hxxps://wwwapps[.]ups[.]com/ppc/ppc[.]html?loc=en_US#/profilePage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wwwapps.ups.com/ppc/ppc.html?loc=en_US#/profilePage

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
3700	msedge.exe
3700	msedge.exe
5384	identity_helper.exe
5384	identity_helper.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 2084	3700	msedge.exe	87
PID 3700 wrote to memory of 2084	3700	msedge.exe	87
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4004	3700	msedge.exe	92
PID 3700 wrote to memory of 4044	3700	msedge.exe	93
PID 3700 wrote to memory of 4044	3700	msedge.exe	93
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94
PID 3700 wrote to memory of 4128	3700	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wwwapps.ups.com/ppc/ppc.html?loc=en_US#/profilePage
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd14b346f8,0x7ffd14b34708,0x7ffd14b34718
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,3279391091072599378,2658876312063558391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
91KB

MD5
1cfd1aa3b4fe4bba10c132acea9985af

SHA1
4edccc73318b8d3f6dee84f934063ea52644ed0f

SHA256
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2

SHA512
5d1f76a59e90881778851dcae104c3ff3e912fd76ed687d64e510d7b1492155569b1b589c9b0bf375b861bfa8aef91a3146d91438566f40699d1224dddef163f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
92KB

MD5
7350337b673e86f2d62ee0eb5761e1e2

SHA1
eb11f6c75c34069217cc1692d00e8ac3945c8a3d

SHA256
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706

SHA512
278e00bd84b2048958cb21de75d42f4db505b7918ed4457688fb889fb8eb0a240d7450df8e45214d56e080c2f0d324fe29df1de09174de6c94b286fb51730242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
167KB

MD5
11eabca2251325cfc5589c9c6fb57b46

SHA1
096c9245b6a192d1403a82848e104a65f578a8ec

SHA256
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed

SHA512
e4b50f7eb7e96fe01ac44160f2ab88044fdcfc3e295f1c730f0a82de7149dcf902225a16c3c8e1d69e84bfb5ac00c98bd9d6b29db1a1e57f4e47ae842ac4a3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
25KB

MD5
849fd0ec4277f2e8ee9ebe2753a30edd

SHA1
ebcff6b5216b7cfdacc058ab35023c6f9bd6f286

SHA256
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36

SHA512
8ee6c23e081bf40a65f342c230a28f19ade3901c8ff079f0a65d02f2132e5f366330bf63ead794b709895d2ee1fdc08adafdf376e8641ff0b5302f8506e570aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
54ecb5ea0ec7edfcec9c5b2a15508cad

SHA1
3b6c8aaceb8c1751b1aeda7c63c690fc36cdd945

SHA256
b54b79ee86c7b666f57df9ff19d0f3483ae330b18d0aebc3dcc053d0ee8e0e02

SHA512
c5c90d2da34e60ec3aa13f68dc5485bd4b123b491b221218c5ea1f0ef470e5542c43062ed0cdba871b0eee7e507c534aea9513dc4a196a286e637bfea1713b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
c1de44acf1411a188b1efb3e415e66b8

SHA1
2a9601e8dd8dd62422139ab415101d13542c31bf

SHA256
444b94c2f00b433b4297bc32a247be7d30db791abb13d9d77bbec032c141eb46

SHA512
96f5299a40e143b5171793df348dabe7b2d86aa11735214e6e487c7d431011ce1c41139d8fe97269f6daa80fcaf693bf73d1a1046d95e9901e06e50fa3a7abab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
0144478d6b5350e77084c9b5673719be

SHA1
a7f0512c295c2dd279914b6f8a0de3085b84a91c

SHA256
a9be050cd531fa9a5f06f2e209829ea95edae28a8425908462ef55fd82979a89

SHA512
236a7143e3eb552e5892e9f90a9af9b44d5889a5b6243181080c8787a2457ebad006a9c7e3e30212e677dd8dad82cec01102a3c8a6d653e0ccb23fc8ced2a2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
0129881c0437c48433591878596ba145

SHA1
c7311ad3ebaccbb9b33e6703df09c265b7d10ff5

SHA256
c54a730394f47a040134beab422547426e7c7cd516a4d8865d2abc4871f6cbca

SHA512
539e6d1302cca1c7df1b43e5bf24a0e8590c91a02076ef0b0429530242a777b66af2a143dd77dea59c323a2c44a1c5930d4b39163f72363e208d6955f2149d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
163KB

MD5
6090d256d88dcd7f0244eaa4a3eafbba

SHA1
51dbae4543aaa10096e344e48fcffe468bd314a9

SHA256
2835b358aaaa329f9a4bb47936c96687202ca24774a2e1c78251a596f2b01fa5

SHA512
193d818f9151a7df9250c01b43f1fd45e77c56000ac47dc5d372a3892ea548c541a63c4e63f34df5efcece246a285c7840c238b049da4dc80fc2d4bbd475bf1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
167KB

MD5
58aef543c97bbaf6a9896e8484456d98

SHA1
f6783010d5def128c4a1539333324f75701d9bab

SHA256
e35252aa3dc2e84e9d7211586fee9aede2a426d3230c8b131881d985f16ff836

SHA512
024519d895d9b0296513523250a6044779567f44e9e384926472417c4a1e2d4a5e9b8296f97f5bd1b6a6242f7781bbcf9a41da66e6e82f66de69936190e1b865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
166KB

MD5
e07df86cef2e721115583d61d1fb68a6

SHA1
3dd713113ff2d79b94d2df343e2e28fa8e7279cf

SHA256
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a

SHA512
cd3638f857f16bb0745ce18077388be6a5f1762e7a310227e45971bb73cb4faff8edfa89ebe6c37f78c587c6ed0050337ad42348742bc46ac094fda16fd781dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
95KB

MD5
cef1dfae33e4576a055956e34bed1092

SHA1
31a4c784ce155a2c1084654346f62968282897cf

SHA256
13093ba405b28ef8194ab0b10b4088c4fc36d32deb9aa027924351825d4d6cd1

SHA512
6d3a3f395ca98c741d60127a539cea58c0ab643eb1ffea4f3e533acfb63f8598d62542375887bd9e92f9072ad06725123ee26ae74e7e48cd27da71012f6ba9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
50KB

MD5
371af0b2c61a59a2b6be16d3b0e436b4

SHA1
7c79625f085a2504c6d996f6fb319a6db5ae18af

SHA256
1f9fa0352358ec3960d0ff966fdcef80fc2242221cdd24a4d7121100e5fed3ad

SHA512
0938d931ee1a8faaa306bb3274b84e52da1f9a9438f857d5e93e1204478c4b8f655ccfac2fb28cae5947bcd10e9aeec6c04bfb43458c044d8a3c573bcd21b9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
17KB

MD5
17cba5b82e130c20f93e6f24fd088145

SHA1
afacf467de2529d1a10b42bff9014b1c408bd1c3

SHA256
134a760e37046ab06a9744c61eed3d0a2cacace98392e775e39dc910b58bacdd

SHA512
bcc549da3f9acc0df9084588ffd0b092fc49b46eae12f61874f7f649000240c6e2207286caa32f7d1855a24253b3603f0f1fc2c13a63bc8b2d00f42e406bcfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
3d1811441d0bff6f51b419f2087a992d

SHA1
3e281d6405b24b51bea7ef1d6a0246cb6a4f0219

SHA256
b8e470c8aaf6e402bff65d116249cd642b8bf894b62f5049020d0f01c2051bb7

SHA512
0454d5d765b3cee6407f1f54510e68501b6c47f8d4bbc65a3a374f3ce47e77f56d65cb63ad211a4a3e450fbf4ce5b7ce1c4f260767e8caca9e9ea2fd97abef7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
43KB

MD5
1168e1e8fa5a7983e5d394f7133a90e8

SHA1
31843c0302f9f87176a506f50a62f7bd879021e5

SHA256
f7a7dd322f0fd60a91a5fb5744d0530f1e726f33cb6f6fd3833ed3d013dbc004

SHA512
7eb1206c68f51f98db2694082f3ba8a66bb623d8d1aa134eac05c0494c04ad91a03eae0280a1bf08678157a0ddd0c39d3ebe034edaa10b813129d37d0cf50af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
36KB

MD5
b2bfff98c99927f7588e6d1c10b825a6

SHA1
5dfc7a2ffd4d534baf4077121d462abf576286c0

SHA256
a404fda38924ff5642133f20e4386115ecc8ecb7ff672d83cf2c88e751dedb13

SHA512
71cb5832059652bd8c346f8c8490bff448e0c047e9763dc008e5b215341b3d233f4cbfc1ee696653b01101652850a6d30c1df3245aeacc5b494ed1711c59b809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
16KB

MD5
6ed5f76a4e84fbad9041db2cc419bfd7

SHA1
c2648f1a0336205367d32a2ebff47cff01f3abfa

SHA256
11e14dd57b297310d1fab142a6b04b05be4a6565c368490a8a80d887025dab00

SHA512
8df77b941a0a780897467ecfa522b03a605ce5c8735fc6bff520df7ac9fd5f91a68d6c87f0f7d6ec8418bcd9de1b6f7831f6d655d704f92001e6ec7aa363d8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
71KB

MD5
250d991ed9fa8e1028e444267788d671

SHA1
95b691686b03b4a60ff66dd5860f4967bd1e4f44

SHA256
296abc7114a8756a11f0735756ec6c8e831f987371d2a7dd4bd9ee5095c15f95

SHA512
7dbd0d7820288ae21f1997f20cc216cac80aab7b89dbde24be9c0ad88854e2a71b4e30d2b549b3bf0d76432967a47f6cc2ac1a0d6e5290df726d5e5af8195716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
56KB

MD5
8f648f2875aae7c4901e02b17e53c2a1

SHA1
d22194062167d65db463f338efaa206920aab5f5

SHA256
5ac62c0e247746d796d406bc5b7d828ea0ed260e791ea76e304a0842aebb349c

SHA512
891d8faaf5a1a92097004bdca65c9941c7f41b076a7717e04361c910f331106e43866e910e1db59451474896614e0f367d57964a0937905bb28e34a84338fc06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
66KB

MD5
684c547e7fa9f1a400fd3ce0f8d243fd

SHA1
5d49ae48fd653ec2bed1a6cbf30a1f3191684677

SHA256
4c0adcafdaa71019c2dadf7a61d5475cbc3b5060bfd36194ffa0bb4608c27bea

SHA512
08df3e2b6bb38399ffd0ae9ba31d01112d8874826ddcae0633ad709ac7d17bcc00225160443ce37c47f37db7a09790e553ef529d4f26f1431e8cdfa972f742c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
26KB

MD5
2e35752272d8fe5d52b230e5095acb1c

SHA1
ee8038653d23897500417d17e0eb6c34e1f2de53

SHA256
ece5f9028d30fc014e4e0c9e6ab67e4b3e9576a80dc18a2b589200a9fb104929

SHA512
277bf8d13f3f2492ec69b9d35c7e833cde1efe53f8f572a043663c1bb22834eff65296f482792e0e7905afd568df701aac09efcd0385422fbe380924ca0b57d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
51KB

MD5
9c86173641efbd9c9d594d55aec2bdd7

SHA1
8fc85eb26b540b348ecaded263455ecc9996225b

SHA256
a35a4b981815e2b61a5e8a19765c8892f2a05948b8e7bce40b1244154e13dd75

SHA512
bd56b2430bc3f781b4ea5bc749adb5d81d72e2cb16b77280e46ac14d7c0c3b3554e364cfc94bac2ee471a6948a7960969083c4afc1541a43a826216c98ee3462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
25KB

MD5
4f9444b13a636f4272a10bfb3c99977c

SHA1
2527e528f7a48174552e12047833ecc48ed5db0c

SHA256
0221ab61ac83ec47222ba53c4f190252894a3582641b00aff74ae19c5696921d

SHA512
1b1d625390b58f2e48a3172f6203ca48c51fb1cf59c87ea4c2b3804a9c818d26766e1ff14778b02c36b554f9b0127bbd76696eff23c504400d2f8354197ddd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
3a1b0483e63b83c08cac4f68ef1b0059

SHA1
eca0c62618a4192a11d1e01e280f107f0a469f76

SHA256
8c6ed7d7d061749366ed3dcd673820cb4e21953f66b13ea0ece808ab3d86fa8e

SHA512
018d0b2daab9fb33be146f5da9eb01f7f60ba244f5838cf6a781984192f5f14db99b5c3ef61c508a1587f1a672383561e15c493778ea239f5d38912be449d788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
91KB

MD5
b728583441b27087d133254122e8bad8

SHA1
1e3cd5dc71aab1104ea41b3f16a8f10e8bdc83d1

SHA256
d1fb01749d3028c2e640a6a9cf22fd8a1d8a6c963702c47d54f3eaeca19f7e22

SHA512
57210e49e3dcccd67dbeee7cdc7c148fc7ff3cc206053548c1e53c5e2f1bc7e093e0ffeddfe2309688b0ce4745020e23722b83c6a2d73b5f9060df247d4f80f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
97KB

MD5
54893221379793fd322a9b382fefd1cc

SHA1
4236203227291e75970d426b88bd719b6ecfd360

SHA256
5cdf16398b37724a0039de67171237d2e4d52114e827306af7a2a870975a1182

SHA512
209e2edf4305a63948a7e3705f67d6488faa95f8ba1bb025b037a5faf57dd946e726bf26d5b445c903070e47955cc6a348291295f09b0b01b53bf0d527c79f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
75KB

MD5
19214c6771ce91dcbf5621f027a1b70a

SHA1
ba49328afe3a73b9fcfb38028aa15e6439d7590d

SHA256
5a360e1960c115ffc4ca82422512652ab2d37739b3aeb2fd814aff6b7cfe1a74

SHA512
3384dafae795fc71cee17591c3e7083f52843c1091947debae1fe33b94a7d0e65135d2bbcbcd120bc203ba9c64126bcf9bc10e68f17c259642518bf3a6387643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
2e08b1812114d94fd6a4c9086f325422

SHA1
ce7960a95742989d2a9a7ed552353f164a25b127

SHA256
9de78d30a2c8a0dafd66fc9718ff0c7e5b058bc953c0bd02281368825853f756

SHA512
fc5c2509df4b5adb88e5fa02d1cf5d08fd242b10e79577b3c1817176bbc85ca9caa97cc3270747a7fef83a0d4204907bbf003cf50d471a9ed99b7be8b29fa9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
22KB

MD5
0bd017aeea2f2a21f357ed6ca757ab98

SHA1
1d6f9818e186f2920c55314fcff451f8b9822a01

SHA256
7ecc37aa8bdc199f33aacbab55ff3d57907b5fb78f75777ebbb6fcd1d8c03f99

SHA512
105807ff4fccca118b65c4624d9422cfebda25713fdd33fca19d8f1693f05df9323fb1590e6a3966ac01b7a5fcf659a9a6ac9523989b3e43e7330716b61ed226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
77KB

MD5
0ca278026001fa6f996e07d682c10675

SHA1
e78dbf310ffec0ebdad01d55e04a85dd6a23d86a

SHA256
411372223420d3e2b9fee2eebb5402ee38de014a8ceff6cba856cd461ed7d8f6

SHA512
fccc29514022f7ffeebe0b74d446aa5ed9a103afb97c05812a3f318f7d776fb19f4768d898e7f2fca0b9c012326b593aaed68dd74145ae44e4a719e2699e8c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e4a11ef41d7649d_0

Filesize
309B

MD5
65a8d96baeedacd251c48cd3a68e293f

SHA1
517e8703d3386cfd77787924fc9de163057ff785

SHA256
f25aa0ef490d19b8c82b7806febe8d46c4c94bfc571ce5479809f9b9b7340313

SHA512
c0f7d86b7a0392d7fe502b50932c914143500238b6140fd083a10a26818971fd8491cd85870d21553f126d3b5b8688a6e4c00e36fda1c17e345e23433b38104c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac414e56fa53e688_0

Filesize
16KB

MD5
58ebfbf34029dfe5ecad2f1b66961b5f

SHA1
13f209b657f14557942c60f97bbe934ed2fc4abc

SHA256
9a6864efdbeccd352110729e9dc6242e8de74deafb0da30bef8be9fb8868c843

SHA512
1755803e4d6ea15326b10570b0b1ea538a13752c91c21bcbc5dc451a8f58c221a125cbbb329b619ed6793d26bc154abdb8771074567736a5f66504ab26e8a60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e739b63befd4a191_0

Filesize
65KB

MD5
237fcf154cac819e58fc0cadd2aca1d1

SHA1
8a76f58a8661ba0e128dd8c749438120c2e72624

SHA256
18288ec9d83083d2b70f62eaf14897af3736a188d37edd78335fa7b5192a7f01

SHA512
854a72b320260c897be540602f323f0778f017114a1f5c7809485cbf216a7841bbf87a15c97d6d185e746576cbc6fc3fd1de95ac95d62108ee07a1d6fa6ab5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a5566153846384aafde3eef8cd3dc8ea

SHA1
c6e6edfd64d2daa765f11fd1914f21b46dafcb02

SHA256
94cf2af9c182c8160538f8da3e88a85253c445a9d1bc2444b374360c97492a4f

SHA512
286dd38e6edb32715dcab15c6643a420671751cd29f3a41318780ff5b5f11eeb6e4c4b3a733ce8ec99d61ec96cfb90d791166b27e1f6a6b2226e6cd35163e423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ups.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2103b2e2c40968bf564f98398b365b3c

SHA1
f14b14b94ade329a9eef0038dd354e5a17eaa81e

SHA256
ee04b053f99046916fb9f200284678b9e03d456fdd8aeda1e3dfdcdc620cea64

SHA512
11b8f3a4cc9adf85062140f28700f9e5e0dd57cd880ab8c0e081b93c053599d6f430ef97919a792a09cc5ac02c98f40d5fc40a06bd0089abd884e5f680794657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d3cc7929f1c37016360ffff667fd9f60

SHA1
2bfed14ac57c13e3278edcd30f53a20320c49c0e

SHA256
3dc85e35b2964e8d1790af71c0c968b35e000cdfb2e2d4b741fe74a8943b5744

SHA512
eb6ebdeb5eb1894252fffd02004c92e8eeb40c177bcab5bef10e1d921fa9419890b35ea099ce1f509b4fba172fa97e260bbe0d50e4d48c0cb846c800f6c05cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
218478bef1f49f94448765896d9d5c31

SHA1
0012a228ea17b60e0558017af5bef50f66b4f834

SHA256
20c696e3a822b493900916cbe05c1de75845ae2dd27d5100670df4b4759d956e

SHA512
3084e8afc35e4c4d55b8f69f63797d78784b43ad946a1027ea3c244313818f16d5e2fb7b28350d5a571686d712e036942561e02d0b68a8d24a3feb777f1ed51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
508a3105d9e42472e4d77043bbbb38f5

SHA1
2beac37e15cbe303ec7827ed0cfea1be1f79dce8

SHA256
022cc3289b4b6866acc10ab0f21cb59f13686d1ee8798bef4e91f17014a99a67

SHA512
07f797f5cd2761ed857ac9d48027ea7d20f8a4d7f3f62f2f1398fdf8ee73e4402724320cc4acd3a7a00c8ed9ea44d14e80bbabbe87d3d3a6001bb9aa785484fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
aa3c355954499f3a80d03510160c76be

SHA1
d3cb51e08a5225b1456d1c756c78737e280f7231

SHA256
7313ebf436b5e14969ba9fe30a27163cc181b4f974ca8ff44b7962b5b1f2ce78

SHA512
16817007224e94762f219d8d5785707c66a94052c939b26695ad68629cfbe4e100bb41594d19dd29ce8bfc9566a61d027c79ad0912a0637fb70befb6be3ec872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3f2302cc81e878d620e5ba6d3540c487

SHA1
328a5bb7979cbf576c6795ec4290cbcd309fff50

SHA256
b1099a698a29bd28cfa8c284d7d76806cbb732b7db7ad058ba63436e44671ec0

SHA512
3108f493ab287a6e5ca695853216c8df9a84c30cebbd861d94c80b48279dc2da9229cc1e699438e9e8fabef9cbf53888daca119f0866ba6a456d9b83acf6d715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2b6604ed476915e4168c5171ee90e7ed

SHA1
06f7ca4a4e71326f9441a3913851d331b041bc9c

SHA256
cb49383129211b6da7cafc93807decbaf8dd521bb000195c361e1e2a3da2b2fd

SHA512
9e05c5a43dbc4dcb791a52a5ef89e48681d0d135fc0b4d77e2995756833c40ef3c3204b261f1595c3b98ec6f6c93c0adc8a06453f52583d97e65e89eaf66924e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea7bfa2a829c5dbb6268b46c5b83990a

SHA1
b1f67f7c6a2cde74b6bef398cad2d55196a3b741

SHA256
4f28830834d44c41c2533b1e64e604837696b7f603128301ab53f2cfabaad6bb

SHA512
2bcfad1fca5de9c675af7d4d063360b614ed1d83b29f52c837502347d12108e24472fe560e999ab7fa30b3caf371fdb1a9298d4e9d8688e29272ce286d38388a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a299.TMP

Filesize
48B

MD5
d54b3cffed833e741fa5d9be71058633

SHA1
9141b9681272336e1bccd40fd0860e5e0cdc0565

SHA256
4bdf870b393c0a6f3e394d17061310613dda27f06c94791810a39dd53cd3ab5e

SHA512
e9937a257a5dcc5a0bf4c9846a8cee970f79ae6a7c404d3156622f68c13ec0caad55bbd127f467e5a7c2113300d709aa8725ccc3c17927e35511e5ac5fb1d9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0a820d23f1e7bf7890d262bef8ac782b

SHA1
5762adb889bda1ff786bca5e387c1caafa2cd699

SHA256
f57ac1bac20e6f1dbfeff0fe1d773662ec8d7cd77ffa2f02bdc701f8f29cc86f

SHA512
38c647ccdfc0a7577b37681cad954cdac6469440d88f30aba85d757797d2ea9e4a61edf79a31c990579a9eeb1d99f8aa8c0537ae9e8b1ce99344d2c186a497bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
160d733fb85f4e4e848093874fb030af

SHA1
b54147fa71d8c531d97c9da4fc7d9ae6a4aaa0da

SHA256
71e8f309828e2681b5c69daa5f57dec6cc184d630ecaea5b483bbfcd20c51778

SHA512
a583ce9757865117bbe051ce1c03f1b1aa1fd1c3091c6744f51b955583475cea7973a4830485bcd3bb285d9fe8df5f9f9000812dfd8c04feef87dc2859dbbc4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e3bb5f7f67b1e7f01146466baecd5575

SHA1
75768728c210cdfe0abfb755d12b2ba95598a4ce

SHA256
6f5e37eeed32d5039574776a57bca4d66b51acbe2eef35ddc06e5613824b3d39

SHA512
a5b356162ad6498a1ab3cf8018154b0bd6f409f55784022984ea16e2b00347ab5e54504234c33d77785b696938fac2b919772a4b71dd57ef59db7c220b1b3784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a49c.TMP

Filesize
3KB

MD5
dba0f098850b45859201f9e9c4f4d533

SHA1
7e8bb117367653846ee6cc2b6ebde932996b16a1

SHA256
5bfa3c6126e7e2859e0e315f214385c651ff708f29dff3af5d7eb9b89aa2d0e8

SHA512
750b28318dc38306272612747b24fbe575f6341a286ff4511540097b0e9b58ed0a472c363b8c42f6f10f7ba55e41160487f2af60a9959940896ca6219cc4d6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66fa9e7e4b56c257dd58d91fedff05e9

SHA1
e910b4e20fed94fb482bcf72ba76d247efe48102

SHA256
b6774702f9dd52674d7a21693bdd25a3159ecc633d8f5b0e3637377072c16dc7

SHA512
aa699886f998b76c67504b51e11dafdd9fc5c5f85cee1953f771f3b778bcae07013cf4807750dbc836b55fa425f3fb6dc61b2b07876393d52ba4fc6d4e672f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit