hxxps://gofile[.]io/d/LOwIP7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{BC4A95A1-81E1-4D63-9634-747EB5F10645}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
4016	msedge.exe
4016	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 2000	4016	msedge.exe	83
PID 4016 wrote to memory of 2000	4016	msedge.exe	83
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 3216	4016	msedge.exe	84
PID 4016 wrote to memory of 2420	4016	msedge.exe	85
PID 4016 wrote to memory of 2420	4016	msedge.exe	85
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86
PID 4016 wrote to memory of 2104	4016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,9980154336952191452,16670004858989679247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
220KB

MD5
9ada39c59a1f654ea41174a4a6fb3069

SHA1
f8465e82b03e67dba69549c2345ed02736568965

SHA256
3f5f691e877d0b289e7c42149d63174d29b9b91cc35f02fc85ad5fcde1ad7f22

SHA512
8cce5ecbe7a03847a509e41333b131652e092764a88be8c3fd7df29e6e891fcc2e9dcf98427066ec69b7d4c68c335d40c1be14b313ab13533805f2b5c9ec6f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
29ad9ea37ce397f90a9b0322792a453f

SHA1
e0ae24a29fe1daaecadcb6f6db1cd6e3d051a273

SHA256
e7ac7314e4507f160cd0c863fa5c2cdad5c8a0fe83d5421e184b9aea877c4a84

SHA512
444c3999c3673d298894d99c61d57cbebac28da2aa63826764ac8ec21b0eec81174b4e1483391bebc55b4a81e1b9e17d97702f3cd995694488f4821a33addb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
792KB

MD5
53b61f5b29c1179b0279fbd9498a1536

SHA1
140f44cd9d51ae81295ed199ccee46a7d37430dc

SHA256
197e9e4a9e3855014800c3bfb36a9e2c2082dc9ebd743cb7a3cf43736fefea2f

SHA512
e7c6ec98a1e299e4a6c711d02d1c3a27cb3d22be2480f02ec458c9d119e48f70843d441729f3cb52c1f2ffcf4581692eb61ff644f99f88eebaf7c9af4d5cd57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
32KB

MD5
4691023a524333adb2337720b52adde0

SHA1
a92c4dc3df565cfeed1e15ea4ff059ba01fd9248

SHA256
19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d

SHA512
e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
32KB

MD5
eda13c6b6a5166489f77c8d20050d7eb

SHA1
83d1706bc1bb4b7e491045b945c3b50db09f58dd

SHA256
6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637

SHA512
b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
25cafde53ece6478520875c8a7e3c9f4

SHA1
bd694890b8f5ad254e45cff9cae798a3720f52a7

SHA256
5c24435dae1e85010a1c2e46e1b8d8889f299a8a9b503df6bdeac8f12555f0c9

SHA512
13fabf4f846071ae3240d323420fc4790f7d0e42e101ca03592a6740aa7c2e6ef0f33888df7b5f5badb06d93c847c4454248a7f0956ec061b6f172f8b94208be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec22f5f40a5183c582e7f7b75f5b6900

SHA1
24049d0b8977008741d4615f63ba2b13836ef905

SHA256
51406ffb76f56d386aa3303f3b52a5f93b8feceafd10afd4a1a41f7541824935

SHA512
2a1f5dd88673bc44e72af95f803b1695d84ee146950ca94d1db1f5203454bc67812771ce6451812eaa0d47f7ead8311ba9edccfd47dc01dcdf5daa34259cc2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5db34b8fa74fd76879a4ec0f7e43a0a0

SHA1
21d0b7a52bd8759bbcba0469cdde49c5e38c5105

SHA256
3b079fec41fdd5587189df4b0530907a7d0b3c311c1a66def771540b675deb3b

SHA512
65b1b9313174beae49ab292f1d6c8cacf004d9f75bd548a156b38e30d18d19927fee81d19a23fd1205ce7cdbf275cf4ed60af041694605e674ffbf26fb19dca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c4bf12802799cd3c35c1df7cef5387f9

SHA1
112cef64264c1c6d3debea2c6096805c5cf703cd

SHA256
e1e5e6b88f7eefe5a3306be5b573ebcf767fbb80b5a118e9dfb22fd8fa0a3697

SHA512
9402ec03afadb1cef12db1d47d2dccd9c9bd0a85349be5715085f9a2fd1380797ce6c2f53b8b15e073d91384471e05ea792ddf531eaa281900abe1780a7424e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d7599ff96cf44c15bb36cecc22d7752

SHA1
0fd35a750e3477d4bf1f3dd5bc3cccfb76c4b65a

SHA256
81e3b4a442ac16db3f1ae1ab9360e0345cfc8a89605f1b01ca41dbe69bbd07a3

SHA512
691febd5dc72e57d26c06c0d4728c4b4311a5686fa0be3faebbcb68e7a0944bb2484c3f9f8f953565b6377e791a2b2e90b7bd1e21d0d58ec37ef5964b8617643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d93f8d723eb96c506219389554232a50

SHA1
dae864209dc5c26a2585b50e915a29d4b957589d

SHA256
ea55872822bd99e4cfc6cda81f79b2bc1bdf00757efaefbcbcff43089c0adb93

SHA512
8a0ac40a9c8c57f2c18d8aca6b347152f0cf78feaf6225919d3f0f89f6176e56a14af06177e9c460e80a71fb4bda10776488d50678f9049c487118a141cd2f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b214947a4059ba1cce7e29bb78b789c2

SHA1
efe4a11de066659588c36191c595121b06f2e575

SHA256
5afd89c04034a44ccd44fcb342f43c19a0004f47cbae24f2b219673ceeec70bf

SHA512
51582e671ca96c7f9cc9d06828801d183e7b386f526ff271e4d957fdc54b4445d33d02e7b139e5e59d93c98ed7fa9234bee14e2dbf2aa3c55d300b598add681a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a4f81b9-6076-481d-be45-0a415af0f777\58dd475de93a75ce_0

Filesize
2KB

MD5
27d091d20cffebe7e9bd2ac054b7ab79

SHA1
eca90c2800cbfd0ab9254f4b0f627f71d795c5cf

SHA256
8129ee2e0c0bdc71d9a5cd64781bfd015d07652c6c398c76171ef7b9ce21ed20

SHA512
d906fe0d11fba2c1d6a64508260dd84b8a83a56056f0b811679fcf5a88ffa18827af4486522a6ba10b77502db011325dcddb62a673a0fbb155ee144e0be14f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a4f81b9-6076-481d-be45-0a415af0f777\index-dir\the-real-index

Filesize
624B

MD5
36440191d474d1e7e8c3125e5502070a

SHA1
2ed792ef74d2f0cf489e661f89f3f319ec929f98

SHA256
d852bfc16121413180b06a948603dc5d0bef5e5cbd489f11dfa999abdebc449f

SHA512
a2275006770da23db3ee8e0f090128b134c61eb6364defa2bdc2b4427734b7e2f11692fd7488ed083446ca65574649e777e7a8bac496a5344dc5df53b3163066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a4f81b9-6076-481d-be45-0a415af0f777\index-dir\the-real-index~RFe580191.TMP

Filesize
48B

MD5
4dfcbbb105f2a0315f94f6fcf4d296a6

SHA1
f9e8a370c7cd788a2a521034fddcf78c3f74ddc6

SHA256
cb2d32808f1d69d1d77fba1c6406e151b21392ea856fb65ca56c9fe28cd6e596

SHA512
339b66519014e12a8f6599f20f0faf229c393ced9eed17087ed47a36a352e0cbd6ee603818f06b0e0152065e767e5357abf25b7e62695986d16746111888cd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509d6e1d-f65f-463f-a75b-4de48fb12d9c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509d6e1d-f65f-463f-a75b-4de48fb12d9c\index-dir\the-real-index

Filesize
2KB

MD5
319d331e0693ccd5f44c74ed7361214b

SHA1
0b25ca0eb28cbbc981c2437c58d271416b20c9a5

SHA256
7a1ec521b782135aa6e36a971ce4aeb524139e222146e16d556a16c4894f11fb

SHA512
282259d6ed410316d1b53c0dc0d38688991394972de2197f822af6a43f7d5213383b9eee18c0445195e3a9dad4d0ff0a03cc527d42fdc246d0d252630ff183c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509d6e1d-f65f-463f-a75b-4de48fb12d9c\index-dir\the-real-index~RFe58243c.TMP

Filesize
48B

MD5
1b51e0f8305f6d1d616175c60f9a7655

SHA1
646221a7818d99ed1562718869500243c4737355

SHA256
9a1bf553a784bd72eddb654c4b334dff3abec007272552ab7b3e20131ead51ee

SHA512
55ed9242d00e9247c259aa9f938e62671d56fff64523841cf0884af509cb21ae5224d7a75d3a08c576f598741dbd6568c2c685081db020176449dd92851c444f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2a72492-7557-42b3-aff1-1f35efe7a3ac\index-dir\the-real-index

Filesize
2KB

MD5
5ead2a0534482c2d73292d6969b4169b

SHA1
4f0d76754af5c5e60626931105cbaad8ccb8bb7e

SHA256
da0b49840bcb1329f26d47cd7ae577d784d827c6c1c070f6382f331056ca83da

SHA512
cf920987f8218c4411c094c5bafe08c47edf9cd87a59b208277181aff7fa421d3527f03287e30c0af908a90aec6382538bb66dc1c4c6337d9fc04f46fddb5963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2a72492-7557-42b3-aff1-1f35efe7a3ac\index-dir\the-real-index~RFe57a921.TMP

Filesize
48B

MD5
e91c24a6e299a843c44155a60bf0c388

SHA1
64d9ba5e27a83d9e3b0ff46a7d90db5d9bce4fae

SHA256
394121e3855f891d4317bbe154c1e671ac9662b3e090eebce1a121b4e8515a31

SHA512
646db0ba49f34512cf37f9d772244543ecea3e1f98c798d0350b4c63bb4b36708794fb7bf7f9d7933076cf5cd873be00e5c420769d528878da9f47ff6227b779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
0f00470c1e1fe06e25256e1e8090d63b

SHA1
daf1999f0bce145c808c5e0d4dcb1c377737da17

SHA256
b9f7ff0b34af40f4d3a4ef359244947828b8c91d8c7f2ecb1aec3bd94ff929fa

SHA512
685702c9285e30f0ef72648a229b8856d1c468cd53ba41b84cb8464ce80fc6645ab99afe39d5123ff55c8de200b6f5e583c521c468d7ad5fb2d68579a4d7e25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
746625dbbdae98fe5897cd6f879b526f

SHA1
caca46af12a3fe211660fcea6c9cd1469341c47e

SHA256
eb22b3f0ed4737b3bb25065751a6e3bcf8d027e45fd82fb2c5c8d3bb4b6f90a4

SHA512
fe2a9413608ff4628674dc9be6639315151de51ca0efddccbcb6072b7fbc4ae8372cbccc37d8bb4928b70c924204b677c2b841f68a2db38468afe716281f4486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
746bbfdbe3168aa86f4ac61e9d0e5f5a

SHA1
8e53cfe9b868b1c81918bb02c4fddc05c37272dc

SHA256
2e04d51cbaa5345811469830b50e58c9d6bfce294b844adc0d176ff0655155a1

SHA512
d4c5d6711a4235b0b8f5399cd11bfa084bf0eeaf99d5256a9948e6a63bded5a24ccc422f04d4f822d435445e1e93a79d9d9b3fa6c64c2c7e95f9374394c597e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
c9f9549dafd3031640d9b1c363599268

SHA1
7133cf73f0f0a8cfa88ebbe37aab54e0dba596af

SHA256
39b6a3b7907cdb9e7ac2a08f398fa472acddbddbc7f8e874ff20b50c9667860b

SHA512
9fa150cf1a710de510e3417a1da09f7e4e66135d72025269291a17d76ba9c4e405d98ffab8b14f75bd7a665d3bb796fc4a617623dd7e6a768b9811e76b609068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
dd8af1cf184fa18e35fd2cbbbba48def

SHA1
125082a6ce272a65497a88116d5a95436ea69717

SHA256
11f83efc04bc14af2d99f03f38f811f2f7f7c58548e9e24ec7e124062785ff36

SHA512
628b4f5474eede4966198979e1edf06023787fa4570bf795fccbe8df7bfc688e69567279fd6647b14e93264410b71f80664508d3e55251035a7446b4819b9be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
a3b3019030cf5d98a7306fa41bff8f63

SHA1
265ce8d274072e5d65f1c27e2febcb3c84590c14

SHA256
5de9da15a7bc79efdc8308ffc82e217d5716e2e1856cf29f6cffa5b4a9755ec0

SHA512
f8e67827aa32b8090192afc4dc9a67dd31c2d644901cc8b148648001d6406c2d84894ed51bc19739f7fd74793104c17705eeae30f34fbac2315638e0352df961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f5ee2c427406dfbbc5f3a8da0a81718e

SHA1
f6d9cea6c72b9565fe1f8c519856fde41535ad54

SHA256
fedec53214793d00ca08908e284b3b96475d1ec0b11ea8d921fa01ee912cfa04

SHA512
b48505b0a9b212995f66ba7e80a30fc520d8b6b5ee8dee0e933b0e6b8500f977c706308d1b21eb145aef03bc74cb7a34c68bef3ce14cd541c5f02eab29d0e589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2b38965072d269afbfdc3a942ea807b8

SHA1
6455b34da39380768749e616755d84cf6b8ab97d

SHA256
74de9fc4853457704db242213bb147913b496993992a1fa1c96268a56fe1d014

SHA512
2bf4d2338b64b7510af1679d702c343a2089d8cda65470c34e96640304d9b6afd8253249e7885f6ed1d3e0e01126eca7c9885f45d73a72c5b46ca28b8acbcde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dee89fc52400781216d4c553fa9a9fa4

SHA1
6c6d29deda41d007faf0c6ec0c57665012e0aa52

SHA256
e80212813e2636e951f1a014628d14239d9e25c097a1ec48093e5bbc246e1605

SHA512
e5fe52cdf36e96ffaec5c9de9b87764c09f979f97f15de809c8ea5b2fc9b16690dfe20365d8465cc337b82f1fa6f1f759cd27da8ed4ffae7a2a94fc33770b765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fadb.TMP

Filesize
48B

MD5
8289302da821ebb31aa99799bcc7439b

SHA1
2a7b40d9859f997008b4091261e61c8908a76256

SHA256
da8b0b52454bc1221ba9787f3cdd2d3364081828dff3ddfe3fc71fd02c9bbcb2

SHA512
fe33714bf66069a23939f293427a68e09a9496151b7fddcc84129fd518c75144b3880a737b1742d400f1afcdf2b87a05c270687971dd3e3eb9d81cb4b17a1745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8175cd54e72a053007a41286a272c2b2

SHA1
a11a82fa0851ff5a7c45cafe6365285b9c66e98f

SHA256
03c4602dc1a07e34b3ed31a3abfd3788cef3350babb5ff655b5d57a11c9f8d67

SHA512
558e5120f9ee907ee1ebbfac386b9f207d3c4623ef7b684e5565e484661ba4f45000d33a8352ba8051368ce73db4a61505ab0a0af017a1a89449083680a9c1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d428.TMP

Filesize
1KB

MD5
5329cf44164e6bd2f61b3384038ffd5d

SHA1
0bb9c49311ea816a084c3e03301f901e21a9bb50

SHA256
5d9ff130d4224ebbba5d7b05ed709751ad56284525efbe6fbff20eb7564d9f00

SHA512
701a618bcb9cbf5940001c706a9eb20ff9ffd83c96b692fd86a7fc106fcd2b8de65c1c485ef1a0e95f8680ceca871d9537eb817589395df9e69efa601b73f144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30e40746a30994ff784f903b2ba405a4

SHA1
46f0285901252199031da41be6c4641f410929b1

SHA256
ac45a2240c3dfc920585cc2473b425f18c267e135c468b1c32c6384a96a85f77

SHA512
b3fcba7439a420f093757ff08cd1ecb84ab882fff8127b972398962f7a6cf85403bd595abb5b73418c7fec5aef10d9d3c2430b3de02edd96f398a2458096ab42

Download Submit