hxxps://gofile[.]io/d/LOwIP7

Analysis

max time kernel
97s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
4184	msedge.exe
4184	msedge.exe
2788	identity_helper.exe
2788	identity_helper.exe
800	msedge.exe
800	msedge.exe
1096	msedge.exe
1096	msedge.exe
1788	identity_helper.exe
1788	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1540	2124	msedge.exe	84
PID 2124 wrote to memory of 1540	2124	msedge.exe	84
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 464	2124	msedge.exe	86
PID 2124 wrote to memory of 4184	2124	msedge.exe	85
PID 2124 wrote to memory of 4184	2124	msedge.exe	85
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87
PID 2124 wrote to memory of 5012	2124	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcae1746f8,0x7ffcae174708,0x7ffcae174718
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,747041971077836007,12526595281652787292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcae1746f8,0x7ffcae174708,0x7ffcae174718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1405301909857210200,17317838012203222655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
810f6c42cf2ec86894f9222f779fd23f

SHA1
260d63b7b3b29da2f34c656abf571100418b128e

SHA256
be9e0100c575ce8a854c1120fcdf7863dcae028c571bab5f7f3d9352c80db880

SHA512
e17df6e5ff609e6033a562a60b623369c0ee6273d6f55ce1a19158fa9c1d201a39d2f64f026febd30c5e543b2b85a9a60bb361cd213d7f9cdb6d6e2fab2dbf1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3bc35012950fa7473b241c1e6bcbc0c

SHA1
8acdd0e89915164b3810c0b51861240877c3b31e

SHA256
0cc5a856f115cf2eebd5e352e67b7f3bd8c2406978ce41e2dbef3e7d73c54ce4

SHA512
6e4003a7eab0a477014937f95a86aca52fe14bc6b75cbd9cd387ca301818ed91ebfff55ae2574ad70ccd4c0011ea5f6f7d4a550e5002dec18ef3be5e5d0333e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a8ed0ea-275d-46f7-91f5-ae2b242685d2.tmp

Filesize
5KB

MD5
1e5b31b943f279d1ced00e3dec09c626

SHA1
8170e7601e0d697bf30f680a837ead6790fefc40

SHA256
f6cc1fff49c988f5ff465f0c1f7cf723ab661b4dad86a0b5fdc168df4bda4083

SHA512
5bafc6b181a93b7b1d3291683eb818dd4e929ed5a6cc2cbba72989ac9c9da4957a6155863b6d1b919e2fec2c5c65b4574ef81e300a2426f7058827469fd4e2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3b133522235fdeaf5da3ed5461ede8bc

SHA1
58badb71686899ce5ffd15901753e150283c0b32

SHA256
97649df2a1f343a33c1b20f066cfaeedc14301dface1f9af805c15e7902f8598

SHA512
e6a4fe72f48f5568103bb9d938de65eff1577e5d3a558790ae4151992f2c8a4f3498ea6cb2a34637336500c5c461848651baaa3767de98a912bd26f58eef41ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3b5a8fe6dcfbe7f3b3373855a5c803af

SHA1
4d9077dd90ba75cd0977939ebb57a67dd40b0522

SHA256
211ab440ef8e3a780952c4d6195eac8c3b3b480b6493269dc234fd98bfd4e34e

SHA512
1a13902f53a861dfad76a4b4a911a69f9159b507733cbacc12dc366b1ab30dac2057b03601ff9307055d9965eaa5e8e61c7837d712f729d1b2a7ed0bcea8531d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
e15dad6f3b9c3282a8a74e6cc0646bc5

SHA1
e328313895a473e34a2abdb27f349f8bfb14dbd8

SHA256
f547699afd661ba88a2201403bc27c3eb44cdbbe72825963254eed377f4df6f4

SHA512
d7b91d030d4ea9738d7e1533f972246bb9c1e33da431a385c0b6b7df5909ee7bd6b2cda3c0820238f9fb3d6c9c462d76a588bfa7a1df3429e9174e421271d0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
59d8ab3a957efb46718434c6f5b505d9

SHA1
ba5295f296f6ecf2f1e24657f3596172799c0152

SHA256
07251939b627ed362ddffa0d31b1b5b83ed7ecce994a842bb9f3f770f07708b4

SHA512
9312589eff5954b243265cb0ef60c03305edd336a5110d9d98976e0e2820dd9386d4fc4892103b418188a3cf751be6b45bd15b0bc9ebaf129cfdee013a32b3e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
762e83ccb6234c23572c55eb55a2d71d

SHA1
0d9bb432cf8c320c9c09454da734a6a5cb1b08de

SHA256
9222f4e15efa5b335c86fd3ea5e1d25cff5e10f0a545ca89c9e9b2ac1000c26a

SHA512
f519d6d25140f60e65e51f1a06b73edd7b602c40d71cd404b8b8e808fa746c770830962314b0948a2733ed409ef3c4190aa11274cbbd17b79386436b9e407d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
10489ea742842c3a680b188fb37fa330

SHA1
9a9355986fc0418712e1a9a28ce6cb7fb757e97b

SHA256
cc5ae608013891e7a00289fdc3a8980d3975b5e2ff4d8f989c1d5fc18ca8d1cd

SHA512
a269e94f386f95aa0a294b1502638c5b5b9f152821bc2243c48eb114a16a5d66f8a9613908fb088119175397ff13bf834deb1095c7b94065929f518e0bedd4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
0e155310cbb68f58fc77b10591843b50

SHA1
44de50d8b56ae777ede0c518da29a6ac2d5790ce

SHA256
588dae8eecfdd4fba8aee34175f935fa2ae8790688b058769c0c86483b564fa2

SHA512
85bdf8f1740e11d31d0b26c1db90d84ec408e60247f772099785f99316bd360637dbb45461ae85e943612cde34b091b4d0e488931715b3c76c30cf2cd741f0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
d9818939f31ccbab11279bbc78d35f20

SHA1
016724a9856800ea57612f2537044d05b9d1b6a0

SHA256
7276e3af62c72334b0c53e62eacb2c99e0ba7a2589848a8e5be62474a22f0e02

SHA512
afd316ed20a7cf7ec2fc17d01cc42460514bf4b13b83a446e4e71fe3dc34f2a2a9b93fcb1d6cf7a91793bc46d324455a758f811dc29045dc124ce6234f1e1dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
998049ac124217001273a50fd4a892a2

SHA1
ad1132df53da5898e24782f641f7f6f9493ca9d2

SHA256
994258d82aee13f1804747a2f285da50ca1677e9f61a7ebc1bfccf480f467efd

SHA512
deefbf40a6b60a27bdf2a220f11d43781bea38ab216aa07fba383177b27cd1d960faeedb93cd5f6ea116161e2195ec83b1424c12b05436471505d7ed8465ad8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9bb41dbc508578c39bbf4c61b90cc1ae

SHA1
a00509d10183c69fdf45dc908bf92e4fdd14a229

SHA256
0f74e3aa536e429fc7d5120495e70489ab7e86ab8e56436f23508ff9603b5569

SHA512
a1d49fcc3ef8fee8c5d5e67b4c362a2cccea1a38cda9b070a7660363cb8502252a8725f5632be7ba776a8728fe3f7e45aa351762c4061bb593061ca077c457f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1a5dc609847fc149434eb04bbd25e1c4

SHA1
b14ba2ca4c99ebdaff50fac2532b57aa1fd27287

SHA256
a32cb59cf411ae04cff4d65d31ce6da8483b2704b80e23de04f3a13205ad88c1

SHA512
de36843d8c011034b42dba448624cbb1e7872f7d2e7964ee3cd79723c902a050ff9eaef25041b3dd6d1948a1ffb317cdf7eb29fe483ad894001245c58e252182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
3f8a77ee77fcf88860bdc81e69426916

SHA1
511493735109ca52c27025e46ab10e53714a9c4c

SHA256
c4921c6f4fdab29212ab5c88d188afaa06359fbb803610bc2ff30d4eafc0f63a

SHA512
c7efb6e24f62548a0b4dd57878e2d07e7eab3222bbdf819197c23da0f5b9802c3dac4d4e88353a71dfe66b9f7b9efbccf80a6260af33de0ea721b4cc5b7350e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
550B

MD5
bd05f9e092e96f611c4089b108749979

SHA1
4686e16471e28d5daf927efaf9371e5e9fe0e2ab

SHA256
1c48b9d66f1c71bacfcddfc80fc2bf92dda0e44b6534e44ad33452426f908026

SHA512
72e9ee755ba5787b56e2e083f0a87b284cce6161ff23e864a882eff080060b5061bfa1d8f57851cccee313c2852a1e1c085c882827a0329b1be07e5d050d7b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7a8c94e089d572ba287155c5dfe70916

SHA1
1ea5846f3976997a0b3b2a313a7d1eb081ffb554

SHA256
d255d6c933b51086ccaaf18bda24827097d45d9cc7260a9cecf27eb2dfb5862c

SHA512
dfbd38b65400deedcd6cfe8592eecfef4e086dd7df377dd06083d431f0d39ae16bebc5d6b31dc1af90d1ce984561fa1281bf92c55f5358ca352572261a2f5c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
18aea61d5bc5d82604631b997fa65d12

SHA1
a4b438d4a197e072b7e1d18d981b8154ead290f2

SHA256
501c5e8e0656058e9755da4d0ca3ae275ac5e8d36b9a776d97f6a3c57cf7145b

SHA512
2b280c3dc79190192db94adae353f7ef7c1df6c095411d67d19f1ba999ead67de24a11e173e4d084b66979335efe28bf9d3fbf6e36bd94feadc2e164ead71a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e2b242f9a792bb0344bfcfe0425a0ef6

SHA1
7bed6d1238ee6152f9f06fb783d19c86424b1ca8

SHA256
8c97040f0a97e9aacaf53aa8376d65c92df3e9de62ff4327ba347270995298dd

SHA512
b5a321ded2db3d2d32df09267a4c02c26cffb7c33725564976b3ce276641f8865c033b96994db29ecabae9630d42f55c1677820a165cc3549093bd9648d79fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c0ff8f61bb77df2a2c8a7bbb36e6d4f

SHA1
b5b5ecc5ad6f326a6264813af48ee385b58beca4

SHA256
a564b18a0b89e2713ae7ece47e918265cdcc77d308126b24c5712dcc81501f21

SHA512
5102436c2bcdc13f1d039e09bfbbf131a300726c14cd781d8589ccee785eb69443c3bdc1873dddcf4c87138fe4addf776c71406b61f793e84a3d737656e51861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d0ae53b7564978d3058321b1eb278a5

SHA1
8cd249952a6eab3c84dbf32d8309536fe77f0516

SHA256
d7de2d3e38ff8b0eb3b9cbffe56e291641ca96c0ecc435e49edf8f551c13016b

SHA512
f3452dd767247a5e1218bb63d74b4e35af922718bb1b803c014a4aea965108dcff22703c9347a20502190a9327c7264718250128e79d4f07fb857eaf45aa1bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8836694e3e94ec0ebd520b7f25dec69d

SHA1
63b0e8b6d97dd8878e6c67aa8432a53b293d20e0

SHA256
bc9cadabfe8cf3a086ec7d65219f11abef884b2d2fd57f21760436e8ac9c006f

SHA512
a77b4eedfff66d5c3e7c1b475addf8dfd37e1df4bb62159e4f82e5f035ad29cdfc096bb20d5d6c837ba6b7c6022311a3785ab09ec39628d393d9a6de7eaa39f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eedd5ace2c4f9f85ad6bad249804f6e

SHA1
50a4e62b2693d073b8cf4d3b551fb22f5715d73e

SHA256
333ff6e2c5b6f0d8a156db69c981b9289f5a9d16be8ad490ed1028d983ddb635

SHA512
bc890c3c09c847f3cc643cd534368f07925650ac8c651bf32ab82c542a33ac85be97ef4e879326852f4bd3e26abda6b99d0c12bd440129891a1f5b260c877afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
b688f35462ceff5c7055f39374718a72

SHA1
ddfff33e1200bad8190d409b6524f5ae546727a9

SHA256
d9b2f7086d7ff419fc33dbd903a0038415b127a4ed0bbe63ead309cc47c1072f

SHA512
72bd0b2c53a0eae89d41d3be1177122c9298cbca4827d9b5efa28bf5f8f5e71945c5a7f867bceb83e3c606a7d2b457915c2963fb5dd991ede7d17daaed80b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c5c698cca1a90202ac910ef6667a9d99

SHA1
49550076e0e210e345aa89ed9a8522d7c6352fde

SHA256
921db7bc9f20c5ea1f38224ff96043be6e88b341f8d7226f147a98232e81e36b

SHA512
c5bf235f4063aaa03ccd1ae3277903c71c31860bab13e7ab201e6860b3f419bd18140e9ed47a4317004d27ea2a7078c4fa56f2ee6d5de77b04ccd47c46181d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
8728f423d3c0f61a5893fd56cbfe7345

SHA1
7dc632883c933873e6962d1c2f87f2bce9a915e9

SHA256
00e170eaa1e26f29d300a0a035bf5834778714153ff1c57d3ae1425ae8f2e64e

SHA512
582ae29a807a9e2ffbaefbe6b94d0e929bcfb7e8b833327a4365d026aa0bf6e77476ccb0083199714bcc48ef174667a622acaf344637074e1319e4c0a37c0326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
baee2afdd27f9b6c585918c8626fd3ab

SHA1
b9a8a3e6830be2c9ad1d337c15e7eaef647545a3

SHA256
fcb6d147b7b5702276c9be266a6d7cc5572d8de8c8374813f76c0f9c544c531c

SHA512
d7329e29944b78f41ff05cc761f82a8f45a0aa3b75f45f921ba8b5dce82841331cf4f07aab7236f22f45cc12af4785e2e9bbe40c3a2bf8d99d1df18b8a26f95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352885279552689

Filesize
8KB

MD5
78ba05f86667ec98bf3f4c6cc07661f0

SHA1
dbda597bbd84f55420c51a268616b29f796558ed

SHA256
7bc155996574f7e55022ae6a73abe682c8619653e3c3a49426124ebabfeda488

SHA512
79f20fb604f1258e62438cd1ae554d8fc8336a9d838511c0ea29984d6783a0f42112ef3bc4221866fed11d467732ed3774dfb4077d6b4e8aa6bf52916a60bc38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ea3bb87273095cff53a06878df560858

SHA1
e95d35830a870a4529da9157532a15990856b8b9

SHA256
8382b3f9d15fc81c575573a1114e67b0845c881f4ad8bd8cb73aa75308995496

SHA512
8152fd834fd7d1eba0009fc291d1df4d57dd8b04dd8f3a83560a1b1ca1aa1d58ce09a2191837d91f83ed2dcccaa1337383d53d963b3b54ab8845ef1dacd87f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
190aaab8687594b314f8577e9609f8a8

SHA1
6745ea19d3c86a1945444a0cd6679e28405bfc30

SHA256
d19d032890657147ad4c9204c41ad70971032571c1da3a5fd46b4a811f821bec

SHA512
1407f569cba716a8c42c0c1332abdd2c937d6883332055616d53dada3bd637414cd21424d0b115cf8f249cd0d58996b465fc49673c42681ed271c1ebe7d11257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b4c78913ef00b992befcfa5d1b66db19

SHA1
f514840913ef1577381a9effaf5542bfb952ebbd

SHA256
5822bc979897bd6d1f989a8a207840383f5a0b0567cdb4acdacb7e84956acbe8

SHA512
46e7b164b92f2f34b714fe3cf32d8f851d10dfb544d123056ab628eabdcee3bc6391d111ff1845e25e52aa228a30fdc3f8642713ac3390a3b565f8f7b5727d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
24520cd50eeed974cd937865b24c5494

SHA1
4dce410fefe926a9c37d48dbfc26052ba77861eb

SHA256
3445843e20806f4f819cce2532b46248f5ad26c232de2f124b1bacb62481186b

SHA512
ecceacc46b6da7cf2b23a044ba98c4166a34eaff3b6092ea5e4c154994a79800afd8d309b19c3fc7b8f54987f7ff270500040731ae9ccd7bcd367a1a315b8e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8ce8dd91f366439b8b7a57f30d96846

SHA1
664146503884f65ca8daa8c496abcd8cc41efe81

SHA256
f59a331433152476626d55c5c6b88b7a4f9008d77364546ea493c9246f87b13a

SHA512
1d2fd33d4143dcc860a2d768cb46be89426e3dd3b7aabf804c68235b82c16d09dc725a54d555494f6cd181fc5ee8a05bd6c1ee3e90643e98d74e06038b8a0ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ff146b02f58e1664dea5ab3cffa783a2

SHA1
bda40b7352ba565f682b925a0951a34cbd1d3639

SHA256
7f93639159e333022c484c81f951ec2955cdfddee6d0e09fd3778c4605bf3e5d

SHA512
63c685ff210464906106fb190ae002bc02315914df8b9866d4d0e9372ff8800d16c0bda36d8c59031015d6a4a74aa9b69147a9766a6a05750ba81cec1d95c22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847b2.TMP

Filesize
370B

MD5
bd60bac0d443c8282c93e8bbc4d77478

SHA1
8023198942a4e21aa36268e6ef9cc79c1c4c5001

SHA256
d87b8c25f90c690b64769e9f1e4231ae92c5963282546b0fb144c81e9b4b8f15

SHA512
303c5460d4487bca5b6d5b59d7c1a015a32ff847332aecbb54eebedfc88ca0693b94d8bc2d5473a5ffdb0837a8cc08cd7580058732eccc6b602212b29434b560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
488e623a2f04b2c919d18afd728b9980

SHA1
8e57aaf31205b08d36c7ccb7a2c058bb777e4f85

SHA256
06eff95df180f58a5d46c5b3fa63208459cf632031b3a1cd43287db108739aac

SHA512
f49211dc3634522b00f51292a51050e754ca446de4de7e7be74ef0ee0d250803dfe0dbc54d7ee216370adf7da8b2a6fd5e8d91e4298f6527faa96df1165d7e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
90a302a28e158c308998fe5d00935ebc

SHA1
b107e881f8ae7ebc31c48425c0f463f60a7ac5f8

SHA256
5f3836b40c4de41eef5a6239b99ec2df72d3ecd659acec74984be112c4c1fb8a

SHA512
5a40182ea769d68beea7d489c7fd4605c5646d4b34b4756a6475227c8012d84d28da7dbdb965a871bd17d9b64400d3fde8c55774d3b3c3add0b51de00ead407d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
120fd93495ab948f4529f30335ca3c11

SHA1
ff2397ac0148c7fd04a101e9ee8f451526cfecd1

SHA256
c52ee3912090a5cd53e533e65b8f439f55aef1faecde4b4e683e04fa5d1ba038

SHA512
be4cb24515f74016ee9d1faae9d1760240ca4fdbb5bb14519fef245195ba87a00c5f28836c415b3475ce349d9107d7d6f0fc481eb2e7a56e9c9cb498a915a279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
427d686a82ee482187efcc5e8c9313e8

SHA1
1dc2693dd821b5d8df322cf620b770dea0451e41

SHA256
75dd67448ebe2d9cfb6a124b55ef2ff869f00ed9771815217c237ca71239f454

SHA512
5d84de6ab8d8cd2c02ea774b30548934188e79cb2e21b22f1009d9c6b824c8ab57c5f82dc07d1664254840120aae45d179e525349c4f6bf17e840315f002696d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b22b57e7d38ad0899cc78d94e3dd8ed9

SHA1
75149e7eb0d889d954d3a13a2ffa077110f6ada8

SHA256
70ce5fa0093dbfad89f0da09dfd9ceff8bade9987d6780a32013e25ea903ba09

SHA512
00df720df6d2083c456fa6cf40de04e8ea011778d5af1e89ab8b540e9de9e0b96dcfa926eee5889d1b7276b5c55374b88d309cd6219d7d69ca36a749ac11017d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
b115a6967f514db63963cd8b5bee3964

SHA1
502fb73649485e105e4b24a51219677fdd0ba4d0

SHA256
0397bf093b5d0a0de06cf54734b37a19c408fd60ee4efa09a0104a5dc3c73353

SHA512
7d5daa3718feb153079d54b633f9a582cc6e6b8eddeb4e4545b4f2228af8d50f5ffb81727a39bea41de86750e0657b71f62c752298d9282ed61b818fe6070f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4f29006f7b533423a3c3b7a42385471e

SHA1
8a50b8b9a796bc38b78459148ab07ebcdb910d9a

SHA256
04e399319dc42451ab8200b82836354a71562642c53ca39635d9f7d0c64e9829

SHA512
45d7331f59de13c15fe14a5e7da28d7ba8cafcdd04f327b35a544e7f48a74b0f55f36beb189a2e549d3b7110412a44f67bf438ba6e4a3df1993451f42c98a6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
01137bf0815ff189ee9caadbec4df0fd

SHA1
badf754ccad7eded8a6e9a3486de47729b4b7883

SHA256
b82e472785cb1a13913d238ef1c34d23e75edd5d8fe666f4fcefa13c0c070d0b

SHA512
8c506a0794034f2b2e692b3e86394bb4241ad674c992b627aba253c5a5f0e12d1ec9f9fe4f66a5d5503bb6e9956472e3a631f57f0e85a6817c2532246dce6de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
f7287bf54030673ae5becdbdb6cae851

SHA1
09bf749915840b9b3803561a21366999062d1a7a

SHA256
7216a7ec5013acc859641aef029c86c7b78ef6a1d63b9de265addf0fc9f08ddf

SHA512
e5f21337c832d6ca0f034cc952b96ff11e376955328bad1f835add84876dbcf338bdf6a3c88e0aba6a61205b8dfb70c5ae00c170462a8a25652ec8fc47947e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
4a2483f3814dd5e042d025b1226540e3

SHA1
a8e0055dd8c7bd4c1f0bead1485cbf24a084f62b

SHA256
40018afca94fed86371f60b24b7a14e867f66a86d82b2c7426bf29faaa41cf28

SHA512
5701bbf6568d54d39551190531d5101e560ec5c5fe2a84ccc7b9d93c7042d70070e88af13f87e4f3143f060afcbee1e6fba9982b7615d3c961bd0ae3dc9b2336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d264f28de39cfa05676d64d80e2fa858

SHA1
a5bfb750335b7ec196c9d53bb5813d0a5e5b42c4

SHA256
24fb965adbe3834a7743b431d92cffac445d1e22707b6dfce627b3cdcad60f3d

SHA512
f41b0e544b4abfdeed5cda6661e40dcfb28ebaa3f0f268add655106368f4932a4b5840a2f9a91e20bb9d5ad138a4922bb956be65bd54867d89ba2d27c8dd4a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10fa154660faa9ec90510e738b30eef8

SHA1
bd2c8c805209ae1de5f32394f3370491b4e61bfd

SHA256
2c1b67c5903fc59c3b47d2e8e46deda51d7e2a356eb257671cbdeb38bb09b767

SHA512
1569b3d17576c29c5c9391c2ca965ab200217ed8ba690a6a81800518e0c87deac7b6164d745aff633775ce9bc1e7c91f25dc0f64fe839ed9b6cacfbcf094be3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
42c946dcaeac75cd09700677cf4a3f4f

SHA1
ba54eece9f6e285da3d983fd6dc477e32c6c2271

SHA256
b36f310ab12abcb4bbc0f475e3691d9514011969f00c97fa7f5513df236c1f8f

SHA512
032aac60bf7cf8444116eaaa88fbffa0cce06f07a11f5c560f1da83d879c602c63ddda175547c5d3eb5312eb6a56ae13c1aa989613ec5c4b04ef83484aa3715c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
4d017dddd9caba48c5b7ed0b072c64a9

SHA1
340fabc0427ee11e40e86539c799e2cf9a9bd262

SHA256
e5828e7051e8651e736efabcd17c8232469a83f5c989e63275388ddefa390cd0

SHA512
555140e83cb904ea4ca3921bd2903609576d0c12fb8267eb8ca926e6b7b396c1216f827d7fa3ed77a08e8f1455ea53d531603aeb848763906a1d4ed7ab8008fd

Download Submit