hxxp://interruptlogic[.]com

Analysis

max time kernel
322s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://interruptlogic.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
2088	msedge.exe
2088	msedge.exe
1728	identity_helper.exe
1728	identity_helper.exe
2440	msedge.exe
2440	msedge.exe
2012	msedge.exe
2012	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 4860	2088	msedge.exe	82
PID 2088 wrote to memory of 4860	2088	msedge.exe	82
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 2944	2088	msedge.exe	83
PID 2088 wrote to memory of 4112	2088	msedge.exe	84
PID 2088 wrote to memory of 4112	2088	msedge.exe	84
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85
PID 2088 wrote to memory of 1452	2088	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://interruptlogic.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd9a246f8,0x7fffd9a24708,0x7fffd9a24718
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,767496578089554884,12969298576478104054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd9a246f8,0x7fffd9a24708,0x7fffd9a24718
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6757418944257064203,7693999928662113648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c37eebf0b157f7082d146a8ba5e83b

SHA1
3bdc3e3bf900690698d2485689fc9f2c59380482

SHA256
4955a726b8cb96bd9262c06eb6db9845241d65711937118f905e0e0fb9270413

SHA512
d79e5dc8944ee2ea127fe02bc38487549ff1007e9f8d70f133cd15e4c62166799ada8b0bd8120e2692f695f5abe44d938fa143e2ee93fc4bf912ce984aba1c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
cdfcc603c639f55def7100ab310c89ee

SHA1
9e42d5e675f1543a810d010bb3976af185adf35a

SHA256
26786ff57dbd37bdbb8afc1edda9c7386e3df0344e1be5e0a5e0aa5db1bb6069

SHA512
22ee2cc8380a3e5f18e6b42521860dd9fb0ea92a4944621873aa3fd2b60b159c6506c63b09748269873353a2c2d04a1781064cf9a1e6c80aa6d1153318682337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
04a179035220d71ebeb5886d505a706c

SHA1
1f13c7af867a534db3f1ce3eb0056f1cce6d5ae8

SHA256
c2b339571273c5b7bae5bf96cbd1b2ed149484cba15a17b2c0462047231468d3

SHA512
9fa110c0b91abb62a2968b61143faed21df691efb829e746b48f854a4053ee3b6545d68582799c0c8ea009a3ce6569363f41d430c53833d762bc5744258ae098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
106KB

MD5
16830557734d8dc1b748a551ba4cd6dc

SHA1
dd9269527b6fd23bba4eef8b938202a40d299ea5

SHA256
42cb46a137e11aba69eed39fa0dccab68e21dfcb67b37b17a4f7639598f21374

SHA512
9c9bc4c555167d1d363a95e20a6420bbbb1891abbd286751d76363a75d7f0741b82a0457dd951cc7e056c3d07737a24f4ed678491970355bd682a29783267d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
64KB

MD5
8399f48b941561b6650698a03706a754

SHA1
f71dd06765c4b454e0b48f9b56ec75f6440e3523

SHA256
c115c8bc51b26c4a0c65242a3c36700af3197c4cce913332da690b3f3d096c08

SHA512
7c100b1e3217944b54d2b60c5e4abeeba65b7851df12e3dcadedec1d50c6c15f4bd7125ed08d3156f9f6bf3f4aaa03cbd727c14d8b2f990d181eb631ca962522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
34ca2d92f51defe0fd8c58812c1f2e1e

SHA1
03a85694892e22db5feea80d2c4744fe19148ed2

SHA256
3f4f8f33924d4c173462f8c1c4972542300cf4a3d908a02c801aa6289b3bcee2

SHA512
4cf2b3ccc522fcb0ad2382f5635071fb5f6fe4fd4fc06cea64eb241ab8819fed1affdd91b69b8ec32e023fb786f9ef11935f798e8f4ed90e334177c415b25069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
123c974bdb4d2e64852aa322f59dbe50

SHA1
3d81cd14d792a1d6f3a69247e3a8e71453385427

SHA256
c808caf1a8acbb2a81db1be6ad3f6b7b6276e9e18eece8f58912309a20ef444c

SHA512
b5aa7b3aa350a44bb046d50d3b36fd23293215b74fd722600daa7c34c3dc8f0235808c420cb803f9ea7627fd3515b1a0f4e0feb9112cde71b78a8d3748b5eff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
49f5bd236bea830b25aa108de9d9dcc0

SHA1
5f89bfbac8a35aa8e41cc7f92b31edf064f6214d

SHA256
c161e381cdbdb637559dd30dc16dca8884610d062dfa0f62f5b02739a61de8d3

SHA512
d5ba7c34954e6a9721e7e2467fcb335ca139acb5258d2de134b0c8ea57f124595dfc1996a69bee70b3fdb5858430350080bf882b847d6c0b821ff7ebb039845f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9956f491e45379c4aca0f093e8d58a7f

SHA1
91458d75254ac471263744ec1f8f0a88f22519e5

SHA256
f56c1d08810c9c61d5cca949a1b321453433deaa04122a560eacdbe533ece734

SHA512
c7a60d796ebb8c2980d45d9679dcdf5fff49eb2ce946d2ccd73b0d9f9b36207955222adb005c8454fcf0cf3fc3d3fcf985e0d39b58e2df229446f880acc3714e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
f981767d48653a37f2d6fa699f0b2b16

SHA1
e29f7d698a6711640dac24f11375afccbbcacbd1

SHA256
ba165783a76e6c2d6d6a3e00ee2afb9269d94dccd0eb4a06933c188a19fb8f45

SHA512
7fa7b175d3cd4d64949d68b90a0d71c4e74f1ed053a7935a535489d5f3170a79f280880d6f2290460727d1bd12654697399b2e0da2e01c209a5270277bb87429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
8c2474bf18c8fbcc0f3485c7aca5e299

SHA1
01d7dc55a877a8a8757ecb474449c8ed7bdb3599

SHA256
81bcddcfbee616786611f53ee6a4bdf1b41cdb87089c276bf3a6a121c6c1907e

SHA512
d3e0c6d3f5ca388b24ca59418d3290d702a3836b1646d967cb4612fbe356c0e99d70fad9a112444d77dfadaf4ca24f3f158707e7c3ec7d3ab2ab873829b96ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e0a544661222f46361236fb59952b742

SHA1
91bdd84b89da3307f085e9ec2fe8179ff90f9eb9

SHA256
5f2dc0b8d8a4b0bef50023faa75d32f810a94725f8086e09bcced03c576da22b

SHA512
09225822455a2d936a153dd0764306d9cf04a5dd04a3df16982403934c2e0ee2a02ec089066c05f9ac2643441fa8f458c9c2b801313c25239245a64af91e0ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
073b7d6a790832ec542c373602ee8bd5

SHA1
ea91dfdf5938b625d422ca9c44d824af04dcc89d

SHA256
a660e84cbf0a5c0bb03cdd1a5df5272b96f821ce0d65c8ffe72bafa6d62606b5

SHA512
27168cf2e8edca44fb9460ea6d56b57b2ab4fa0362486fdcbb3394f4fe9c949848d973f07a0ee99044b494e18b266b6e420d77945936bffb8d329c859bba8548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
a3a9d7234c329232b02bfaa693780bd1

SHA1
7063a52d2c9ba0582ae82792aa5e3d51c94b5273

SHA256
05a2aa743e42bf4d96b16347443021be7d05d2618434edf28de6ee3c8044586e

SHA512
7ba89d16eca94530cacdd7258404cb1e564a0e1ac3a39832f079c4e4e97c2fc8b374573c637daf710b9c9f45bf35cc2ebca25cc717152f713141c3c38c43c05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
6KB

MD5
7d54f3f691ea91472d21690e5524d64f

SHA1
e69eed9268e05c0dbcf32d2e3a9fbb56a9bfe5e0

SHA256
ce93fbed155ace8e2eaeedb7a0d21cdd60e95ac3a1c44a5b9df6e1cbbbc254c5

SHA512
e7d78f0d9444cabe9fba9645e06c9995d726c1d3a6437bd2115cd70ca99f91fe815614298aaff3859f23b9707e847a590839d15067db9cb7d78a6b7ffcd66380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
110dd49c493e12c05ad6b4897e48e105

SHA1
bc8f2e80306e9fd37d1480948797ef4c558aea1a

SHA256
f7c093312aeda575f42b4b77e14be48abe6ce76827f98fc3afaae747a13a287b

SHA512
59bf04f18ae1922dab443b2ef75f115536865ecb3ddab0acd21afc2292f08206a4e0899768f0f654dcbbcc813723bf4a16ac6c2fe70b569c0f06e393ed282dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1004B

MD5
9bd514045bac90984e545de38ebcdf3b

SHA1
187b146acb720f812dbca6a9462636f2ac5efbb4

SHA256
2e9b61fac45ff5c7aa16453f9c4a915c24268244f96806a2cb4631fc67175daf

SHA512
e67140b179739cf69f0c1543c71b26fd545a6a6bfd34d8ab547659395b96ef0339e6a803ff17bf932b57dcae00224c29001eed15d14bf480a53290eb85af3671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4e0d0d77d019fd6538964084835806b6

SHA1
507270a98ebc3a40bab2b5ff59b0725f86579abb

SHA256
e60aa77751c81c9b0bc2f4c71ffa79d3def5cc68e288cb8759c517cbc018b3eb

SHA512
74dad35376222bc4181e869d7f8d528b5533b9cd1a613afa64be9114d247ba36e9d67b84c2b9f7fd7e46f1f462282ddd6947021b3dc6fc85250574e825b30420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06e0a679fa7a7581fb3f0f4ed63070f1

SHA1
d71022b532c1932308a819e4b1787be89671722a

SHA256
58e5175e2801e044910f8d8281cbf038c4a0ba8780c3e4cfa2c4c0362af6c173

SHA512
4180709c51b0d918bfcad322876974eb6a6e443d5f6d9dd5be80857459c94d38c595eb944dd693703cc7eca02d5ee6f920c047bf13de96060c68d82dc05c4d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
470a7002eafdb030e4b5567c7b25cc36

SHA1
06ce57992b85f6e1cbe450337f57da506db138cd

SHA256
7a6b6278f850171c3465b283e7da7c1a14c75a3c32af49623c5e45434ed9da60

SHA512
10878deabc1d6a353a39b29040e10574695d18faea255067b9a8a5a2863c1716fff5539f0b9e89b7b6bb9f29f8cce1d66a03b4b64e7854f8d2b0a6aa24018e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1933c48258336f243e3b296d56e2914

SHA1
90f65f018642cf14ed11e265e969cb8695cf21ed

SHA256
92552e780e1d9b5bb98c452e6779a619ced927a0c1560e7a6ef1a8592b6252bb

SHA512
377aa67efeba671721018602d23a4a717d8cd1d1ce4325df47656c2fd0c22af7743464ab96e5bda1a05760d2b3623f913bd916f8232d8a37335e8f82b7baf028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
56e5bf415757d2bd9e73457f06b77b53

SHA1
5a683b255467dbacb91c5306d149ed3285774578

SHA256
9ca5b4c06d60a2d7368a25c79c6d55411dc36b00f86203b633419dd1cc071864

SHA512
499d0d36ba50b44bf8286ecba386ccc890332921e8706af9311fb251dd0a23cfd3775f8961ec7d4cdca944e207a0e5b477401b08cc5065190c97a710e282550e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d196be083e8439e121bea7c3f9253b8

SHA1
35ea720e574983dd5d0bf3d06990b82465413366

SHA256
d986a3dafff7f54107168ad97dbaebbbf8b8af2cd93431f8006d1b9dcfb101cb

SHA512
acb1aa6cd1853933dba4516804a12dd42686bbf1be43a738e9a83e4441225ce58f7ab76288a0ffff258069caa3fb6beefb20d65c56b644cc22bb4b031f0845cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14e3f7230f94fdcc198bfead866ff7d6

SHA1
bd46f30bfcf3caa9ee50cd0d73c51b7416cb1d19

SHA256
815c12fe55f3c0a95f7592196a92ed9f20690356e250cd7c5ad56be897ec9691

SHA512
246d71bffa2002b41c9c861ac6793cebbc8ee94b04a4855ced730bdb6de8ec450f1e2bc396586a69e87ce085425fa6d53d8af7f30d81a1642b2bbfaf253f0238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
6b230dd32efbf352e9078b637eb7fe93

SHA1
bfd73db68794300a2ccdd7ade0e627c68a78c4f2

SHA256
488e537c3d4d54bc7c2cb0e3345ce1d45bcc466cae28b4c2f13bd92bb3a58391

SHA512
739a02cdaa02c4f1c48f8e5ee2fe27552a4b9c289d974d59959130b4cdeba2bb16147f077bc03541b5304232e386416801dad07b4f4d5b20a30d03b02cd8856b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
55b06a4486f884cfc7a11016c547f751

SHA1
56e667951cc1e3ecc70d76c6de31c0bc7a655cfb

SHA256
bca3115db804ab85555de8779905f40e4d22d1e06e2485da829329745386c966

SHA512
a646048902d958fbb6d1776a814edd7771e1e19eb2845ca52d135adc8ff5d4fad387eda59c7b5a8085db80029a68f850c5dfe0869af302cc496f95603119d5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
de7f2c6cd9e63c02688a4167b5a7116a

SHA1
46616967a6768661c69202deb4cde2ffad030dbf

SHA256
df4bd195ea8f1725663127b5039be0b95941206de55c188ed8408c71be016db8

SHA512
ba710caa6a7eca942fb482e4ffae4a3975cd3e4209a0c60b0abe01ca648dea4d272ad76a693d9f1edb3485c710615757ebb92c28655d01c6b3512400292dd1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353036623875331

Filesize
19KB

MD5
9564de1906d90b8ab908ef4c1b7f8560

SHA1
5b93cc278fb1953d4c9aeecbb1ecbf8f2378d204

SHA256
3be76b623ff1d0733a8a9db62e304fdea29ef4f500e3e8799dade24554d973b9

SHA512
fa7c9cfb695ccdda6ffd46aa1eda010dc966eca06a4fd07baf82ea1755b0c2010d4986dd9180f9fea3c29322ad60060ac0c6333ccdfbd9572cc67d3e70ba9bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353036624437331

Filesize
5KB

MD5
527d1d34c69010f9049e2be1787e41d9

SHA1
24a9540a3368af6564256f8871f8572eae5a95f8

SHA256
901d4f70258f09c4dea858e812c8f289729365a1760c37840454f9bf9c81a741

SHA512
7861b9cd8876c523c3317864b5422422fd3b3a37e74ee6a7f72312260450274614588ae51f8842273924edf0cbb0d8f9dfce2beea2f38405890895fbec44ef75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
100B

MD5
0f0285b0f8c68e3e93ed509e7fc5fb1f

SHA1
919160d3b1b1f23b9f608afd581fc006c62ccc4e

SHA256
844be7e6178550dff80dd54dd7c756228419879c7011ca5e48a2612a8004f48f

SHA512
78bad3d116c0f388272208257584a7e19fba9b16c4a59c59203c12e8f36154d217600e589edaa48e6e356e74e12a623b3bf04ab78fc61491fc64fed0de22960e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a5de7b8675b292298add9162003a91cf

SHA1
861c70a4a71c07b5c18b32a69d5825420f5e7b96

SHA256
415ba76d866d019f03e90ec56f4ce3f2d0b1cf1cfe54a0a03ed1fea3f4df6bf7

SHA512
1fbed0a4add24681958f5ab78ed9872fb99966e027ca18c2ac753a5fee29858e5088708682286859af551603685d1488b644c5c3b260b2a760a507c19994b3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
dc2edcc2f19718f3fb2adbe882261e82

SHA1
f48f6f0f518fef0c053d70575bef54be10fce5e5

SHA256
6ad7c032cf95dfa92a1c818aaa07a4e61377ab07724862039296394db233e033

SHA512
651e925c2ff566837e453526a3836646982df22e1b816bc73117d274908b8a6fd12f13ed996927417b4e11ad8818b0ee39740cd42c4b4a81cc89aa384029d7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
277868a51459225935da6512b8ca2c08

SHA1
768917c61659c56a2ae8054d5416d112dcb8d41e

SHA256
4ae15917942e056faf4efe59f97afdbd5dd436cea78e9955202af7a5d40af94f

SHA512
a0375cfe01d2974b64875e9528398a23cabc1b1a99f47c0432e389e551e59b4a48826f0f5fd51dec893eb63fec29ddc9e6f68453c5c2e4d67f0ecd919de85d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c907fb4cabd0f83fbb12ad049125492b

SHA1
b1b7ddf6d2e64fc8e2665db1998d10b49a24ac16

SHA256
fa22d1aa8d6d1d8ede66ee0eef30423b8ba853e2f7e227ea2b72991ec6d72e13

SHA512
7de1727377ca1d74cc6e9c654d44afd58a4a4d0f2f584c1e60280f045928eedf5f2bbc7100bb691e81262969ede6f1df9d253b922f8ac0ef38a249c1c1f18297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
48b98d0ca559db30d8319a9054728d04

SHA1
4ad3985df515557a348a9efe5136a6f98661e51f

SHA256
b794eb7d30e7156e3354c4abe49f4746ff4c2e0d67b1b9b2888b88e5b31d9a35

SHA512
bceed85bec8169ba0c6af7b22c0278f6b7664dad24929af984dc343a1c4a823568eb74752a69360da1e524ac97d3ff4ec74b0df33728832b6a21574165605039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
54d3e3b301bd714f2b0303557e9cc34f

SHA1
f322040edfc63654780b13df96eee1944cc0a8c4

SHA256
b7a073be68ce00fbf7fd5c5a96da687f85295c714c3e161ae63fee8f0c85e4a7

SHA512
5b4f14d986d0be02858775c7f65fade04714eddc24b841b38670e9b8a84de445192e3efd791d50e9f26b8eaed22acaad5cadc78524c779f12fa73555a4e3167c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
0cfe3c540b3ff2af21148e7fb1847004

SHA1
410f72b7f7a014a2d961c38fe62a96ccd2643edd

SHA256
5c7eea083dbff6321abbc28c746a4f6038122318530923ad84443dce8a417f4c

SHA512
28297ee87a7aab1a63bd8dfbcd0f3b16c4ff01c7a24433a4d605c98b28ce66320c1c7d551a14dbef9136a726b4ad7ff33679b0e87ecf24f14007f9f8c3ea1cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
fb54ac45b0e02d55fc4f42da059f2167

SHA1
95118ae750d5eb11b994c62463bc5649f7ecdf77

SHA256
b3fd1031e2c092f660e9775b6fa4901862f82f87451b3d384728397ed238981b

SHA512
445cf2320f049944f2ce55c81e856034f3d8d36c004d70b124da04d2caada719c3bf8fd5bd8e862c09f5f60f641eb243a10fda13ee54164e4bef2eaeb7e8011b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
44643f19591b0855e627bf86e817a4cc

SHA1
7530860723b63fb38f9ed31d21a481e0350ae089

SHA256
7d8c80065a7e889a109a2ee8b9b7cb44fc070c8a528f67675c074461cd619bb4

SHA512
58e1e723e18ddd926b18be2c66f0555cff434ad256edb71b0a1bd14c6cbea50d7167c823970d8c313abe750f91ab160056fcb129b730bc47de26b6c6c83fe1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
fd01711b2bf4c468139a105e92f47499

SHA1
2776a9c9e62e7fbdbac328858cc8c70bd6de070d

SHA256
029fcd330d654e2f67b631b07699846eaf2c5ad365708358b0c53aa8356e8efe

SHA512
b0c211e0b1fe2914bce8b2ba35c3afcd24f2c57f3a48403c8679b78484d84d287a8c06d733ad2a0493da2548b7421f04642d9e4e47cc15d7d0fc8145ebbf0950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
09146d8801e9ba037f688dbdba6bb800

SHA1
c026d357dbb518b6f60c49b82f2f3dcd734526a4

SHA256
fb6702e6539c0cca472a91b0d9bfd9f4ed85d3d28f0f2ab5b41319fa2db7da36

SHA512
e75eb6818fd7054319fe2e3f0c6c4beba89f38bc15db7b103d91752397f34ebb008ced4ba21c5d663ebfa8d9b15877fcb1cd1c379da4c0c2a4b503c2cc5116da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3d722baa1dd0cd84ea7f025e7ed301bd

SHA1
a3685fec62667e4a3ee8f9c26305e737fefb1049

SHA256
a5ac3a48b07d65cb5056feb8d197f2c614e3e5a9810bc5ba6bac706df6a06cde

SHA512
10a8ae865e1cafe5c595406ec7f9e0644d4016ec153209b7efef29578d8202b193b071ab287ef93e5e4da34ce781e9d2112b73fe1ba61227bd9e0e388fabd154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
2d9041cf338f681f8ce3fce897fc73b1

SHA1
6afea05f2f51c7885ad31f9c40a07251c3f7a234

SHA256
5170d8412f87023c8f219c42010f4ac91aaf01a3e388e8ecb527a784d4bb35ed

SHA512
03f31aec20ddb695854d6ae63c9c3de301d25fd8e43ab5c8f61951c8f0ae38fad186ff694af01c75d59304115cc5e214b6ee2da2ad438ba213ab61057c6d8bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7c0e348e6967034d3c97d6edf0e24238

SHA1
bc2466a6b22a9bdb76717b16f2e31b451241ead4

SHA256
ad2961f81fabe5e8a6918bd1af91ab2d077fdc3182ff0e37f0060adc9557c885

SHA512
3a49d256e92e1461d82077b5be922f934695e57785df73d147b305ce77420073d2a13052349450840800c1b62fdcf6598b7f28df9bc16c251f9c6a2fce78c45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15fa63f15ae10c87a2eb17d401aa4525

SHA1
9358a783ff7981517f58105f6d7b4a510f0901a4

SHA256
a35c425c76034ffc0c1952044260018e2163f583a2f506308815bb60fec7fda2

SHA512
c63107025e71028d9f841b634bd6bc42af592e63ee0408c9929d5b7d9393cb425e4cf68f0e06ebec055212eeb0ed7f323204ec3e767ffd4552bfd408e13484ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
536d8bdc12f4dc2da8227ddf5549e0e4

SHA1
456d3f0702f1a47240382a37d03908824f44c5e7

SHA256
4f09ee3bd3c1113260b3ec1bb050bf49580486f5bdf5dea8f675a3e0b4d48c2a

SHA512
ef7cdc1c0403e2f606c7b4dbde4e89cf2ba7ea4f5c38b74711d50d50d7c12bf9b16a2248a6e2ff88a60fea4af9a20d983a3f1e5eaadd803b8dfed31404bbb5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
20807e605df9113db80f9f147b0a14a9

SHA1
de36a513da2b090153819b713fbaf7cd5eb41db3

SHA256
a04a71c66cd0bd011d77f88982931ffcdd818df124ff6a5ab60fe00e81e6c5f2

SHA512
366920a2e345e8d8a382f0b152b4c8a93b1bfd7033eec21133e86438dd3a153227985081d3ccfa7bf24a1cbb27a688e92df6bcf9b24ee0bfc63612e65741fb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
4ef11522ff53405caea985ca9dd20d3f

SHA1
0a64b7c618de9c9bba0dd72a54ed9867aa283bb1

SHA256
24cf6b2f63bcce92687a5799eae4f850c42c07e43cc9ed9ea8a6dfa552b839d7

SHA512
53690477e7b9d503de7cd95b5b6ea12309e2cae1cdd57885cedb0077160fe4860228ea8e3adab32cfe7239529032c001fd2225c2aa9a269953bf26b46cd8a994

Download Submit