hxxps://n7bffh[.]cfd/cnrm

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://n7bffh.cfd/cnrm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4968	msedge.exe
4968	msedge.exe
2824	msedge.exe
2824	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
1492	msedge.exe
1492	msedge.exe
5100	msedge.exe
5100	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
5100	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2824 wrote to memory of 3340	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 3340	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4924	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4968	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4968	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4868	2824	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://n7bffh.cfd/cnrm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff948d546f8,0x7ff948d54708,0x7ff948d54718
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,446603537917938612,10979137354958096564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff948d546f8,0x7ff948d54708,0x7ff948d54718
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
2⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
2⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4578562835586151340,12265066114348539388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
430fe65739d0e061400e6841f2dd7c73

SHA1
6b796db9747abfdf0de81ad6becb1c4b1c2905df

SHA256
627df08eac0d377b2783fff75759a6bb337b34a3110eb4db963ca7e4973a4ef0

SHA512
f2f964d026339a62156ac599eed7fc2c1ec4b6db29d7ef44ff778b6c6c4beb2bfcf8e0955bcc60ecaea1a61891d26b6bf5b23ee258d9404597d2574adeb9ab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
22f91e36e2107599df0281cb15a6df26

SHA1
97a0378a20241036bf61f4266cd7c7e3997481fe

SHA256
bdc9fd553c357e3952517f544b0325bff0d1e51e1bea3f3b2c6281a17accf026

SHA512
cccf68cbda577dd94dae5f27131158b864846c3313122680a735e25cdb86143e8e3607cb8322f91dcead5a061d5373da9d8f871b4e4c5243cf3d1f94ca7578bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
c71ed593b6aa432363e910e73640af58

SHA1
2e4b24c3ce2bd628cd6ec93c9ef9892ed038eca8

SHA256
e0b144f7b3ade8e48d038ffad9d62ce39cabe5911261e1304f457abae6ba9e2b

SHA512
2e33563770a48cb01a03aff926c96cba1bdd4ccbad54c0962283c5e0c5ac35e114b3a058eed1d7bba49e43b6fbbec37efed0d7a406eae4e2137fea92a5bd10b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
ac8064874ea9f6ca8c266e2b39192562

SHA1
a84dd2fdcc812456f087b1ddef0526ec35c3afca

SHA256
70c771ababe2d9a6ff4eca9a59e9dd148d93fbaad11bbf1bdaa017e6871f370c

SHA512
fa52b46e1995dd582f1a856bb965b0d52bf9c0ae5b1abca06dd4b27581790a0287825dcad8942f20eb6c2ff9d654277b9a5dcdd0adaf2d3c19d084e2c89de12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
e450eaa13448c05eb3d80eebd1ce87b3

SHA1
764fca5c68d7e89f6deab5eb637222a4fe4a5ea7

SHA256
8f2be8cc8ee5adba4b9de6fc60af46855aff6a51bc333b7d64f896377679c68c

SHA512
70381761f6cd34b2944f0bb1448bdf43dc062e6dc194820dc2169379c38f5cd2575438bdd052c698adb3be7be6ae1903d390f8026deafe379a917ce8e9749f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
88d347ad8c0481d889f4bd21455753af

SHA1
edb830e95e0aac426ffda79725fa3e5898c7cd02

SHA256
2e9dba4bb63122bf9febd2e7615a29608db4a87cb9c7c682fb221811791a34ae

SHA512
8498babf2fd71541ab93cdc390a2b555da4819170141d940a6692027ff2ee5cced15e9732ce7642085d76b16afa5ada58b4ba20c84c5349c2ac84164f24686f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
1338838a690d837eb8351ec048d64ddf

SHA1
84b3fe46ddc749550b40a66968e340b559d4c93b

SHA256
48097064b109cd3d4000dbc9764119ba7c75a1726a022076b8fdb8b9dccf6a2c

SHA512
d68ccc80b82c98393a77e4350352a01cbd0fcf942411ba07483418d7d782a0339583917470a3d3ce8ca6bf887e699daf464e1c5f82747e62856e22aca7eaf268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
84bde2140f6d47522596dac48806ae15

SHA1
d00155200f0363e5fa6bcc3f22e31aee0748d45b

SHA256
b19c8a56ec0780e6c32b5fd063b7945e0a48f6842b5e1f212a7755dce47623e8

SHA512
628fa8181fc2167ab8bd27b904049df233b5bacb1201cc02b5c7b45e4cb69fdf35807a765f2d04073270e6c3c98a9892a50c9771746de23e54e29c2cc68dfca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
9cae25e7b92c093996961b936eddee16

SHA1
8746d4ec93e008ac19c785c51fde13cbeaa817cb

SHA256
3266f33815a6f4e3b6400c1d9b966da8880207d6e60ff4e54fdbdb36ab1d8b81

SHA512
9f4a72a4b3a08e41981fcc1d23817a05fae2c90e25a81c425004dcf66e07a05c692d04e0c1857f15ae34159fd1500fd3acc54e84aadef251795e84120056b6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
322B

MD5
82edb46999534b54b4ce1de6b10147a5

SHA1
1894b8062258ffc163995f458ff37e8c4fe08ae8

SHA256
b2127e6838d08d0a19b846d24f5073729635a556af8734af450583789f591485

SHA512
e86ddb5d88677f8668da2b1b0d557b2b13d13835737e7f5277b125aca2dfbe04619449dc771041f3eca4ab0a6ca7d158d756e922e0637bdc55adfe16376b31ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
273350b33afcd6a1bf5f4b0bef1b643a

SHA1
1cf3778bd03a32274a0c4fac5fbf68d5a96e81b4

SHA256
3619a2850b3da6c8697c7216530419cd851be5046bfaa3c3a790f57d2ecace0c

SHA512
10c0c53276e3cb49d3d5a344d712afec2488f28263c524bd38bc1e3e0798ed6403469e049a004a34444869f3b198df57f7f426d083fe09719693aa5feb887ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
c4fec42abc1bc325fa68aaa8f123a5ab

SHA1
c4628b8b8fc15b5413504f85adc2680710c9b3bb

SHA256
fbb7e0c99cecf12f77a6307d0f2b680cf1d75ad5a57c054ba9eed803f5d242c8

SHA512
d7f8b1f9f9f928fd40399e3252ab56e0432db0b4106367b79cd3a3dbfdf120951f27827193456790af0181f2c5622807016e3d88894d7f56a9c0e2b221925535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
b3a48442877b2713a81c0a439bea96dc

SHA1
00f158fefabf9b81be1893c560d7af6d74307237

SHA256
62db8d08dbd1ea66be4764bc119237951e07deda7a9fb7ac25b470c0025a5358

SHA512
e8daff8db638afc99f8287a6cd0c627ce4984e97cadcb23ebe736d1fef8696547b9c554bd744d2b803cfcbd0a9d9dd99e9e728f06f9900629fd9ec7f8b7c77cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
ad9f37fce26958f0719b57c5e853a355

SHA1
1a1ae174564560e664be4a58d8b7e12ab7ff5aeb

SHA256
71f12e94e92b11d68e37a8ec39866699ec67f1f0abeef35e79982a45c8d269c4

SHA512
e244066f680ee4913ca6295adcfdd57720b62efad1c3495dd76a2b9c4c72688aa8682a08ea4a3d57a67f8af8a3e61c82dcb7f18af5b542b35f895974aeeeb610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
172B

MD5
88c95b51ab00e7080f35c212d8fe9180

SHA1
0434f73c4410efe242a735f6b707b34cba44c472

SHA256
dc98b8b530ca55101a0ae377cbbe4ef833600e339722044ca9e3fa424dd564dd

SHA512
ecb8cdbf62b6fc9c8d38a3a1a2d4e2389eff362652b69175b0afe651c5bd3c35fda9b078e721292499be56b13043bd4c938c524ce35ab194744b67910e14e877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
1e76c04b6f24fc0088bfbd0c1ccde9e4

SHA1
1027f9a57d57a46ec7f3105681fcdfb8274332f1

SHA256
8b9aa37a040c16a17505c4953e38b9fbe0fce7339280fddc911a70ca197ef533

SHA512
44ed91ffb2ce693697deae4081914d1917c1cd33163bd5ebe20ba9ea6f1ce0d031e5050db934581bcd481bcb224e4df9bddcd90f777a31f1514cb77586f99705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
af0ed86ab0a71f46a041c978a378f9b9

SHA1
4f6e8d79e58346600b5dbba69ac2d0c68007f282

SHA256
7776d2c3f7a8f80048bb7e71ebf08fb48a2681d903fdd793be33114c7a5d0f33

SHA512
054cd1d5fe7513c9e7bf2c0a076f33cbb190a3fd027018207fba62963d45f94eec808f3b42e0132306b4fddd8aa49f816f10002a1641abb056d26eb1602d1e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
01d8195aeca3d9dfc6858ed2a57c5a82

SHA1
1619ec18cfc02edf2f5485030cb01f84ed4ac87f

SHA256
b0a7b0f21a1ceef50705d57844e9ec60855519a7346fdaa7057181b7a31a6fdc

SHA512
b685dd2f753eb516bfea1967be2e511e7a2c9ef4ce86039e827703734ab7972280574663a9646cb662ac56801487151ff203c575ea379988d411a062e57468c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cea465b8af738bae5ac71642e05b95f8

SHA1
207e27b52f043c56e6ff6dd7ed5e9b84c8ed07e6

SHA256
6ca191ac01d4acf5f883a4fb9bae8de9af320712a6e8f860719bd0551a6ddba1

SHA512
6b6ccc808dd109b21831db47887e7baa1ba27fe76064477aa9d6f05989df180caac436e369c5bb54850fe9e0db24ccbda7adab7e6de21c767bca20b4c4f4be82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ee35bdf26200c54986163364e1d3e8b6

SHA1
9f4222dd13d48c7065ce69c685874f02232c7d7e

SHA256
2b6041c9a9da0506de06b28f04f875ab9080476ff9781ac4c3a50c8c0cb9a653

SHA512
b17c401296b048851bf2236a213d0fc74cdf04f80d403c1f10b5a053b60f71f4739f036490c61a479a40abb69291d7207c3d1f1bdbf0d9716eedac2694bb6f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a4c3d2ebde7853cf722c128946cead2b

SHA1
0b49013636de1e5296fc88c722ce885a07ee2e36

SHA256
cee3dcce29b8a0341c08f3d6b48c320a3ad826be3b969f098b58002c63301865

SHA512
afc250b03d41aa2bca5a8d9e61f03f58e7b92490f4658eda431e4fe43c9b4ecf087506a71daaa5662682da779ec38dac78737989435cf9db46815ea3ffa310f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
83cf34082261f51bf4b1f5cf81e07582

SHA1
22dcc55e22a7347824f758149ef18cf75763a8ff

SHA256
9068dd704d6cdd7fe660277838675a020741f497975b21f95deb88814540f0ba

SHA512
3f70f3ccac172c3c92b58d77de05115b0567146b0359b61dfcdea2a2b964cc3ca62a972bf2a71e5cb3b130020ab302b11df2b8064e936118c96e576b68dffe52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
39f4d8a9f49b671283cc2637c9c7c688

SHA1
4a096c4bac24853a3a8691e39e0af2b4aab6e5cf

SHA256
3475ba7089e23af23cc4e3366bc027fd6ce8632240657249541d4a695c88ee0b

SHA512
1919149043f2dcf9df7d851e719e7b4aa143927409bb2f91b15011223a60cde08a944ae83c9bd0e2c59bbe69d5e2a57a39da8fe7b4721b762b46ce516d7788ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5874e7a38bea07acfdc694dbdcc4fe8b

SHA1
de05a03e7d36b519001e7d90f07831172699b4d6

SHA256
9d772a7ebf1e1cd6d4682920fed079be3c596249b95e5d02d8930532fd1e9a99

SHA512
98e5bcfefa604aa4e4eb3f1d11782902ed07599ed9b59f09ad581f21e6cdf7af5d1c2cbb61ec2401bd8ff2361c8b6b5a5d66e70fbc7a267c6a6686d974b663bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c7864a056d152771c816251649b5052f

SHA1
ee87d6715a40649c12e19b2ddf5f471fc22526fe

SHA256
2d1e81984ec8fef389c8921cd38820a14ac483f359ea32ff2a3c443639db61e6

SHA512
0c7c821e090b4f738efdaea69b10146ac40449a670061d81e38b05ccb1000f29476b5e6c275a4aed32517ef48bb84be66be6e5b14f732c5512006ca4a4ab3ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
12290ce01e9127c6a0996b8d723925e5

SHA1
b2a0c64dfd51c936638c8634bcbabb1177ae1ae5

SHA256
033a4fd5bb8341fca16a4d90e731a6146ffd44f0caa8166d07c8a519043f7b1e

SHA512
33d998ccb7891ee00b8254daa47d3fe645e2d312cbd90c44e0ffc9766dbac8b3cb8c01eaf533d7f2346b309a7e89e7735bcffdb247fe907248570763a5211d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
b4571e00b877594685a38fdd7b07907d

SHA1
a7621faceb0b62e40dec37621acc7fe44a5793f4

SHA256
c84b6c7464b0527c33bc3275958283dc4f892fa2c1ed965a47a5389c10c15599

SHA512
e433543c8831dcd7d5f2b4c6f000714945668e5d72f43a127b993e70abbf4b8bd1ce87431652e2597065dff3a3e65d05edce79c7ce71f48c60842192fe4955a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357848202226807
Filesize
15KB

MD5
08b269dd1ffec2c6e714227a237f0361

SHA1
ab0e7ab61698f102123d29d37f187281f15a83ec

SHA256
9ebcbf8f348aa3f1d54d13a49a45d7e9f0290ad78a600b51ade76fe9559947b5

SHA512
27746631382a16d12f6a0d3ae4100055c2d4c7c11d10d1001fb204a7d803baa6ace6bb48efd0725b84eb09b33386dde091f5812e255abcf8733fac1b6bd1e7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357848202390807
Filesize
4KB

MD5
34ab445693789385e4d1419dd1f73f86

SHA1
08547ac0ef578aa1c6956821a40dd4dd64f56682

SHA256
8cabce58fb5abe3a9af860efc2e9557e8c1aaa29c9f4baf68af6e405f6345077

SHA512
85e3819da0faa29f751cb8dc03bb361c2ab21e277ba9e9ed5a853646e322084c8b7ccd19a04e33f0f934054fec30ca588974b5b494b16eb12dc311ec19285545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
7aa7890e8a79ec4752cfcf6fa66f727d

SHA1
37cb3e91634118188393866e15e9e53cba4cb1eb

SHA256
16f50ba28b161381b2abe0eb2bb27474df3bbb9fba314df855f3cea67d58420e

SHA512
fd64b323cfd35893d7efb58cc63ebb2456793cc53f992ea5c7c4117068ad75c9e331d33fee35d9debcd2d670c1298cc3c5a1e0f1b369ecc2acbab2d5ad2cefd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
8a640c13e4345daa57bed322bbd08dbd

SHA1
bb283dace50d18cb719784469e891dd775b700da

SHA256
ebdc6809f30b1e8f70465e13da92a0c06c5280c9a49a65dc23c49b6e4ca9b3d2

SHA512
3b7f05e511489ad9d419535355732aff539f99678b03ff9c42283350cb789d3369fcd66d39a0846d00c0a1aac4adade761afbe4be859a392d91010bebed72063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
0b47bf174e43e589759767ddc5849f0a

SHA1
7c18bd9cabea700b1141b9a2a89befed1bbcd475

SHA256
74cbb454002179598f9e9a99c112aa7f16b22227874a0d9b52880927103e0231

SHA512
4924151c613275dd186f9e5a98e08e46fd28d6e0c97a557c166ec98af2843fd785764799de8695438bec938bfd43051d70ebae459befad90a5dfca1766d2acf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
e8b278d3206a0dfaefc7543258f08dda

SHA1
b4e09a93b54e63fa58d2d8dcf2d6be2eccce8925

SHA256
0a2ac4b8348f248afec0956f869b75192dc9dc6e1ec10a16f6effa5dd3c0cdd6

SHA512
7430835beea52a36f9e8aab334925a878f669d909147d4ce031fca32c2c912e84a031c2f216bb1a2eda60bc8868644aaa3aac228e1e2aa4988053a702be50991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
b8ddac320ae0e3b2e309c9ffd60e44db

SHA1
1f699b6b45ede5d7fbb6c5b14e1a7fdf0905ee4c

SHA256
e42b16df68674bfb1e2cfe7db3584f9c6058273c21f5cfb0eb055859c23a8b6d

SHA512
d4ff086b5abcfce4df7ae130bbdd7c1bcdd18b4ca1cb3cdad62a1ed7541d134a40d4b764f3f168bf9be6015dd4bdadd69f009ffe2b98ec18c566bb315fab3380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
198B

MD5
30f2d7c4b31a86d5cb636e7a23a8f87d

SHA1
0af92d151914e56e44f503b7b0f86005a3c733b8

SHA256
d679e0c5c51b650e8050b9eb7eedc6649af0142f3b558a53cdf3bacda3a52093

SHA512
18c5c71b78558ba4453389e76b39cc410c12b7c363dca58a6941f2cf5e2b748e7d4713421b9c8b299ace82b3f9a8ad270aa09826f92b0b0a19b0a27461bb7a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
898c68548ee8d6645b0f6ae77b8be48f

SHA1
988717ffc25732bc9845c4a5f934c4863e2f0bd1

SHA256
cb43d92f044c1256bf61592392b0097ca64a3d7153e0bd9aa3586fe566669c95

SHA512
82169d9f0604b563f793ad5285a5cedf278e12064c45908352243ecc911b4c873ca68e47daac670fce2ecc9075ab2a7b50b86f5408f5a379778893b293c9aee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
492ba12d87f6e6f5d0212b3d671614d3

SHA1
1103dfd3e23aaf9d9b92d5f75fbf94f423810ef5

SHA256
0dc3b64a4adcfeb50bc68df9994d13e5b9729bd8a607aacfcbf4e62440ab4a2c

SHA512
9fa1718e2d583bf8e25f7cefc9888cd85086e04d24fdfc4f6325b6d3502d45faf237d01603e326e31b68223e99058aa3a601fa1e7a5fefeeb9554d62cba51df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
f2433b967886ecac2b7319730c0e581f

SHA1
2cb7cba9572daacdf8e37f380da3d360f104fd5a

SHA256
52aae74d84bd68fabc77844743942ece7db34aaf7a81885fc65e80b621652845

SHA512
64a453b8a2c8052cde9410a950db8e7d2c59e481c72b5e2378957a080185d00e6647962d7dcbdde7950234f528fbfb257b3bd0a7901c788124a99c3910317cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
b5bdbf2481ad602e0fd436fdbd939c72

SHA1
80b0bdc09c322a0b3988377543e8bc946466f626

SHA256
32c81f2a64abe47c10f1876e63b3287a9fe4eabfc92f4ec4486fd0de659064e2

SHA512
085a4b64244b02bb17e0854f3f2eaba25f45ae3a0695123f8c6fa3d953aff718957526293dab11e6c78c6a45ebf7028fe399a5007a2f122f2ab79cdcaae92bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
362fd95dc0256650af31cd5ac4ed58e7

SHA1
c422574234eedd1871d8729c36d7c9f5fa775062

SHA256
924ca119e3af598fd5e362c2a757acddde7ddc95415a36ee334f12047c0a5de2

SHA512
d0685a56304e84b8162ca5934792c874d76863785c183c1f6ee6f7fc5e3263544319233d238a003391d1568d40d8ac50d017bfec50a4614fd19ab97b9472b95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
0efdbb78d8eaebf1f5d3bc2998e499cf

SHA1
987bae1067fc3f9c7bc51d5b8e1dec688379eba9

SHA256
a4aea73c083ce1213bec95087d414241c483a16a2367f1a295f42f2204648b04

SHA512
de58273ee5074fe431404e39f661bd6abbd10557d667dd9b9c89826ae25b2015e3f716a8f4f03784d4a6892eb45090d2061a1242484ea85c2b13f303884a0db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
65d8310207adee376b37ad0d3acd6293

SHA1
5efc75879171705eea6bdf6535ee14f1215019cb

SHA256
0c544d8a490edfc2978d996b5cf93850f2c8e12acee38bd529354b43d07c3f65

SHA512
b214a70ae91e03894f651e3e704f04f020e5d9cfb90ceab2b321c1d7ad0922476e641a38db2112f2e0c50e37487718f0109c0493cbaa6d330c89081cc9be653d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
26bf20c90b5acca71b1e113971532006

SHA1
089cb8a94de43f41aae1c67d95559cc55f141ade

SHA256
420717b3c586f8736a73ea3c2b7fe283bfe838ed91a04bac042fe1238426210c

SHA512
fb54c9c03655a7845dcfa13f296f97b542cf14747416ff5e1636aa8d0dec573f4be20b2ad04b5b2fbd62cddeccea416f5dc32172b5fd653fd0fb44bbf82bfbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
98f1bf29e685cc90bc38d3c0dd929bfd

SHA1
82ba689d5632acb438dbac09285d9293e82edd62

SHA256
93ec66da8ce558b7e00dd8e65f3a2b7db1b70e2ce2b00fa152f79c4369be19f9

SHA512
63d1ae35bf927d2dc8210b49328545d3df72620260e23bd5ff8f2da94ae0b82514b0e2cec746329496998df68d30a68c6d1d874c4853ec292d5ca00021bc6d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0fea4c9f649a2359e48c1518e38eca21

SHA1
088c034bddcd654dd7f607b50138bc5eb29f0c3b

SHA256
1c3d22a02f5c69ff1b47ac1154af04702a56a1888ffea9f01250f2aac57331f8

SHA512
7b1ea0d16e28230b04304e54490ebe600f36190f5ae90bb213d91810e28868c3e9656991b1a3f03bc1bf878c4c6acdbd39e078afc5c93b48182105d3890a02b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
afb1d0f7f21fea0f931b827fb8bf5fab

SHA1
ad42fc671e51cb5ec4376435799280a03c17dc23

SHA256
a0f0a285eacf406d77a161c2647e5404353c2b284ff87c2803eccfe7720286f5

SHA512
bc0b948803e6e4607795e2244324479e1be3f2beda230a4cb4cbd00c507d0849ffddc0eedbea9faa854a7570ad90a71cc04a709f697db5f61576cf6543c463a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
4B

MD5
a7653b3b0cbc78b870e03f1143b4c868

SHA1
0612bd3b8ddb9879a48bcff879c49a089af2bc8c

SHA256
dc729be401450576f556932a4057826877804fb3d9cc2b95c69a7401f6db4b5c

SHA512
c070602a0214bb30db225061d9bb06f45a5a6bc6aaa1866d2b2a8dfd2185490baf607301e1c4edb740324cdc91df75c9a106c2d2e2d9e3bb210f3493259ebc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
3c69f3d13c513204d8f94d714caa37c0

SHA1
6378d49cd748ae09d7ec46bf2699818d120a70a3

SHA256
7e0d88684c5d11711aacfe9fd1e198df60b9f3ded2cf24dfecee92ff3b31ded7

SHA512
de5a6242518a0e79ef8b061d51da4ae109a130b1a0dac436708058c87c26c94a10e18d573729f6afbfd8ae007cbc9c0b4049a566b560c731015583663960f507

Download Submit
\??\pipe\LOCAL\crashpad_2824_NIVIZDFEHUCQGWYB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit