hxxps://www[.]cadnav[.]com/plus/download[.]php?open=0&aid=23272&cid=3

Analysis

max time kernel
137s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.cadnav.com/plus/download.php?open=0&aid=23272&cid=3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
2052	msedge.exe
2052	msedge.exe
384	identity_helper.exe
384	identity_helper.exe
5628	msedge.exe
5628	msedge.exe
5900	msedge.exe
5900	msedge.exe
2248	msedge.exe
2248	msedge.exe
1200	identity_helper.exe
1200	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 4304	2052	msedge.exe	84
PID 2052 wrote to memory of 4304	2052	msedge.exe	84
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 1772	2052	msedge.exe	85
PID 2052 wrote to memory of 4932	2052	msedge.exe	86
PID 2052 wrote to memory of 4932	2052	msedge.exe	86
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87
PID 2052 wrote to memory of 2628	2052	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cadnav.com/plus/download.php?open=0&aid=23272&cid=3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15985729600886867364,6344233712024138343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2984009108378078488,9500540066921061401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3000a0ff8ffbbc34b9480fc96b9284ef

SHA1
dcf297abe33d48bf9eaf2efdc82feb1b8ec8eeea

SHA256
16576ec8777581e57e751d5cb3d9a130b131ed2f4cc8b7221224f61eb7533fdb

SHA512
0363630d899ce4461a7d6c9ae62115efe449cc0f7bb3549c0a360af20eb214b37ccb791df535aba571dd167838347981e7d85ee2f5e9d3a78fabfa0945cf056b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
72f1d4b6a108d07ae3fafb9d42a31b41

SHA1
8ed84ec22b598d3a1f30d33c39788792ba378a65

SHA256
0a41a87524b41448c2cb4d0d2b0bf4334827a0c7601eee0152d45c3d85469401

SHA512
4e0c52ebd13d294841b446936c27599a534a4cb11c05e7aa3ffa183bd79f415ec4ebb0d0076c31239ac09c01b5fe32cbf9a18ea0c90c419761834161befbaecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3b1fe862a8810f10b39c330e4351f016

SHA1
f8af4a1b370b647a028cfa01e6e30bd547b02a42

SHA256
23dcea358e3c45f801079788e123e2fdc40164522df88204fa1e7ac002b11769

SHA512
d26b4ec2197597c2dcc65ab3e1a0a6f8818492db8d55fc37e410a57ba7d5c447dec7c373f5681551a092c095f6a30373d314cbe73e7b47eb9132616b7d3c3558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
8e0ba67d40dd92430a28cfbf5a6d20bc

SHA1
ed653d4af2ae908d262cabdfd6d745cbb7b1eb3e

SHA256
4c625e7b7dc9dee43a767d9fbbe0cb96582d8848ca25df26ca678913adc39534

SHA512
b27cb4899fd7f3763f06adaad2cda7155c2771bedf34f2f6ee4c16129600578349437bdf1aef1273807075883706e70e070ddae0be20914d47d4082c6f223f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
1edf9f4f36de6106e263415058aec43d

SHA1
c15eb910cdd67d13f65afebec6e89fff0c485532

SHA256
f8926836d7606070ac8a04468112a5b11b230f1bb39b910d83ab6ea041b2bbf0

SHA512
bcd4290ad6da71ca704391fd7efa22836e1e694c92ff9b7dfb0b568aac47fd435f76681d4ae8a0b521339af21ea4aaa919b574abd4b4544061582a8d989150be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
61d3aab5b283e580d4426d0b55cd2f8d

SHA1
c57721b2fa4f9333957aeabfa63a0bfe296366e7

SHA256
38ae27b50840095ef7f2d2f516c2256cd5b149c690fc1937494c8eb420b40c1b

SHA512
fddd1c168bafc64a94ed70651ae2f66a4f2a3c7436d91469bbc67ea6a8c94ab8bcd827e0a05c9282519085073cb26c9d015136b832bc3aa273f3b879b2e483e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9736a35d486a26a36a618a776faf0681

SHA1
9faeb6dee5e4a9e7ed0ec4327b687178a8423480

SHA256
fec3bca548a0ac7c0045497175cb94ba4edd61916f892546dcec0806b01ee544

SHA512
1d482920b7a393b80b512433e72630c88345e7eb2ba64796857fab0513c76ba3b089e1e802c974da936eabf51bb2c8bc04b294c8ac875cdfdb811581479fa8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
d1eb04b934dbeb4e60135530b8f82c4a

SHA1
09035498c67caf7ef90929869aac68eb46400228

SHA256
eda2ecd6b06d9130e7c0abda940bb23f6debd13390010411841deb0f5d9bdfbd

SHA512
b7f33b9d0b5d9782e01b40d5bbc91f4ca273fc75b2c9e6e1f7aaeb2e86a07f1ff55286feb7842151e45c07c5dd07b5bb3d140cf15ce5ec23d22a70ad32beb4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
013dc747daf29b3b5283dd6c0a71f0b4

SHA1
a20186d5828f22d7795daf82cbeffef34e1b18c7

SHA256
370236bda4282c42d8453fca424c13d1081ac5dd8802593563e0aab093cbcc1e

SHA512
7ad70dcb9e4c7240f05f6de6006eda142ebd906a750d7649ed6e1103955bf54735afb12a5edb156c3fadeab18c643a9adfa0bac890de1cc97fd011e1befcfe2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
9633d3408c91fb8395180c9936791791

SHA1
dfee9374b4775e2a657de4ea9e8648d30fd44979

SHA256
ce792f6b55fa60698ea9d35804b59b0c672f8c4e6bb5c3884cdd14a1addf242d

SHA512
951ea6a37513862e901769b73d4da77eb7bc85a8cdd7a276ac5a4edfe5429ce228796ad4d7bf171f2cb208d2d88576b73677d1e1b1b05c012e1a6a9d1c1ca7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
61b00d2ac5566eb492006fa044aab1c7

SHA1
1978dc026d5ea77cd2af016960b0d1ceea103798

SHA256
49918e46a16aa1b1722c8dc53ea54b7b1df50df723fb03cac530645bb4cffbeb

SHA512
7771aedf9c6c81766b38fd5b736f4c72c88f6a393dc6b185514d0ba007c7352d983a22f9ece0aec93ff9d171faeeacef5a47621f05c4404c639001a7e9ad5a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5f11e147d9647c70843d3588f627f62e

SHA1
bc75de31fe2a56a51c437c96ec800f913d763d2e

SHA256
97a07110253734c9792094ce6018fd9361c7d2a7ae81e0fdfed6f5a25e6a6c0c

SHA512
5a43439ac8019e6dd23c4946aac4923085b70faee446d112903b0f0736dcc4c83bd0275debfd18b0110fe0658b4c8fcaeac498c0f6a8ec7c39fb6674d0569d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4da0997a17e7c046d2d7551b02ee5bf5

SHA1
76d34f245d241cda7e24d32f9200cc415dfab451

SHA256
c264e182c7813c9128f4adcdb729bf15d7fcbff857f32959e7966afdd7bb53e3

SHA512
6c5703e4ddfe2985b02b5d1b8dc2691b1965b11773ef76857b93d6c83262dc192b71be5865dee7f7957dcb76960daff676a4030bda7e26a87e9b24e15ab07d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
6bf61c14b07f229bb13b5837acd854ce

SHA1
7a668bd9a1460e1d4e25537daf399eb46baf0f04

SHA256
4b88d78ddd755345ada5ae4fdaf8e81102f9bc6ec3087b78b4597592e2de1ce7

SHA512
1e110e4b714cf50b74924528393ce670cce104e42f2224fe855817871db0642d34b84cdaeba8455762a50a5c1c103ab8f40bc81d5901471baf16bccdfc7f5619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
5e30edfa67750551d028f99b2e3fb191

SHA1
126576f5aa9977704dd355a1612514383a88246e

SHA256
113f0e579bca88f6b7d480d7a4755dd5630005d3ed195afaabcd779818ff9fed

SHA512
f2cc3fc0e136b65f341150fa62781e523365c76b677113c0e289788cb357bd595e20e254d1387c2e756ed0705dcddad4273a7d58bfa66b7c9d122844c71d76f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
377bf46dbbd74d65dd4f3931ba05a270

SHA1
e3dbab3331254e0e09e1b340d689e201c917b59f

SHA256
c25ea742cf0da06638f416d2b689edf2167cb213ce2d34d5b9bda1727e92bd52

SHA512
0e3d4f45223e3a313459cb7735c768db454f12c5c70cab102884dfcf593c2d7243063995baaf5969c209e884e899b1b8ed06c595c817db4fd7616fa68085f680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8367213b475377eb5cb1d85f0e745e02

SHA1
bd880c407d5debdfe062a9771028647ce8563948

SHA256
c2f94987ec72b67a624526c33ba0edbcd5b8f0a425e22de551f768256063ccb7

SHA512
ae4f2d276cc05008b0b0fd4b775a0ccd343ca33ac5d759c85a26002ad3f6a3a7d182a83009856f0f3f84637cc74dee18bd4e035125a787f1b0ffecd2ec6cdce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a3265e63a53fdcac0dfcddc7b47b5dd

SHA1
e6e884df46782cf345fa4459f8eb01c2d1248360

SHA256
72235163acd67dce6606a05254f603820483440f542e5b5f35b9a9f92bc6fddf

SHA512
fa9a3380dd09ce1e825489071ef6ede94eb7313a028f563594ca55e87f69c9414e9f709303505cdb5b5129baea239a7fa31d0b94574f88358b972ab81c034ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
712f115e082c706622bbc482992dcccd

SHA1
c8988b4b4a42804556746d93603bfd13b0c911b3

SHA256
af1f770ceeba92ec4dcd2351bfb1cba88ad4a2bc9bbe6d3dae36ed23e484d74b

SHA512
c3da8a491afc873ceebe32fd9bf9726ac5979b6470891f0177ea997a68ed510bf5b311602e023c66c4c3eedb23cd249e1e4f7195d0fd66e47943b750b046e3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c947dca5048bf7efcd368314af15b59

SHA1
2076a7dd1b7801d684327c98cc223405ef57b85d

SHA256
e6218457aa40844203929a05a986af82c359732c770d053f253db33e9f142063

SHA512
85442167ef604d2bb0ffca2fe5755e621c954ed95b84c2a01b32c2566dfd09a5f61a145b27072ea1804bc90992185bd01198e00cb6cbae78aa95306aa3da72d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9f11fa1624daea0a9976eac10a945d8

SHA1
d4b42dd77d13799b9b193ba93013586e8b97a308

SHA256
de169e69bda8bf091d8dc7faad2da9678fcf75cb07cd206fc793e477c06486aa

SHA512
8059824ff16de504edfaddbdceebcb30580aa3fd27f03c3776dc9fca90e1b34469120e163947420133d363666020b81646740b3b4f4e22f7476c84947481797b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6cf1fb68bf8c1923e3876b2f16bd4fb

SHA1
788df78655d360e10eae345a114b699fed748800

SHA256
51945da332fca1895e710a8a3ec70409c050d9021823b2ef2cfe62b7c5769f0e

SHA512
a58d87159c63b68590810a45284bbec84b2d306b2fafa45d3aefac60f217545eed52486bc09ee9e7c97be4e1b0903f3e4ab9c55200b66d34620ccc11669ae348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a8aa0fb3cd41d91eb728a3b6e31ea2a

SHA1
ba6d8a081ab5851eea67f3b19a1df28a2fd3c321

SHA256
79dfc0ebda4fa9c2f5c80c6e3e6e933afc90a740f1afef15e21d4cccc48cac7a

SHA512
dead826c5fcf830f0985b0963a19880036f694ee9310d3e906977521e26632b980884f880c9dab816d4e884a82173beee711116e30056c1e46feccec4b63865c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab35689f674cc97bdce258fbc99752a3

SHA1
b874c2b962f4c1d9b7bcf2224f378f39fa6f3297

SHA256
dd11f20a3517dfadea25d0814ad6273fc65fa8587f5ababf59eadbee536b8f68

SHA512
d5857d21b1e5280c2e3b04bd652319927a3681155b92363fa5136a6cade1e7af856dda4ea43a37379dec191b8be621d3bc3ccde799207cf0362c075855f45210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25b1a7ee79047d4a35ea26ac85e2540c

SHA1
9078a40dc1168594dcaed2a0f3df03199b021151

SHA256
3e2fb38dd95fad329b6f4bbcbab70c2879dd6be9740cff02769ff21bcb682c1b

SHA512
26e032c24811ccac3a604693f86a1ed0cb109006fcb51c6d2472cddf26426ac5f648ab732d1700f20b1c0ef762bbd502317902c841f34613b7599b6cd67e5a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cd0e9430e69307c65a734db977e52cf

SHA1
894bcddbd5d8f9b588462fad5aea75fdc04c844a

SHA256
811002026feeed5d5885a9e29abdd85c255584af83acefcd585f9dfa204cb8aa

SHA512
47efbae74da3bdde3c963c906985cb028c6faeaa9e80f14d9040356335901ee433f1258782cb760ee776c21a58b5f499783e3967162bda02edd7cf0f03e7ede6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
af58253b010199dd1ebb4c44a53c47c0

SHA1
11d1a82729c2600b5bb6c11454352e4f36fef78c

SHA256
2ef7ea2c2a5757dcb145f852c4331a2da9080be35886afe49f2796ac1bf29674

SHA512
edf9a058df8db2e44472542280b2d58dffbc28ef50699781a02fc3053ec04a3dd63d01cb29486d22f277d3b8dfba1ef3013537bdadfeda08911768c56204b869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368598913396309

Filesize
46KB

MD5
99e4861e37c0bd2781ec26f3a756d817

SHA1
db5db601dded2ec4c1ad74fd1052c1f8bb3547e8

SHA256
46defa351c2c5345153c05bb7aa285256f0433acceb1f0ee71f836b0cf2ee7a8

SHA512
841bffc4be18c3a9b0deeeec29a3282c3644693c09886342d41e0d48cf7b801733b73bd76581c00a0f272c1f79de7a0b5eabb32644e84b6416b8af979cd32afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4b9e294f4004962faf23d495f69143bb

SHA1
f0e37173aaa4d26acece5522e04fa75a41df6cbf

SHA256
960120e124b7ccfaff8616d412eb886db702740eff646bd1f34d8f0afa42ad3c

SHA512
cf4ebfd8be5373e8faaaa67a3528b98ba64ebd1d9678515706f824434b8738b735a66dca34ae145125ca334e30e86ba080bcf128b69eb3d4654983547c8f6974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
7d8932f04b844988aeb385dc8716f6de

SHA1
24c86206a9e35d3bd2568286eda6b7b66787d690

SHA256
dc8244eede3882eaded67a9bc075ce055f8c589842167b7bb79000212cde86c9

SHA512
b52543cbf34f3d2eafdb6cf0cbdff635a04bafe8ff110b5142ff761158d25d4c2c7ef307107f233b2ecc91e453c2728bae33af1e27e2b21d95925b873d80c06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9ca49f7c2cc14f9925f978767b5c4b14

SHA1
18ce6055aacbd5cbde9a67490727b0698f6d1922

SHA256
0777a7ca8934aa6bcfa1d49d6cab640f9cdced4f92e5f2d7faf5c89e0bab235b

SHA512
8ce7a264c990a39bcc5fe79bed725c2985cb9b604f006cecef00dfa095d7a59a6a65e7f5166ddc25c452581784e260a742ae9544a56eb30dd3d1de85464fd4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
40ec624a6bd25b67099fef4e7b21bd40

SHA1
1db2cff281bc64e9568e2e80a4796f307ae245f2

SHA256
af9f4045bd91635fb27913309a048df8e9905d79432ed518dec5ed29bc79b58c

SHA512
76c54515f8369069f32fe22cadf8437fc38f83568b999795880b087d12f98a422a196398f7a6d41ad840b880e0bb04733400d54d6bca006c31d7a474ed4700e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eba8.TMP

Filesize
538B

MD5
f7fb5765a8f169015576242fe904ab27

SHA1
cc2b824368010399353ac3029097d43d2cd32846

SHA256
ecf8197fac4c88f2a5fbae5490a22270a9007abe3442f78d4ecc8519fad2cc27

SHA512
dcf40e5100a9897550d3593cd8d24fb7eabb3f20c09c2951f42342da08e5adab7b627f3b61520ccffdeba5bf8ed41fedff2905110a75e51cf4e39ebce6722764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9f2d174bf5884ba54194f28b85bd0184

SHA1
6f2a29d59792a3bf87784d7b4848164e34212b71

SHA256
42f3d1ee3c7c00afecbc12fe85490f7e3c5527f6611deb96185b1772408ae2ce

SHA512
e2d9f19043abc6b65cacabea0894b0f60a01e03af75e6604d5713e0c5f8844d607b22a1678de568d7a4ce67ed0fa7791c461020372ce276d223ba395b68da67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.2MB

MD5
93d0eae522c72e3e62bdb7bad1fde5b5

SHA1
36f55da7b15854b7a717e3ed3f77610870f87068

SHA256
cbd17a3cec42d8f358b9d7e9f26d2cb0dec34932b40f30791211148a4a63da5f

SHA512
215a11bfd5248a6d62080361d88569a14e4f1e6ec13428d21b1c5ed89e0d41aa44a94c88504207634296f38db93a98d04d6e292625fccfb145290eabf4a2e29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
b102bfeeb4eb41ed7bb042c9e92ace26

SHA1
88b1d72b701049557dd47674b45bf23e3025ae0e

SHA256
a81c72f15d3a71e39ad8597229b335ab4e2660a1a40579de66e87ec5a7c2f52e

SHA512
23bb142c8acdfd6d960fda813ab6bdd5e2253da6d59b5b15a56a961d2a7d588194fcd6e024eed72eaddb89b1d4f89bd7044128dd47db9ba586abcde841e0e45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5480088c157cbc2ded2eef789794280b

SHA1
603aa490c19c7af2ab4dd9bbd842e4c8df06699e

SHA256
14af4e54d7bdb022a44f69ebf23060042acf8a8d02e7fec5223515d463227c1f

SHA512
c6490044233b217147fa78d60f57d8e4416fc5e08e1895b6c2501f65bb5104aeccecd9ec7b6a12b713f0600ca780ad6cef6b6e3ed2be73ee4ff883de2e422108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ca019a594b006809be69543a7bffc176

SHA1
e0391784e0d17a2822730b80bb804a911d0ace9f

SHA256
dab2e2ba3ff5a25f8ee993dd44e38b02d3a7a6eb8b7260ea72913c898eb3a578

SHA512
cf52780f72a66012e6451d56453bcbdde5993cde6cb7486051fa7f17f47e1d0825085d2d654a4292a1d6c81d4870b98924c22ebf76bf59e434ea9b25b316dee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f5eb9b9021d0aed3b7c03f312fcaca25

SHA1
3ca023def2f6e9319e95005f959a9bf8cb03d097

SHA256
6b573bf002bc9f8d0cf6cb9fd0b7df484f26b986666ce1d78b64b95be38e9fd8

SHA512
0e1bf04b3cc602248cdda32954b02ff8a940b6658fac04f99d681063ae2b63d8e572dcea5463244766e715c13435ce3fcd3da8d9eaab8dc569b2162334a862e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
51e100a4d9297436daef05c9a8787225

SHA1
4763c0288583879b4fc7628239515755df33f151

SHA256
37e43201927ec390f0b18fefb56786452af4c2c961bbf4e298c6f11aa2314d6a

SHA512
08318527d487adbe4019c9aa1b43d434c0b48d7c996d6b6fb77bb04fb203365b8547db1ca43f1458664c5a5b782d81a9e580fccd4bf58f139526f99418268496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
99e6700298be0ab2a8a2a845b718a272

SHA1
82fc305ed92f962aa22f887b8290dd3322d15047

SHA256
bd543c619f700a6df4fc0c4a1a6e0c517661d538256f5af07265d88063a8e873

SHA512
b3af5bcbf4b22cdd98d1ae79bfb810202f27bf56dc3eb41cf8c5108e6f19fb3f1be48a43be97dd7b5d7b2994a41298f385399d61f7f81dbb3606d9bcb34dedc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
738681bcc4b6421b5e2883101c0e4ce7

SHA1
304560eae4483280a46c2a68c6dc907e7bd6647f

SHA256
7a751aae99c47f4d8c2d1e10920250f819816072524dece209da719c0ab1f8d5

SHA512
090e6a7005599c296955d446b2d67450715c08dc05f65a447498ffd53e154b37ce9e75334577a03925d5a64c004823a247bfd0ed2ef958d8922815f2ce68dba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
4b4432e5b52736bf811f0b99d2a4ad45

SHA1
e9dc0c4b936109902138cca51dc4307f7bac6730

SHA256
d730bda38b999e036ddf955dc244957b692c6fcf687977cbb7ebf6190d8c75cd

SHA512
2d2fd022ef17df8ff0842c7c718ab0a58ff14bc7f1a711e525252aa95960349fea2dc7c27f22a6dc88ff4066be41fafdf90af477febb76221c33efb7c1e5826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
16KB

MD5
916657b1904462de4fd9ddda8acf9d97

SHA1
ee32edf403ae7732a39154d925f20b96f28f24ab

SHA256
6220d4d16f2dc838ae215035cb67b832fda74852f0b4e52195a2a29cde0f9977

SHA512
a4c1d241ecd7b64edec45f27963e35ea809f9f75d8ba9c0a7b5558f890fb7ee0305a8a827697fed58ff993804b3ece3e5e5a80b6b24ed3a38cd195f26c031a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
19KB

MD5
0baa1e177d67eb34e504ea95a8954c62

SHA1
806d970044988739179583a992d9faebc5d96abd

SHA256
2d06f610c22647a412b7fa7c23b65da8334ce2b61e7883f91cb8f4009d8399cd

SHA512
f577fca639eba51d1803fe43eee336619864562f63a08ba67b2869e6c08fb02a5fbc44ef51fde8b948e93ce50d0ea1581d9c0ef3dfe41fb5b5c9bc54656cddbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
19KB

MD5
e3ce979e426e4a349a51baa9515ef750

SHA1
f01511e40be6a2d1f2a912cd82fd47023b3c2961

SHA256
577f842824da7be899ab4cca5906ed3466c6b6f5dff14c3e078fd9d70a6f7ddd

SHA512
4e1aab4f264f022765242a9bcc1e2c7b063d8bad5b343230ccb706c59f0bb553da41dea739330515271fefe80da41d5c29ae5ef4e88c552554c2ee8489be7c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
073f70a222d17dcdc493da7c13fa5e90

SHA1
c9b382cbc72cb1f2d6cd22d770a0120e3675563b

SHA256
3685e67b3534c82c488e8803d926736976a01c0832e748a6a0b5bc5eb97a2050

SHA512
b16d00b3e3f722029a52a737af9bdbcebbf28a8d59c5a147d263651b36df811b3d63efd0374f9895eeda9af598f2fb7bc548f8e788e05311bc17a7d3164869dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4bd92d1800918fe211c9cd6e88b9bc0e

SHA1
b85580321ef9c139208fd1d92e9aae9d536631fb

SHA256
da641a938eaef3cc3b2eafefd82085f5624cbe079651fb68fa9a6362ddbecb84

SHA512
22c70f170ee67133027522762adcad4e8d18b53339b36c900a7e73a0f784db4f356f5fd903a26f981ff846c3ac9205b37a2205ee5312bfea42c95652cdfa41c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ee2791341e53de91163e75e10e8f37c

SHA1
afe0ffedcc73dc9a69a6f2a51a2c624b0049d41d

SHA256
56b37813bbeebf2f58c75eee3e88a244d6ec3e5ee4015d0f7a37060d039279b9

SHA512
b690a46da6ff765d7ea884c394b19bd102313e97b52ae6dc1d119d7ad181299456a5181ce55408ffd3ab6ad831e9ac21614b8a49bc478579ff2f3857a2d35725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
94d83be45a649ffb66d819095e3557f9

SHA1
2e7ce987862af24d88f3fa61a9b7581772cf8da0

SHA256
c99550656bb6d0bd64fbd399504948becb9441b22ada15630c990d6040198dc6

SHA512
7ccfeef8ae9ec2e656d931f1c52833dd73654da2d4ffaed614bd1da694a56bb68e9a507e18d5804bcf8569c02bacecadfdaf1a94dabadc5953c7ea4fd9cfe8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
4bcc55957b8677a1a9312b40bdcd78f7

SHA1
b38341e0a8753c30cba71bc6e3e94f059043641a

SHA256
5fd179965518828f82662cf99ab6dcd1e855861596a8fe7ae7cf6415876502e3

SHA512
59c3986e4b7d5afa7b957f34ef55b74554980e8b80859b9b6c0958825e8da527435b39066d3a955c6b9d9f180705fa1cb2a35af1755ee8f4e21f5b1cfa1097f8

Download Submit
C:\Users\Admin\Downloads\1-141126222312.rar

Filesize
2.2MB

MD5
82c91a659db3a02962f7d97a83158d55

SHA1
2d8190b732a475a5324686691d9eda6f5cde2109

SHA256
29f1620370093543b079280a97aca88ccf337820d5c4d90c317f73cbf25f4c02

SHA512
e636edbc6dc86fec3924b3eaef231285d2c19c44a7651b2b2e818360e4c69d154843a9c4388d51922c7dbacd221d10e73af5cbadc70d06e66df330efbb1c8461

Download Submit