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-177-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-169-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-179-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-168-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-167-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-175-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-178-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download
memory/3608-176-0x000001BDF6520000-0x000001BDF6521000-memory.dmp

Filesize
4KB

Download