hxxps://invoicingaruba[.]pension-miss-sophie[.]de/fi[.]php

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 07:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://invoicingaruba.pension-miss-sophie.de/fi.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{5EBDF4D2-1572-459D-9BA3-011854FBC738}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
3476	msedge.exe
3476	msedge.exe
3640	identity_helper.exe
3640	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
2516	msedge.exe
2516	msedge.exe
4472	msedge.exe
4472	msedge.exe
1296	identity_helper.exe
1296	identity_helper.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 972	3476	msedge.exe	82
PID 3476 wrote to memory of 972	3476	msedge.exe	82
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 208	3476	msedge.exe	83
PID 3476 wrote to memory of 2032	3476	msedge.exe	84
PID 3476 wrote to memory of 2032	3476	msedge.exe	84
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85
PID 3476 wrote to memory of 1868	3476	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://invoicingaruba.pension-miss-sophie.de/fi.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0x108,0x118,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f424718
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2223217421826749906,4948997967217724528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f424718
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14004701302339881391,17793049312301255884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a5a3253a18a1e4f5893c3f61e751785

SHA1
38a20850f1028a5abe49eeeb635dff8b1f56b6f8

SHA256
26dbb7441b93dac7011c0a7024465b0bfa14b0b52bb3d9c907f8a2b3c8352b4e

SHA512
30be90df6e3f7db1990486a2400d22667294df39939dc2952269b16fb32353a91109c250dca46682993e6255e04702334cda010179a20c908249381c5bdcdb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9592c118b2e310d130af904d2ac6adb5

SHA1
d3419615375823e14631a8edc6118971019f6152

SHA256
17abe206f03ab42a94745750680e46b0fd2f6d60f94fb38514d9bc2f0b341d37

SHA512
dcabdd33a5f0344d9c033c585fe82e66b96c6e2224420ea4e219def35ed27ab5ddb244d95f586e71e69c750308a70966386017be59aa5633d1a7ac8db6d2d3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
423953a2a3ebd5652a52956fa482f9c2

SHA1
fa4645f8eb3209c47db70bf53de6cfa8ff9d8ce4

SHA256
f08f4b133942b180f5de9c7c26fff8197705d62c70d9f325434c2dd2138db915

SHA512
4510aa359f4b14bf2421f89b46908b295590e2a48f6ed73d4a6e3380434dcc8f450fa7112816da4d899e09eff4df6323ab167e64a9afb5067977d8309276ede2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d165c24d11aa6a1be839fbd18c0aec8e

SHA1
5f64b71a7168434c217d7cccba14858c55119ce1

SHA256
f3dd1659479451b22496b56ab62b941242f5ef08380e68d91d421c856f18c53f

SHA512
5cd4772760b590dd5f25c2ee4f4411e611320d573860ea7ed5b2823e6db154b3566127c8447edc2c3c0f9b2ecac6f516705e04aab1e2bb3ded428432b911a382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
7ad69e8ad6efad6403ed2dbaeae271e8

SHA1
f2b5b57daf8288ffe179f43da7205e361f9ce58d

SHA256
9f2939e0c7a33206ff140d11ed4549ff18eacb328159a39e5f361a858c53b7a2

SHA512
d2122f4b5be15de8d3a07c9e04f3ffa436db09a8c880aed21e54ebce3c4e5137990e0ddbea36180d19c1508d42a7c2ce869698867f876e67f7f37445cc2448cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
ff70ba56b93f884e386957e0e2cbb500

SHA1
d8ba639e03289b6629097df29dc8c7f1bd7bdf2e

SHA256
5bd46d035c306ded4a9f1bbfc43746d2bfbbabe3fbe0fe1f15773092f16b3708

SHA512
663fc49c9fee2288c3349f0e864d54465d61ed052953ab087d126cde297e519c4441ad7f42cca5452c3dff0154f6c473422baa1410b0efdd9de76c3b0819fc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4779d290a6ea66b042a93c1b9017a71f

SHA1
66fa3d3f9339417a48ae5e6a82582a29f1e78692

SHA256
99f51f15fc175859db61c7f0a769891366f2f91ba0d78d17bbc8b8d1b42bd07e

SHA512
eafe8d251b087b367a64cc0a6c7a270e6d80d22d62188951dc0b35c56174fa5d26a11b2a017ded872ee33ab51504312561e60265ce34d2e9e436cb8e6d30531e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
69c65ff445d354c7e675c0dd08fac063

SHA1
cccc991d8394ecda29e5b5feffd796f22f94eb1e

SHA256
898a84fa8df29b690f208e6c3dcf60051bcd8924ee2ca4780251c0b3c4e8e965

SHA512
b6f1b49d3a427109cfa6112db36572e60ec3c2cf6dc8386e995a50dfeac2db82702877cda85460b402975f947ad50d7c0a99ca3c4aea3994d62629104062b8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
168B

MD5
f01e473f45091714753e6829e771a361

SHA1
2f1a9510d7518929e0c806acbe8421c718818e90

SHA256
14a261ea949605e69f241e1b076810049d3cbed90434bb95aff6c74c4e5b6d0b

SHA512
9a17c7299095ca193650a0fe05fb0e9cb1cefc2373f5126fde94515c032f59c9ba2ddf2b93668a63aba1db4cd997b3a86f726794dc4a596f2940b6c76fa57fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
52852a4eb16f7c5ac0cf84e657745e6f

SHA1
f026bedfbdfbde2a44265930fe840bfaee016d53

SHA256
2e59d3a5a534e12cbbfcf3734a8415a94970a1f8047416ca55c70a77d9e359cb

SHA512
968390e55fca7a94573c1b1fa473eaf4cf75a14c93c57e4728cfa4b3e8a8bc0a42cf793c4ee02a15eb233faddd51da7c3e75b63a2bbcda10e746e0ebe226e498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
68KB

MD5
0d13b2163ce3e02e02cabdaf9b347e97

SHA1
9d0804a465ae41b1d47933d16e00707b0bf4cd6d

SHA256
b504c837270ac54e7e0d237bb13c56f5821904dd7fcc8c9d4923ea8a9cf78ccd

SHA512
1bd0df674553a6643453a4eeedb82fee77972ad58d83b2695b2bd9865acb3e3ac6edb61d4b50058ad4608c225f1e0fe29ac335515d8e380d83358e7ee4353528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
71d0a599e4a9587f77e67826a5e6f36a

SHA1
53726c8b6e78ea8e34e2b74003ab68e820dcfc96

SHA256
ed5bef339a064bee9926ed01829b70e35c55c3a35b464061fea21e804eeb9fdd

SHA512
4a6f034606dd7d9b2c4ca33aa82ada3a8bb68c0f1fd077ad1875916147c39a54f4b34e42f45c9bc67ebec472ba9c6e348f3a9420959c1f5347ff35b2626a8c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b305f42e0ed9ef12db7ca103b2e983c4

SHA1
714814c4f62cdbaf50530f0e6c278c0039b4423b

SHA256
7234e743825d2221d087f18813744ab4eed86c359e521ffaf6ff3704537fb62a

SHA512
ad8e73f92f344a45ccfece1ed078936cb48797ee636c0d0d8cab65b3e46b68505b647c6aa1bd60d74bb43b3bf466a29f237118442f65dd596f4a243c677bd8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad15c73e45011cc12d129aeb5cc29926

SHA1
80045706ab6c2912243a44a7689decd91e388529

SHA256
4ce823ae0a9c7f2614e875554c47558f993775af70b85b6e0c799607799d2e70

SHA512
616db5afbf2a31b3120d213fba203dd7b14ad4d435d67637be5e9039e562f8a36cafdb04c411fbab44c29e84c488dfa092de6bc755d7130afc7598da2296b9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bef44e1b9663b67dcf5aae7e06e5f638

SHA1
a750931ebac8f66f63d39f37e752bd4958832bd1

SHA256
5e0245a2edb6410eadd9efedf8aedc7cb8c40376cf8dce2ec8467d09e2d246c2

SHA512
16d98ad8b962715897113a366b81dec552e0e0bb8ee67bf62d4f42b4b3b1512e785b2466a4b30be76ad3a20f115deff3b9c6f7c00568a728fe25d8bbcb9fb6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
877dbd7e0c1a0cffefac55e3f58bbfc9

SHA1
c542ef97fe4dcf504c421eb1dec9106074882cb7

SHA256
2438dd4e4e6bd6d626350a95c2aefef9889ee00b66f0b59f9525fd53faef92a0

SHA512
913ea47dbba2980ccb329878d317e93b9077f94b7458dea41da1ec6ebbec31626ff7a1d6d4bf8b64d57087b6a2833e5f7245571bc6439e0f68a04e7337c59e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db284437abea9309321734dc2e240755

SHA1
321416dcb0cf4ee7a96dadc3cb0bb0a31171d781

SHA256
a60abbb3b83c822ebc8f21cd1f36f9b8032bc83bf786a91d38e3aecb2a957441

SHA512
d25257af347b846734ac675bac003b65047c970620ef3cfc78f542777297273ef3d125ef3e81a382f0b74b0e992680132c66b8140726589c3fa5f2c93ae1b8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d69c90b14c6015f545e7e866bbb1ac6

SHA1
eae1a0c268bfabc7fe6e095bdfd5a1bc28d8cb62

SHA256
84ce209741be450ab3561c945c988e427e443017512c45e5fd287eadcc7e0c63

SHA512
c3b348ffa0b456929dc416ec25405cc56e16c4029ad3d67036ddcf5b2e9b489131d992f623d8ed1b4cbb6539bb47efb9d9fa529a5afb2991d56d11dce5fb1cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
23e50a411ba1b310785ca7afa2ca74b2

SHA1
ece55860b13e78255a114fc4f7b6e8038d19b744

SHA256
cead4e2fb614759d65751ba6812b416caa10fa3135ac39d59d9799d43742bd4a

SHA512
c7d9a59de8d9e5882f8199c8d41f2201267c41c17b3b4674ed30b0f4187d7817dd3502d4ec077884dff08508359e5ff26257c5b38b31c48bdf5160874799c659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f0d1381b19b8ac5d967155ffe217390

SHA1
e0030b1e496263719b0eb33f3d71b47622bab6c8

SHA256
2746b9933e16a1ee0217f4819f5f075ecfb0a30a86a105932a7f511838447e7a

SHA512
4301f91fda83ca6be5c4ddb546cf5f07368824b98f7d70bd5c5fa69628b117c39689fe0fa5c4f4c6a614c9d92dabb482d0c9823205d9239c7f45ca76999ec4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
009a86bea2602b05961a2218c534e8c3

SHA1
0bde644a43caeee0cc7859bacdee1a098475a008

SHA256
c8d3aac169822be7883a9fbed6f3c554540eba7b4a6a9605b1904c2041b335af

SHA512
cc4a3191e9e5eb3ab11c8cfd85392b707fa13ce7cb66c7c43f96910b20a08c144294ffa411f36c96d4aeb548451b92b19f80b908594b4397b91d4bb2da71fc6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
415B

MD5
5e28cd35c5fc3e795c3ce9558d43385a

SHA1
cb7ad93462859feba5f68b13032ff79b4d6d2fb5

SHA256
b3c35eab4e08fdc067011d0bfd359b6fd22a3daa01668e17cad4a490954925f0

SHA512
3a9e1ca2d7d14f0be15869188e7a41c9f6bbf2918a9e7276db8dae8e260f8af67a8ae7d8f950fe86b5b037403c54bf644a4e13bc9ce5c00cf7f1059fcffb0962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
28a0dcf643274969f8b1cf94593da240

SHA1
b25a4f7e5c29ee4423d92512d384579ddd8660f6

SHA256
ba4efc00468fbb937260458232133b07a63d7756d4cde0f3cfd0b9004775746f

SHA512
0d5d249dbb67b6cb45280f44322d1cbf64cf588e75d351631062dd2b5acc599d0199be22fc4cfd452ae3f10945b9e1a890a2b907f5c3140b0611d05c393a2c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364982695185771

Filesize
1KB

MD5
aed30e95d3168383fd1df33488b3f0fb

SHA1
5fc2710e1afb8f9b232a7e4a21b2bab0d87655eb

SHA256
907857e6f7d11134d69f07a56a5c183b956feebaead8727270b4152b587067ad

SHA512
fd2fa8607fd2dc38f2808117a2c12cd618ea4a2981cd1e9bbd38d4f098a09100e5bdbf06ae32dd72831e4e69d0e2df975a8bdb6bc8f019395ccbc929f0f540a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364982695398771

Filesize
1KB

MD5
fc8865a8d71387d929c9dff7b5284f45

SHA1
589392b33ac6e3df7db4efcb28376bd7471ec071

SHA256
c3b67ecfe48fe2cdd7f5afdb4da03c76029d1a9826c108f3e5a737d9ae41f709

SHA512
686af83ba537d1205eac73e1c84859dfafe4e277ff21ff81efc1cb56d41ee1c8ea2007f7a5189087dcd3f53e808b96dd6f0b2e9bd988885c9bee31b01deba742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3300a54b939d4d3eb11bd430689fe9f9

SHA1
cd83fd2763c0470fc0b4d966b137046ea3893792

SHA256
62179eb5e9e0dd968ac1e34467818397a1f161a82085ba61c4cd3867ecdd6d20

SHA512
c5ed6384f41ba59a43b690a86b90fc71518f06ee31fc1a30278a871a2c2efb8938dadf441201000e5ed7ac26cc6bae52ffd796f1173031970ef37fcf85074571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
7893892df36c95d4c67ad6531d8ab892

SHA1
af289dba226f03d1739326be5f165717ffb35970

SHA256
70e13ac3cedf36af7a89db20527d30a285f115ae2ff206c270643e1b4d4de461

SHA512
dd499153220ebd51e3e3de2348e95d50867fd2f8654692accc7e7c8ba1d8553f02b839553bfd6f6554d0a287a9fd5899231ea69a604eb9bb7267499a5c6cfd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6519b89fc42ec89a8f40b125b65b8e19

SHA1
d36ab776dd9407f8da176595849c450bbede9cc0

SHA256
050ff76e2f39970e54c66070663a3c5fa5910ebebc2978472524408056c4b283

SHA512
02e211869ef3cb619abb6ce961e263720912babd3193209157d193a4c7b091c88452afe3011c2938e1d94384fe42aeeaa87c9cab553b746af0ef589f2a46305c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
c57af9dac9716791c3d4f9dbb0c416b5

SHA1
1521d924fdf1f6ba74596a6ed702e27eb0915c73

SHA256
5b7001185e98967e081c687cfd341470a4197327712311d9e257e75890618be3

SHA512
aed12672b307e31889925aac1bf671f47fef1027a802a9600acba5dc7cf8e9b6f51fac02e00501c45cf6eee89683934feeaec1fbb477360f9a492a2a249d3091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
464eff1f244979abc4d0888f223adcde

SHA1
4bfd52ac6ef0d01d8a73d3f7e199cdfca87d321e

SHA256
bcf1f237ce19aed47528080be1bc973191d6645a3b6e49c9b65b0823e11d1277

SHA512
e37480efaf2600c805a7e53067e3a68ffd25fdea1d6e8a02c6c5e083fe14677cab3d923292d8736f79eca95e06989de9413fc4b77697c5fa5b2449415340c4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
244B

MD5
ac68dd53e3c4941e381a4d509984a600

SHA1
27998ce3726097580810069efb270371732ca7d5

SHA256
c57757af1fd735c10cecfed14ed630702393bd84da924ad6256705a1984f7985

SHA512
b103639456561c0f65aec32fa99c806eb5741662e8a4f60de91cc825d51ffc6868b7b63971f62ac7f0949c1a9caa3558c21adfc44763054ff2f4189418c7b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
09958482e04cdaff55418be0a514b7b7

SHA1
867d208ba51c2c44e0cc635288b2067e5b182048

SHA256
41de8306fb8a8760fb93d8ebf70b60c18dc9479ea3d2e3384c0f0c4785118ad8

SHA512
fd8f03077587504935989aac02f39062a069a22f24dbeb23b8408111a1522bbcfc502110f33a6e7b7479c6108b0cdf4d53ea9dc790bb82207116140884d5f3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
9307537797feab16b3c2a2bea3853430

SHA1
66ff5a96e2b472f7ec66e2b19b49b783e9979630

SHA256
9fc4596e1276cf8c1a273278e819741c04a464d265699e0e67da46dee456e2ab

SHA512
0564ccc6abedd79791cab9736c543f6d92f8f15af724c856f27525719590826bbd676473065482a8d1d509acb0cb10af19deb393cd01722bd7115aff39561bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e2aaec2aaa5810c9778b5a4f596eee5f

SHA1
ade4594e281c155e1ee715fe86631a1b019cb290

SHA256
d406636aab8a1ee19305db3c0fa69e519fa1d9d0bb6f9b224863cbddffd7bd88

SHA512
410c1157682a974c112a1f88cfe305c4023345cd28ff0a700fcca75692968f39bfec43c3c31f56a78f21889eefdb12510e27ecdb94d97b1f9bb45d7e0351eb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
05e52ad6460cdc477b5125c385745ac1

SHA1
4c539bb86228c5d1fc198d9bbe8531bdd1f3f4bd

SHA256
e0b2481955009f7158f3245da1b7c023ac4b0d588aa4c7139b3fc82a3c82ec94

SHA512
390284a0e162a3ca2a57036c32ba5cf15d0f4ec1c6f1683486bbbc51b308eadcda7e98df0a7d396bcfeb92b05c2ff2fbd346dca7f66549feb7472c616a292be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b497c6d0f2251a379796c8149fd97d2e

SHA1
01e91f33ece22f621fee13de48001a014deca3de

SHA256
6ef7e39f4df2ad31f93086f227ec771fc304a8714d458c5a59f9cb0513e9d2a0

SHA512
5c2eb601c47c95c528183401cd32eacf7d2acec84eb8c133ad2a2b736e4dd3a773c672c62c831c328c91fdfc646521dbb59deb4070a0c780c4d1bb2001712e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ec16beb58d3895ee2cdc8d643982239d

SHA1
144e5c3c1da50d6504d2d09303e2329e226e8a05

SHA256
8beef527f56791283f7c8dfa7f54a45c85363d4c3c809d2e26c305768e2d7eb8

SHA512
825bc2ac6353947d1636896436d50d476503b05f588f084a7a56a560d34cb95c79c2f9d164a858844948ca81f3e0e23151ac05c5e8405d8bd4301a53e988c0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
95b355f994ae04ab9efad17c7759a86d

SHA1
8c2dd1d1abc48ab56d2bf2ee6a7d2a7229f337a2

SHA256
f7b2df008b125ec33c5b1b742ef57403839254582037279e632f99aa27436962

SHA512
934bbd0eea95322f41bf506e89f5b442be1c26fd2c52d3501f6ebfc292567b359606e0039c85dd3c0c0804027ec4c3f1d0e5bdef05144d1572097e92d586df88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0464dda5e348b380a99713af2f1cb17a

SHA1
33646bca9b4da02ed90019b78bb9587cb4d00da2

SHA256
9f5ae4d4e2021d4d970f2142f399289c9fc99a8454661ed7f51812494af646ce

SHA512
832445ce2b4bd3f7a857885dd6450c8a312b754f60845a542e0e6e892937934d4e2d836e2c25f4bb0b416c4b834275acc0948f404db94c9216f078cf0c6b13fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8125be006c09d808be9524660859fa88

SHA1
9147f001ca20ffcf8dad51e95c088cb28895eb4d

SHA256
325b33735302abb3fe8637479de89e48119ddd36536b19b11f0ac5c302d87147

SHA512
9723a4c08bd4a4df36770b4831d50e1671f99933b8fce6eaa901663cbbcdfd951d65b94c231a2d8932a805909ca345a0bbbaa57f918bfafec4af2c0349d1b834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
b01e3d52ecf07f484e4c5a34deb7fd84

SHA1
5a984d498879938381719be09ddf3588e01a01aa

SHA256
8dd28856e9bd1f21aeb319dde576a810e5fdd481d9ef07d8db253674f78723d6

SHA512
2693fcf368068f534815c955e6e420f3a90270f855d9c03535b791846897d188444ef9828d088b036e87a1067d64bd3798e5a8e2d61ed7199103f7c203f98940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
82fc1fd4b1e4461b335967b770d52e39

SHA1
0ec4a1227e52766cabb65fe5eaa13ec472c68afe

SHA256
971bffea6bbdedb13eef76604cd16f3a2c9433b5a0860d91a761da95c95ae689

SHA512
6bb8cc8178d308dd601db615b9e16e2f6e1252ceb69fc08c91c93e824e165608f2b2934136db2182b163f7214e4295be6085c5f06aeed2d1dc603bc370667d94

Download Submit