hxxps://sc[.]link/RA0Ud

Resubmissions

30-06-2024 07:37

240630-jf5stayarq 10

30-06-2024 07:32

240630-jdbf7avdlg 10

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/RA0Ud

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4444	msedge.exe
4444	msedge.exe
2356	msedge.exe
2356	msedge.exe
1380	identity_helper.exe
1380	identity_helper.exe
4892	msedge.exe
4892	msedge.exe
3484	msedge.exe
3484	msedge.exe
1912	identity_helper.exe
1912	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2356 wrote to memory of 1792	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 1792	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 3708	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4444	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4444	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe
PID 2356 wrote to memory of 4452	2356	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/RA0Ud
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263f46f8,0x7ffb263f4708,0x7ffb263f4718
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5868 /prefetch:8
2⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
2⤵
PID:600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
2⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,6238125027335608458,4115367369780608271,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4836 /prefetch:8
2⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb263f46f8,0x7ffb263f4708,0x7ffb263f4718
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4520 /prefetch:8
2⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
2⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1537890364061315560,11923531203950591184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dbe2de29cd1b28411ee709f960244b02

SHA1
087128db492a209746387e108abf175ff465bab3

SHA256
d22af10a75d9eb043d91bb3657b16b85d4e6ec09531de1d51223d9fd84bf361b

SHA512
962fd8ef1309cb7d8de209069ab249bfa9becb3bf44d576821a5601f3e2c27a6328f7338c659587d73eafe6351b8862ea2d0020625269197cd8d266b8b4ad00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d13173c942ce3c5ad92d88715d454612

SHA1
1485b4dec548dc0e5cadeb15bd4d33cda7c740fe

SHA256
054b4a210137335aec44e0f43b9fa1c5c50d5db214b73676666073a5b30e5d56

SHA512
67e7b990805c07fb61615e93d392f325dec2972351b25e07cab574204c1f90314fb27fbe71bc93f8506c13f7fb49f81867f7a94ab7565e85b3e4cd302503e014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\365e0d3b-b25f-47ae-8586-25dd5b9b418b.tmp
Filesize
1KB

MD5
bbe6723dc98faf310154f2b68f1a0412

SHA1
66649e7eabe065a3a00859d75a10bf582dfa3229

SHA256
ebb4af9fbf44a3020fc8d3eed503f5ef2d8c83c4c6237c0a79801b7b0c0c2254

SHA512
824edd20ade25709a88c03c650a77216cc57989c4e9465a386fcf2c5289e971b09bd093dc0f8563e70225995d26ba92abeb8dafbdda2ace313f66f4d04f66f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\919dafa9-09e2-4db3-9304-8f18e56f54e6.tmp
Filesize
6KB

MD5
50701f6e7c62a915366256e153469b53

SHA1
aceb7b5641bc849567f227d8a9999e3e21dc1d91

SHA256
42f892dd8e4a4a06d450144ce03b2d288273449fc11a0ca0cc136fcd2f727274

SHA512
9d0c3dbb5ed986ab11667e07c34f7b2f01dfe6505b05461a2a5c980730ff8e54ec9be9643a519d04327c1d791a7b689ffd7957278cb7a8a82efe55ecdb9499f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
b7be30cfe0fdef05107c5f853727c38a

SHA1
681bda0b4fb93d946d434be405901b3f5235aa7e

SHA256
e0d69b8d3424bce8116d589ee2106f49ff2142ad6c77d262a32ec29d22852279

SHA512
edaadbe1fdac7740a6cc1f35e883a5fa671a0ed6563c7c0856a36751aa087281296cfe031434624dbc8f205d040c144964082f9fa1541e42d334298bf477659a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
95549ef15cf9854d18650d695c097da2

SHA1
6102e5a958a5316523202939c34e54fe936c91b1

SHA256
8a7275672a84f56d8addb5ffaf122b4858d726fb5e20d28cca991c88efa820d7

SHA512
3a1cd2b92a691b4d4af13b7a9b91e4bb26de82a87401e7905b817e6715b0c2af78fb2385a8a1c7cfeca2413e4ce57d333d12f5a74b1b819a59562eae4044c346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
2c1dbf494810908b7452fce9fd0c3d8f

SHA1
85c6abd6396e15232875f52180e2b892d8edee7b

SHA256
6eddae911e7e735158cab4de6779b87918c2b71b4f61964872f555c79ccf79fc

SHA512
125a2f37fc4ea84c475c77d99312030c482789fc9453bdc9eb528221361b079e3108944aa204315614d170a94ff58c8d1364a14431e6ddbd425d805fc5a013d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
2478dbc591b0db913469f0283bc78c6e

SHA1
676d40c71b6c9f022818b032c61f8af67b922045

SHA256
5b7ca11de460da66fa7ed232f5d69a39d5221dab2f449161cdcd5252fde7b5aa

SHA512
9131b6ecc4aac8ea98ef82fa99903d2c78f7fcb45a6e0040321d2a69b78d36e62af6dda393a7801b1b385ace362145af767a4e9f947ccda64ec32a013195e2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
8bc62bd1e51a98986641ea6c83683d21

SHA1
fd0f6190818d74c2f6a9114cc037613893dd129c

SHA256
794b7660e642294fd92494cb87ffab704d22346b76998de14641084df9f86316

SHA512
6a2a33aad793a58feb321cdb2a00653ef8377c8e03715582e8e7689c15f0e4f3709e27f217d9d5ee2c74ff6ed037af3a6ac83c072fdd40feb3b634ca8146eff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
6f678578acebddcb552c8ad59f1da32f

SHA1
ec2d3ef80b15ec7bfcc6b3a7c07d0d58605dad34

SHA256
34355737be7a9d12050634ec4b618d94cde1b2e00a732cc1a3d437a35ec9df4b

SHA512
38d88e7042bd586b4bb24aefa472e51bcb7ef0e13a8b64073ab251b2051f44908302ef17328750983ed756db8998dea3df51f284549ed42f863796a58f67ecc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
74cd735e815ce316c96381df1c9558fb

SHA1
42c1205403552c2d0d14bbf6b731b3e55c7e554e

SHA256
c4bb4c784a5eaf87e8cb16c5e342d63f327431d569f3783f75bb4ec07917ffa6

SHA512
cd714d1d2b9d661ce45a1ecc743a4fd49433ed13ebcdf0ec6f3cf5d6c1706ace23912905be8547a64299c4b992c09645f5b51fc3c104135a0194c544e104b2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
322B

MD5
bf659808229f8e3845ecbd358d0e7c67

SHA1
927a98fc440562b2695a221fbb262577f5c22d13

SHA256
040315d02fb97094afb7886aff781f88ac4be4b17ab1ab545c6026bacb130cff

SHA512
f22af86f78a62b786ffc236dcac354f7cb4cdd3b80d7ebcc6627602f9e2aae22b4bd08c340a09a853552093126bfa398db1dc410d2ec0b5d1994f0fc5cea0607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
1a9d0b061ef5942180d3bbc2e30b6522

SHA1
ea60f5a3802ada4e1e409768879a33cb2faf19d7

SHA256
993eff842ccf19db7c2070d6a97dcf65bff763095649178db8c26d6ce6df8198

SHA512
d619fa7d0013076a94e0bc6dab3adfb6caf3ad5ccb9d4a082e5456cca61bf5d935cccc2ab144b621c076d45768e9955099878556f674cb349232e8d4c9c0c9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
3e14c4551458fe70b7d36ecf9b6b5c1d

SHA1
61737000f79ce1825c16f028ffcd4f476fa1022c

SHA256
d26d1f95b75f89ff84601a07393643ed34a8156767f37084174bfc634f23ab34

SHA512
9ec3aa1ef47f83ae1d36d6510ef2e76522f1e00c75b1a9e4e0d44e6dc421e7d031eb21b83f1abadff936fa305149f08fb49345d23bbed506dd82951ed381026b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
6903840587e3dc48affa04ad3b8ef5e4

SHA1
2a11102195915812a470466c4aaad560401418e6

SHA256
11ba18691262b972d54359b8a4b1f1debd518dd344ffdb0e4411487b4d2d9998

SHA512
12b12d9856cb2d4afb5f1eed657a4c30261470fd1028c5547875e548c0e2133bfb03df5095d3969a092f6a6a718967b0db820f45641702b9da919930c85aafe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
cffd7a325a8dce91f8bffe1af3f637a5

SHA1
9a76c6ef49587bdc6a1e9afe84794bb6e69207e3

SHA256
ca0f68ccdd15687e169eb5fff663d53835e248bfb50432c86bc461aa089753f7

SHA512
6a73592271406d15a7fb0a2d04a99fa7e3b78e955d8b766b726a73c314bd0c72f24bc9bbe049e1c3e5a125ad78a6b205e3883032e4c23e90ab7fa0d84e8ce93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
1KB

MD5
32a50afc22321d5b8959c7a6f025276e

SHA1
b8e24a996797a3bb7ac0fbdbacb3380480311544

SHA256
699dade9d1e718a42f4a480fb57528643c7e51d01c7e7ac5a4a74df638918b7e

SHA512
73bff4ab2e3e86770d956363a0d8695f50b358a7978f465bdfb6523fbef5542488ee6894d4fb123f7065f85440d7f69b0d6175c4996718bfaed14557d9c2228f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
f75abac9a488d698c567ad6cbfdab2d4

SHA1
2b762a649c113c4beb38083595cb55ee767e4cad

SHA256
93bdb0334815f36120b628b18c81c2555d9443b76fa57ec8e5d9af50c1c2a2c9

SHA512
af45410a46a780a0f3953afdaf60bb5a96570c3cbe4eaaa0a25e7de177157d97f994f88eb1848c52ec68b7acf0b6bdf62f3054e62deddc1ac9db708ab056549c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
e219cf9f55fe07ccb7ffd0edc70e42bc

SHA1
48aae09e4e1c82673bb92da19f763e9cf6a80c3d

SHA256
063c8dc64dcf9a99034b9d62020995bfe33ac981813ae11e4f6ca6bc9df31c7a

SHA512
09bafb6ae5d3628a3bd793be737150f5d506585748bf94dfe1ac74e4d060aded15bc08251587289370854b308920fd42dbf39e2b86e9cefacf8b620124efd62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0243c6777e6a0500ff6e52ebdb20e9ca

SHA1
191019758296554d2093acafa86e3155b7ae973f

SHA256
9cdc89d9471794730f4257856fca7438d9223b3def7076e7f9c0939fae357326

SHA512
7ac01ef338f21a3527ba0236404211d5c5ba2492617c948d681c0cf17086dc93474ef989a11de5e9b027eda2a5b4758ded92e214b60fbfad516390eb11779722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
f7d43d2f03a0d441daf17360b82e2e66

SHA1
f54bb7c3b6a4069ac9a7f761d99bde3266cc4fef

SHA256
5324386155b127c7d5c5a30ce9d945227e1f009f2e9fd7342ff1394dfb3e6805

SHA512
a1d8094022ab7bd089009954f399fa6b99b0f7cf291451f85173bb8f5f4d53e6c2f72c6e4128ea45905569a09fbf0bb2ca3fa6bcc2348b16066585031867aa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d52e549e797ec95c1455c910294980f8

SHA1
58e7934f6ce86e94908d06500f9ec782d45934e5

SHA256
653d2b424501487bbfad22dbab714c84a0be03699a65b54a7c37b71baa4dc3db

SHA512
9f02ae058d2a997fa512bc084f8de47fddc1a31063526d3238adc1d87fc7d646051c735dacd1d27032c3951cb4887a040e74767b15e8344dd2d2112492a2bd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
4545949cbc7e6ba1af01c2dbda83ccf1

SHA1
82bb0b8fede80393d55099f9f2977b369110592f

SHA256
c7423bbade5a23f87dcfd767421ff7f49b556702af2d195bc85b06ad3185f55a

SHA512
d4226b52d0581b4ee3d742adaaf81acd269bcdf0d14e9509fe1611769bc02ccbe4f499f50c44d088ae4d1bac7b63552df8871373c5e857bfc053bcea29fb6e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
73153af78c14abd6aeec40d3287b6c93

SHA1
fd498abd17b1ae421c75df0a0bacb5184e710b5b

SHA256
56a72deda95e782ccc2469ea07b283c3313dd117e7d8cc0489bd89080e0b4bd1

SHA512
7e01245ba1b773d26779039efdba0bd1893879bdf1c40b6ab4153ecff88753a25c4e5da23357794acdf391699ec6c675e48ca98ca4162c354edb6648c0edb263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
8edc6b3911fb5ff736f23472244b197e

SHA1
c7cd0934912e5c5490811ce9f8a99b1c63ee4dc5

SHA256
3fb8f0854b23a468a36dc016e9a0e794ef3bc4ca43fd97d65ef9c002d91048bb

SHA512
ee1627d9d4bd3e780ffad9b1da74228a2eb2573519ff440e6b759303182d183cba9f16840d1ae55842e4b259a97e1cd1b10b564583ca53c779811d59d54e9530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9ecc59aaa320f4e3d6e48fa6f689a90f

SHA1
96c8cd8a7aa444e580154bd903b58d2abfc33c84

SHA256
724640e0af0b10395e128b46dfd7e213a6ae3d6f07022db7a0db8926c5a91e8b

SHA512
3c02427bea19a95e956cbf852b11f4d797a7e0c076b845670d831525fe2b1fbd46e386df4378d60e888f283a24346a3f0a363a8e157a46f3064e81d7fecce123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
11e38a853a950fbfe55f2180204626d3

SHA1
2c5e8453a5aab9333cf46281b23b1b318033a67b

SHA256
b71f90ad9c4c25c1638fc007280ad260ade1d2afeb2544f0f6a317a3ecdd47bf

SHA512
e25829afe72745971e8e6b2669121a3af7e9a9acfbba8b18b0dd2ef299fb9a25e76f808ccbffb40d270a5cdb90a46f324c1e6c64dacaac5b3677988b85183a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4bfbc87c05f93023d236d7cafb9b84c3

SHA1
c3c45d9c601184296bd8dde0c91fad1b3c6c09f3

SHA256
af5e7395bde3c427ee8911077ddf1b3d5a262f0660d71768f8c42c41aebf716d

SHA512
55bcc9548a0f37f989c111d21662570b6e6e4bfec99cc09462c36cd128d1d47556b896c25ed4b6d96e6e6f36036b8eb488c324252b24d16a723c2090ea1c72e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
9bcdbf6df7270f7994cd6ce58ed1b383

SHA1
5b4fd362f492156576ee7fffb86e55cd0a7209af

SHA256
bea034bd1d699627255c9a57d9ccd5ddf194e873082b60c2231132c65722855d

SHA512
1e44f5b5d60bce0fccbb415c479b26a1c729cdd76d185bd54c9ef438b5d10c442331ed4f2b64325fd9f8ee48aa3221ecd61af5b382910cd18ef164f79c580ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
1KB

MD5
53572681b8ab8e7af4c2dd7ef2268651

SHA1
b0749df30e300c9ae0c84a1fb49ba743ca87c681

SHA256
dde6c2a4ffd311e61affabfd8c2f0499c61da7774dd7b3d3514287e33abe11c0

SHA512
f5b950bb344b157d8b46188b48f108e192fce5f86c3e7bf40489b824318adb65b119427869e7f4578ac7dabb5c15be9e4d6ba43c39201bc1b9bb79613e592a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
cf297c216655b824aa0ea9cdc775e13e

SHA1
3546b87631d445f812894c04bc47f70256ffe5e7

SHA256
3a5e24f327c72133ce336511102441888d4e3edb26af8193310748f43f8b80be

SHA512
e0cb2bd839107d36d7a6f806ca4df38081eef9b471d55d7f131af282458bff3397a5fc2b41f809a55843b611af3919c0cd377e82ad57bda7224751fbdbb47d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364206666517559
Filesize
3KB

MD5
1450a11d0b1626c1643334c735e9fcf0

SHA1
cf109e111f235b6e4c2088331cb11b0efa3d17d6

SHA256
4d71404fe8fcd210bcdbe53764d5bb56a7821f5a75b009f078a5c90cebf6c1bb

SHA512
f8957815b177df820c1ae133670df22250f440a352a73441999a894193e6fbbb920cc2cbca737edf860cfd84e812aee35f1d4f2393f477e4238c71135a8d2b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
005593d74eb5ce3737a9a4ac811b581f

SHA1
42fb6e3e8b3cf854c0b79b3fd5275dac48b9b675

SHA256
4fdf65e951a99442cf8f567f9e3313ae5cbde2ce423b0ce87204616d1fc77585

SHA512
8da546906323cf5f08de3b4e4dab0492b4758515dee80c9cf67559b01ce235bccc1c48a38e6645b4f2585d941a7d78207790f5e303ce6da6da1f965de677f5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
2bec31dbf9991640654583a9a06e946f

SHA1
218675bff4edf58ac1922ea7d98be52e39d703b3

SHA256
8e74b8e004e53771207b20cdd88832ad392cdba4758cc6ce1bfe691d17c2d535

SHA512
27d8cb276555a47c36677972606700cd66dd24f3c9861123d644e94e2d7334b77284ac0a2093844e047538312298ebe6ac31e9565eaebeef88925238d1aa656a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
b79cafb977499267786020107f848cee

SHA1
4b1fe644ada7bc214c547c2558840d68c4fe359a

SHA256
15d38ba7b0a29d0f924a089675cfd96bf7c51f89914e8801524a98d1a93b439d

SHA512
365dd2343154e1314cc3b952315f05d83086d53a7484b5dd3373d0e3ffc8f25c3089cac93c9384b0b15aba148697e19502c4bd65f6a77913e63fc1f29026c34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
27f465ed506a1d80f1644af45c104f08

SHA1
1eb525579bb5ee764ad9d59800b859eac3935f42

SHA256
80b6740f88ea9749214e0e4a98ac44bd492c7ff4d79f7b82dd286e0850ca6b9e

SHA512
5008c36bd19b394867e57d22ba411aac39c21b716374b6523198aff21f4e493a2e1d7a04ce63db5705ceff471cbf8ab3421fe9e9dcb1c880fcbac17cee2b8305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
1baeeb2416590245fc2a90db4fe9d3eb

SHA1
db612003a6614eb377252bd749a28e22eb8a0a00

SHA256
2b767a0359cbf5d06102d9ef3a18d50f4d82bc986a22db27122a433bb5306023

SHA512
bfcc939102cb22ad5a0e4afc8426afb3898b90c881a9696664c98b36a801804a5ec611f4748fd0fe9ab0535b23629d7e8706dd1b88cd5619870a17446c8589a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
d84717daa3b1601f76e995042253642a

SHA1
f09c5973786e7640c66cf04892d16ad3cb28c456

SHA256
9a4c8a684455eb87bf8ac6da6d9f177182b4cbf2efeca63f987eb9a101ceeac4

SHA512
a601288cafccb446fc1eda05fdb81f80899c24403db58c6a6e831a23ab4df5176455097a2d58f1ff4a63f32a33fd78781f77a56f072fed75b44ef37bb098c614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
25a724385665aa52c66f0ac82f23c227

SHA1
f8085a04c4ee92ff2b633e27a1bf407b009385e6

SHA256
ded232ea53aa469b23ff54a78572d6d6d554bbd38a179c46779894d5c5a2e921

SHA512
5f07232e144e5cfffa0c4d91048e9d269d8f0d387e6866da9842a1d574afe161e73e63b91f4189e6a1120d1cfb0a84d26a20fca14af5cc2ebde6989a7fe9c7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
6fb545ce54aa4bbe7f518acb75ad2b63

SHA1
16bc653eb2769c057a10f24767fb85eb4caa7ae6

SHA256
b7aa397ae1dd1a558a197c91ac7bc4a3909ecdcbfbbf690c1e6aa492d14311ee

SHA512
9b570e8239310a74c4f6e72b2e235e974b38de521d6b32dbbf2a5f80bb0413ce90ff52e6e484e716324e70ba4c8b7b923215441c94979d3710a8a485bae10f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
ec358e5e04a98e249a4834a6a9013735

SHA1
f0c0978682313a3519ad224712226943122e2e01

SHA256
89bfe7188e55f688311f2e10fea38ea86fe4fd27bd73402eef2f96aba1e290fb

SHA512
5915a87018a18906bf628b00143fc4e779788457e9613c18298b9bd1fdc0879dc9158f358d4ec61b67ed34be36857a21a28f68baaec8d2714a0e770802042d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
66d010d21a179d7558ff4fc0aa5d57ee

SHA1
5ee00cb49437d46b685892f879469d3c34a38b5e

SHA256
5658f3a33a87d63081b5cfd2b085a2bc5127415b4e4ce5e66d6ee177fe89b2a9

SHA512
daea6bcd59991c786251b854079356b5acbd019a9fabfc41604ac37bf51877b56f246bf8884b06aed219299d12afa8fb939fa0d0e080ae8f6a055e458dd6fcd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
229ea50691bbc6020bccd7d2e13ef989

SHA1
2f2b677310dc565d07dce3540aff681b4d950e5a

SHA256
f82a6a5842282615488327eba6c127c49259ce17d02b2e9f8c7af76c85338bb1

SHA512
b61d3a1445225946a1f2a8ef3878a322281fe5231a66b3d85a584f746c53e4b6ccedc72c598097b76e1fc7a043bffd65f761d65df87be1950d70d1efdbf752b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
1c74a5849a15838aa320557fecc82be9

SHA1
6e83263454331eda7a7a1e3c5b0511678855e66e

SHA256
dd9bc79150401d669af60bb137a8c5c548863ecc1db9b761ae0617edf301a75d

SHA512
b9a11f23833e54d1b77d08972aa4ed1c8da8df8a887d46c8427abe8cb9e3c0fe516d5344e98a5225bfcf5383a9095cc1df7107eb9642911ba214641ae8c6a23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
17KB

MD5
384e5b959ce3e59e12f93605f61043c4

SHA1
bb26bbf602cc8abcde380f1e91587f15c6485317

SHA256
b76542269d00a0859d591ec572b0dd408b2f4c15f0dae9c23be7dccfdf54e18f

SHA512
ecda40def5bc359a1b8e0e4a033f5fa68f7262f2b36e2149b1efd472a88673e24b381d34489e5bcc899ead1b057763eb940f7c3430dc88cdfcd03f47a0992e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
16KB

MD5
4b4432e5b52736bf811f0b99d2a4ad45

SHA1
e9dc0c4b936109902138cca51dc4307f7bac6730

SHA256
d730bda38b999e036ddf955dc244957b692c6fcf687977cbb7ebf6190d8c75cd

SHA512
2d2fd022ef17df8ff0842c7c718ab0a58ff14bc7f1a711e525252aa95960349fea2dc7c27f22a6dc88ff4066be41fafdf90af477febb76221c33efb7c1e5826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
Filesize
16KB

MD5
916657b1904462de4fd9ddda8acf9d97

SHA1
ee32edf403ae7732a39154d925f20b96f28f24ab

SHA256
6220d4d16f2dc838ae215035cb67b832fda74852f0b4e52195a2a29cde0f9977

SHA512
a4c1d241ecd7b64edec45f27963e35ea809f9f75d8ba9c0a7b5558f890fb7ee0305a8a827697fed58ff993804b3ece3e5e5a80b6b24ed3a38cd195f26c031a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b6a85f62d4a43e7a577671f0ccf38814

SHA1
cb75175cce5718f237a415f8d1a0ea877da0783b

SHA256
d1116274cd391092c5b65640110bbfba13749c22da603db49e3009e85b8a538e

SHA512
1b053018dc456820d2f062f583ba7da4c09dd017d0d452b8159a375861dd48e1c9381c583dfd839de4560daf7d349d7faec3581ff2a8a09efae93a3ebbfb574e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
89c60ae5210733099d9490bff80842dc

SHA1
93199cee24afa71de591fc7c7fe8d5057c4f663e

SHA256
d6322c8b44a5470acbc348bc1d73b424aaf145f9d1cfa829ca596944b9a6682c

SHA512
8b510a134194a616f02239ce26285f139532b5575f922eaad1217612c10754e13ae6df60085eec4bfed99f700b22141d69e67bdbf6b40faea28efb6a5cff6115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
db7d13c6b262f925646fce20475ab145

SHA1
1c0263b72e58c3116d5cb7a888a3247bd49ccbd8

SHA256
82ef7b9d3d1bc5466586d79a8263a1bd12f4765eed88845b8853c5c7d2782acf

SHA512
3bc4ed6d2b8debaf23023f54f32db68dd57bc278af16de929767d9c0b97a38a525ef6e3decd67367146c381af2b1e5010413eb61ec9add69c4a3d4b312391909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
101aa7e962f7367b4c036ff14200ef53

SHA1
3e3ea0b2389762be848fe7688cfd943327fc5a4d

SHA256
f97de55b97c4deb45750038e65b121d689a1057a0c10ad2befeb427eda128e0c

SHA512
b815632d2e60fa763f809070c93e97cb41bb222597bb8454bd1d5382576a865300c89ede0c01adbc03d8a20a2b07e250e29b84e1f6b05c2594f269a0df1467bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
4c20fa32d2f45d28cc35de2c47b8227e

SHA1
ba7155e0cae2393c4e8298124f61813e7530358c

SHA256
f9f445bd37fe6fa61ada3b1d43716c1894ff991df9cd6c3eb4b559daa8c32996

SHA512
ecccb5ebbd773adab002ce4a6e90209e06f57f92e18c0813f285c5010d2953ef59d9f4a6d9be9aa22a16f06e8c9b62220010c047e0805d7604cec2572454113a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2356_LGXEPKFXVUNYOPTD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit