bc07898a6136045b88ae61abdf5cb081a4b7ad792c555afce1c42b3ce43cdf0a

Analysis

max time kernel
52s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nezur.exe
Size

26.5MB
MD5

9368fd67654ec71b2d52dd0d8fa31bdc
SHA1

5550c19ead9a17988d30247b646be69b776cb693
SHA256

bc07898a6136045b88ae61abdf5cb081a4b7ad792c555afce1c42b3ce43cdf0a
SHA512

e6f06371262b4de8ec57800c2a06492f1e977b7a05bb34258fc1d27ab11cb089776fcca6bffdc64a407c222a5b998d5a36aedc829342baf50707600912268ae6
SSDEEP

196608:dOM8Wb0guhegb56w6Vr8utDq+S0KW1Hs3VaTnJ45/9iD54+V11bFv4ztbK+nmtzw:dOM8heg+YB+S0KW1HlTqzQw

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
3032	msedge.exe
3032	msedge.exe
1332	identity_helper.exe
1332	identity_helper.exe
408	msedge.exe
408	msedge.exe
4624	msedge.exe
4624	msedge.exe
1712	identity_helper.exe
1712	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3032	1428	Nezur.exe	83
PID 1428 wrote to memory of 3032	1428	Nezur.exe	83
PID 3032 wrote to memory of 4920	3032	msedge.exe	84
PID 3032 wrote to memory of 4920	3032	msedge.exe	84
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 972	3032	msedge.exe	85
PID 3032 wrote to memory of 1336	3032	msedge.exe	86
PID 3032 wrote to memory of 1336	3032	msedge.exe	86
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87
PID 3032 wrote to memory of 2008	3032	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\Nezur.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80a6846f8,0x7ff80a684708,0x7ff80a684718
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
    3⤵
    PID:972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18103720438561203858,522269818829613899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
    3⤵
    PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\ReceiveConvertFrom.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff80a6846f8,0x7ff80a684708,0x7ff80a684718
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4964678040532328419,8211488223193944661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\ReceiveConvertFrom.htm
1⤵
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80a6846f8,0x7ff80a684708,0x7ff80a684718
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13198088242243394394,11218081121772670519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13198088242243394394,11218081121772670519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62973214efe431e9221b570cc23f9d2f

SHA1
925b55d587b0e3785774a1dbd9bc3a133dbc9330

SHA256
e1c886d8d107e85ec5e311337c5af158323a27d3aa19482c16888e749474a41c

SHA512
5bcc2446e449dbd5121160258b831c9da3502ba6bfb268fee30dfaf41f041bdfe9999de719261ef7a94a6aab63220bef66a2732a4479f35e00eb354b89e9789e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
01ac1ba5ac63e0f13fd9129c2093fa13

SHA1
7a85a2fe50966d88460cf30a230428a8ea32c2a1

SHA256
8f92cf37b4025c87605416241a3334d49d9b28d832b6b30cb7831e791fa950b3

SHA512
a2c0ce4c97f3dc00a662dd6e4cbc65d6ee0220a9a4e41849b2170c20f29299c8f3b1cf5f3ef17d1f8a11391f78d795c701b89aed2ba4c30958cb4ea25a2ccbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b9c7568408721bfe9683b5c7ad44e7af

SHA1
0e0fa19818a9e621e48ee17edf41209d2561bf77

SHA256
6c5a8d821699f4f2480fe9adc399352d02ddd4de84c2c9afb335c86f56f3a304

SHA512
431a35f21a5d2784257fbbf993988fed0fe6ed6250fb25cc02267d08390b3f7ea013a427e4cc453bf414483dfe6a563064e2e24689f5347802256fd7c072260f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
272247ac878d1fad1f4566cf389329ad

SHA1
197329040a40cb971be4348cace4b388734efe04

SHA256
14f42d97bb71e408e4bd89c59e01aa5be6bbb7294dbde67e1b79220e20b886f0

SHA512
a7e9cdfa1500d6c3edfc37a20297073e0395ae4c857c78196628fb8df96f833191dea0cc29b1b1a93c6ed3faf10737db0bd5c593c0001ecf3d703bd08132e0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
78ff2235ca3af6a9a5dc393a32bc7774

SHA1
c24c714428a61077a9bcfcaac9dcdeabb5ab0eee

SHA256
d3b2eeaeb94b0c7bee28a7f47ea44c95f29238f7363a0c9012242d7013605f64

SHA512
aeeef1e2843a131b76e77698021794c823d80b6832ce9fab8b273b82ecab27741748074c2f398ef5df408f5f778a54f1c23008252531598c1e7acbd2e2765af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6c873ed5ff65900ea996eb63d9ff4827

SHA1
0b19c4e1931c61f0272131e3a89ab6572aebce44

SHA256
6052cee199bdfa753a8f04901c1d8ed2f67e843bedc4b816b0978442b94b9cdd

SHA512
700327482ce57b75866e1b80f2d1e678876fdae2a3f3b6bafb85564114aba435b0b4553554b7ff8f4c8709743aa74f3720eade6945ce92062ed2cd20e8c0866d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
b91f4614ceb46b5ab9d03f0b51b70b9d

SHA1
86012734471308a2bb1f557d03c0084459d3beb8

SHA256
c4a05d2b77112b0282b22061a828c968963fe7d10f3be0f5b0634ca65fc2f6c3

SHA512
8b4f0c83681b833dd4a39a2acd014cc61af98e88eeea63c730e03ccc611649d16bf6596177922f7eea8fcac144d2562ad868c95b18df49e56b9c55e7720d7ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
59b1819a90562d0f3e35e2758fb63287

SHA1
6ad234d213cc40ba1321a2ca6b4a69aaa92e4d3e

SHA256
c7232e25a7769ab8fdd8b6dbe485b2a41f9d8a7e5352e725ab6f8c9ad9185818

SHA512
9d390a8670fee598b1c2fe1d7a85750ab62b319ff7d96f5520c18c9887d7843b827e1053c59c2b946575d852638548f2b110fa088db9520d33cf029d432f033f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
83a6cbd4411966bdd9c03c3d6e295c9d

SHA1
ff73a4db36a173a3aea0c37ec9374c29ea82ed2b

SHA256
5c145a48eaf97972f8aa612a2da8601930bf4bd7e1a6db4a5f26776751a6e825

SHA512
548d5f3f9f56604bd83f8b19ec7e2ff502888c8bfd5f7d4e9d374c25b36ef36f50e7467801ba02dd4673f1c35d5363c83d4c5594b8df42df399a2f916513a8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
82bc427421842d1ed21829f8b5f57169

SHA1
beda7918ec8922dbf773e5da5b51feb384ca4882

SHA256
83daebc9993550f799127142972b937ad60aa18bae0aca2f3af87c2d6f2c1299

SHA512
806e067ccc24467dfdcbd26800eb27d1978a9c6664349bdf98dd612012d81b62c54a7e214d71435f95fb88162978533b091a2bf871d42093dd79f0cedd0efa9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
67b2b8ec9e4f8c748b796ca785f96849

SHA1
a27e7badf448a88c4c72ee2b49371e4f7f95d729

SHA256
850faa395ad4c9be97123aed628dc9f86c19d3ff1c8ffdbb4d2ed339710a0b98

SHA512
654019c92e2cfc530015b314b0d769315c5daba3fa37df1b5327c3cb70dcfedf72ed46a689d9390dc06e3bb7a84b201f4443ca946c70631a7a46fa838824c1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
f937075777ea5535443df3b2e3d924f3

SHA1
a11b397d4256bbef13e864a578e2e366edb35fd5

SHA256
11c37f4eb3b794b320c80f57e75d2b17c56e2d4fc9d377913673e1aaa1f63f78

SHA512
d0f625fe9f5981d4f706cc78e2673cb2f8d051594278bedc443fa78511b41f48cd0ef61c2f507986be02a941883f31c24b46f03428ced2bb499122b004b5f2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
650B

MD5
c55ae4b7e2db4aa47c150e63071e5479

SHA1
c2030e569960404f1c1896a8691c9f69df8abd89

SHA256
2c42e11388aa508c76b06b5d54e7bccc23cd653ea10dca40ad964808df1f0c5c

SHA512
bdfe9a479a338264dd7a692c763ce77bbc820805056783337ce33e817d97a8333cafcd3f78dc3886a07dc0632d706f0ac5c82e7436c24ef2815197dff316dc22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a04977059d05da0461cf76e64828c826

SHA1
b979c9bbdb36066f8566c85c846fceef5d29c377

SHA256
c5b853c328ba66fc42f086f2c9a78cd27fa0ba5da5600ffc233934b14a8a7db1

SHA512
92951b5bdcedfc1f47b49e2ea84dc7c47c490e84518755a408e8f38affe314df23b46b5dce81877455fb02d46a48dd8c7cadd13e127d84520e48c2134bf539d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
909B

MD5
982f0928b7e251654ae3789b87f49e53

SHA1
3ce9e7bf2936d1f499fabcc0acfa8f8e470e540f

SHA256
a88ca819f1eacd3b727acc1dee81703f0dfc9f032ecb3db3f820e7105c027574

SHA512
db1ebb6818f09b1e1c8dc299592f7eab80c15a9828afcd653b2620f1ec5e5330b4636d9f7e67618d7c8487de2fd5e14a4130195c8a726350ee08abb0caa6fc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f6a32a497a6f609f3a8f4fb01b61292

SHA1
f129f871f9c06ab5bcf8bafafe36ba60580303d2

SHA256
f085ae0151f171724bbdbff4a65bea9525fca99863e9e89cd19ba585ed001d02

SHA512
0582bb28229a8db7c87e84f0296638fafc477f18fbc4e572024aa48eed466e27e4edfc84e4056e98eb375eb49ec89bcd799670f2c243e60f1429da691aee118b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db0f574be8f6c986a79089d4e279c405

SHA1
64fead273581b3ed394062523d4fd124f64a89d4

SHA256
37deed0ae88929b52af303e797ac0f194c186ef19abd92fd006afef9a7847f0a

SHA512
8e28b6d41250818cb0972fd458ce5aaf9f4c218e1cc4c8e04c6f9ced182545cdf79756a6126549a4b51edd40bae2f05f3f94504038716a36d25b50bbc30a40dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ffded05302e99742cc3c3f1634c9abc

SHA1
a483af4f4a4868a13dbf5ea2fe33f626c545fdea

SHA256
36250a309f451325ad422937d9cf6b18ae56e11fc56e662922c61227d77d1b59

SHA512
d7287c160dc267f86764c409c5a32ae05e154bad0c45644e6366a142f398372a5cf8c75c136d756c2bc3043cfed03ac619a0138b7ed2bd7350478dcb71c4fb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bec6cf377aab786bb301fd0ad571491d

SHA1
0e4a72a7a1d6278d4c660c48a6b319dbadafed17

SHA256
4a139a9c3ecc8e23ba38b660de09b8cf56ceea6d59b12e0b5f723ee942c6b18a

SHA512
df3cf39146c54fab44b96bc04b735d0ab4806444509fbc988006a184f0ab4c6c3f61fe3ba8a361eb8b8da12f63b3ee10c4a220722bb6d6bbe3c915dc01dd2f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d52dc2ca09d662937e3e669200ec0cb9

SHA1
d61e36c11bd13511e35c2221ce2d82f509d38e91

SHA256
288af9448609160db5ae774bb18de8d77e367e51f21919a22f85fc1954140fed

SHA512
dc294f662521adec1ae09bf0e53de9de7ea1f17f8cfa5ed42b1310d0127709e2755d586e6329fcbdd65a10654d5157f895809fdd95bfdaf2c72b704d70843eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
852B

MD5
aa970a81bcb8bbea12fd3a670ef7f5b7

SHA1
8cd71506a2d0a65df76b40ad550f4d717f17b2ee

SHA256
e6116dc7d25c13ad9282dddd3baa0319fbf8b12c8c7c4f96f0b56ea84411eee0

SHA512
ebbaf2536b98981178da1838afd34a022eaef14ce13652c7a2cc640076a43976138b3afcb79d24e6219a95cf38405e498198501efc87487f8bf039b419ed5e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
4237cfb18de4cb6f0841e00c8a222d0e

SHA1
5e61d8c6195b8b69a519ddbae20e160ef834af09

SHA256
841b1be0aa6351fd2855aac90f5c399ebbd40c5b659183d1fa1cea4b10eea946

SHA512
1711a3a4e9865459cbe5b5526c9e41b3111b372c89ef414e7009892d9d60dce4a7ff1d976dc362a6c6e8092505dfc505a940df691be87fe796fc07a752a8cb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352689200501540

Filesize
10KB

MD5
e5100801c14eed491342d580bee71bb3

SHA1
94074186b8d7ee3bc49f7a6bd53da26762bbb4d2

SHA256
70b415a39eea4503d28f8758b0e3045ffc8b91aeede62cd0e066e0348b0260c5

SHA512
5e9a6460ae5bd40ed3d1fc453fdf0391a3f78e95fa94c8726b5d9dce5a9ae11d65f6978ecaa47ba215042b403217dfdbd3d363fd06f2133597b78d07166dc6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352689200629540

Filesize
6KB

MD5
26d8a6207115f47a185f911ab3992a9c

SHA1
2080008ae887cd9d93c3e7163d07996a87cdb2fa

SHA256
5b510568e3db98b8f52b3db70ccbc589740f014f09891ef4601346de3bb08d36

SHA512
e0d699233261fa842d0ecb1fc5397d0141423a12e88bd605c5aee37d568ca989baf04ecc1f0cdd0a3a2991ea656a9638a32a99135309c936aa1155edd9e4ae75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a593071161ac563d5092c3f8bb04d588

SHA1
72ba7a868681a2c6b2b613b5fef8ef528c08c321

SHA256
a0bb5bb9db1f75d2d1d08bbcd69e738854dda7899ba3a082d4f977b3510a2c20

SHA512
19d230aaaab5babc9b154c8b1ed4e65355025c2b28b09f840a3933950c2809618ac9b13a821331e202ff3882ef3361215710423d5e71a6ad4dcb6f960946a261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0b3c7dbaebd768f63b4b42e7b3e22406

SHA1
4509a6317b4708ff7276bf0452f50220cb3d2f38

SHA256
e62347858278de4dfcf4f0013bd9ca61a6205fae891b777efa1151c0c2f8b966

SHA512
5028ddf0378e350111912e2366c52b7e4db7baf46b7d68cd3aa92609c17d5b244c186c8ca7bb4e88e61586e0ef95612893310336b0469f23f058a913abf1a882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
600604a78835c0d5856d131c6729d811

SHA1
e61a5e261857d2818639c8452ce25ecb97a211ef

SHA256
b224ee6dd98511cda6771b0c63542004e72e683759b11e5a86267faf74bbbabe

SHA512
9d45103416fd73d42373fe8c9012313719be97dced29c64ac80c0641e77e0b98e7554c9dc1b7961c5466d4a8496eece5125dba17839766cb5a66d31eda912e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4dcc88bae419b875ce716964d6e42a57

SHA1
7a6ae9e3e94c191f150dec2c75972f86b766cc0d

SHA256
d1782fbf36067c49789c197b6ad069d4d76ca19e6fda2f1a9e059e9d4d8269ce

SHA512
bcd4888a90761986606d5f24b7ed30ad21f103449d43e355f6160a27f5ea58430d16dbfe9a3bd06a83d160393886a1a6d5b60429f258c2a252caf408ea4c4912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8d0.TMP

Filesize
539B

MD5
23a7fbc7273e05a05d347109f42eabc9

SHA1
0b897b749ef051d3dbd33773f25528c8319136e5

SHA256
cda5fe5c04bd1cce24ddff87923d055f236a5c34c25633784c3dcb30b958ef1d

SHA512
5dc9c1efa964eebd28874f6f42ab819f517b40f6e5d6991501db9170b786809d6cc1cebeae41d0b811af1c78e3370a4482feee5033e77cdd2953ea26a7d0cb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
48d5419e4c8a9a0af12dd37b6855cd12

SHA1
2fda6b9fd0b771b91797c83cd3871b35746e71bb

SHA256
ecf0f150bf63610a250df637c55673655f15f4ceaa785c452dcd2b82644110d7

SHA512
32b51d881d1d8c5ad5d005ac64b46091c8095c306a8fa03d537886a5bfdf89e35ecebfa8aa2fe408c1c053a48bda3458ccd101d0235404d68dc0a69b0ff34cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
1b3a0851255887b76656036f2db84ddd

SHA1
99aeac29a4bb240fd93de8fbf0aa2aa888e77007

SHA256
048695e3f5c1ff6bb4d41112e782654304ed98996b72658fb6d4bc83078c3c28

SHA512
a5cbab2b653ddc65406f6e23880608f2680fc8f63f09c6f6ad5561f03a4f8d8df6a3423bfb72b1920a475d0b2a273bcdfedf3fc92c6a40dd9c711493f1f62d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
7b8ed9ad410e0034531c5baec3f095e7

SHA1
5c7562d7bbc872163208c38f8fb96d2064358ede

SHA256
2334b2ebaa8e221132ad3736103040a7fc3e7fc2a89b6f626015ea81e8f9acf0

SHA512
3e868585186cbfe7ca8d0c5ff44190a82307787a1b52f7738104acaf9e608ccb2c26bc5b9595ed3e49c5a94fed5a39b4a9f860a06fee81e18f00c69d9c0c84e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
454KB

MD5
e86f48cbd61b14351fa80498268a7a2e

SHA1
3abffd2726e9b29238bca8052b4b2f29f77c490a

SHA256
75a200f6f9231e3df1ac6633573f360980abf007ea4b2cd2aee415aaa49296b7

SHA512
41d4ccf34fa6efa666d1248b46911a6962d52e635b8a7067143696e2db8640e8aaaf9f7da343a3948bd008d0b849eb9e6d266f30f967e8efaa029b75b03b01bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
962a7a68985f8f07310e6db2dbc56956

SHA1
ca3020d5d3c30a3f18ea5e0c9283c9637e9dafc5

SHA256
b890c26a4aacf842e5a7c594330c56c5296ecd63d86f6e8ff684354a624b3579

SHA512
b552ec35dd6e3ab3c778b45a01232b77c859d9fbcdf58cf21471c6e290418b5e26a782a6d68867e7cdcb877e76cdc652057fd2dfe04081ca8366f26eabb3040d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
487f244dc4e3c49bbc1e6c7d9b55c435

SHA1
7b1e05cc782317bc538391eed1c683d26d9da9da

SHA256
ad704286ca93fe2bea3fc38442ae793dc58cd58ddcb6ec91f9b3540b58a4a1df

SHA512
dc77209bfb64ce73c07ed2af10fc2c61062ad0f68cb3f4216f2ae024946b020256252692af9d8ffa086388f1ab60dca0dc3916f5c4feb04d0041db4c0d813563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
64c54b0eb79c87bd5dc9287571c6edff

SHA1
7ce9ef584dd8d5f6c39677c52e1b71cc8821bce6

SHA256
ee0a799e0432cccfbae325eb42a7b660a8a63d004ee1e516cccaf335470ceb21

SHA512
3014cb4afb2185a8e9d7afcbd17bb2752141f9ee54fe7f4ae0c9278839c916ad065dc0e0ee773ffc1ca3204e44ba5abf305f7abbc59d1512b3617a29af52903f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
6e2866a85c6b881865627e2a25fda2ad

SHA1
6e3b8b8d25fbf6552ef58e2ddc1664ba4ebaffb2

SHA256
291c7fe3f382763169691c527597f6bd512ee531ed3b0bc65120a517e8805341

SHA512
63dd422dec8cdc83a26cbe58c164ca98a9130cfe959053d9f04f634ac185353007431a1019d25966d62879ae16e6d1dfa810b6040e1eec33442e83f38c130851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5e6a4d9d064891d4d320baf067b9ca55

SHA1
4ed889ed238f666b54aa886651c164d8b3e0285f

SHA256
f981528c76cdcaefc34589c1943db448dbddebe8bab369d6516a12c8100e0af6

SHA512
69a0ebc335348a030b6aa171a8678bd725ef13258d52d18460cc0f0c834a57cacdcc5c9a75bbe8dee9193fff60ae62408dc4eade0ec06f2915087682703274ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ad002a2dd28aefc192c282a0dacce9fc

SHA1
25a275eb3ee11de1f0b1f1229e6fdcb33a7c8633

SHA256
7a77e8900c6d73cf6ee3569fb2cd514f4adcde491089d106b5ae4742963dce0c

SHA512
10f9856393b58882ec4e39eca79df0e9527c008de53c15c5b45ebac9e3a57572b59a6bce5de4b2cfcffb5a56771bd8444c1eace24f5147a2de85cd1981cb2ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
2097ce846a1f9ec707fd8a6fc891f325

SHA1
18ce2f49cd2c380e007ed00a17d7771a194f6a7a

SHA256
89ac75faeb9150d1fa20ca7531c695c98a3b4d9f63393b9580893672f2b55c03

SHA512
9fb74569845039816f2a5a53b90f9acb5f98f3c83d158503c5287899a88cbdd9d18538d98bfef3e2ddb4b23c0535b8434bc05f3938a79a5dfaada04a3ccfadb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
949576774458d54d2a9ccf8887262367

SHA1
2e450e01d4a40c8b6f4f1f3ca82c98b864998923

SHA256
9f97cba3a3a3da070c118651c2d7edd552b3a90002a983299148f8514060a213

SHA512
3a8f03d0da10a745563008a07dd669b09e2b547cda6d9593b6d227abf4a57d7409c9c490dde737c1cae53b216fe117d42bc01cdae3d24bbd1eb9b34c1376dfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c36f2099edada594357f383d4a58d731

SHA1
ca895f4d712644464cfe5e3bc762774f0bbe8f47

SHA256
42deb54d0d1309633b0f6bc0b2dc3139b54351bef28fd37c21fc69d6532b627f

SHA512
a446e1c998d9be634e6498ae3ceebc1d3282144192f1d04f891ab476fe81c99f31e119b440d19445a4d40c63e1c6210c6283e3f5d2f4f4964c64f6ed67a8bb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b875611aeaa4e5f5c93dfb1a57445db6

SHA1
a6bd6613875ed1a65916538fa94af3a89e0f4c3d

SHA256
c44feb9ee93c358515ef6a3e89153551d92b65e75ab4a73d5f57a9cea452c866

SHA512
53ca4b8546db098dbee743fc18a7866a2adea5001d719e4125fd5ec0fed2a103cfcce29b63b85cfedbccebb0027582b957a9ff86bc8c8d1ce1eebc21fedaa12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
b56d54f78cc4e48a699f6ecf95e11a15

SHA1
c54a38679e0541ef6d04ad5047aff0985c136553

SHA256
1cf50cbd5d1ad55de3284ae82820cdb5c58a0a55504be95c6584c5f34662ee01

SHA512
fd61c2a6584e87293ff48a2bcd5a077d15d38778e31db6a070838a97d20f54fd6775d0db1855e28fc52626a517358f79d245a7a54435ccc3790dde8b99e02045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ab1c23bb1b912940397da069866eceb1

SHA1
fd828b90356e1af161511034ca2d549a74acc50f

SHA256
6f237dde82e73e92df438a773dce522c7ee468c2045fe5ab62ab453863996316

SHA512
97025eb0a8494624e7f7928fee9be4ec059f45e5905a7e7f8e3d216c711f7173e2d480045684d94b0a955c7b572e38c89b0e74928b93e69d4976a654875ab3c0

Download Submit