hxxps://rekonise[.]com/tsb-gojo-moveset-sil21

Analysis

max time kernel
598s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rekonise.com/tsb-gojo-moveset-sil21

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
189	raw.githubusercontent.com
190	raw.githubusercontent.com
191	raw.githubusercontent.com
192	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.lua\ = "lua_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.lua	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\lua_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2044	msedge.exe
2044	msedge.exe
996	identity_helper.exe
996	identity_helper.exe
5992	msedge.exe
5992	msedge.exe
3164	msedge.exe
3164	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5144	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SetWindowsHookEx 52 IoCs

pid	Process
2764	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe
5144	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4564	2044	msedge.exe	82
PID 2044 wrote to memory of 4564	2044	msedge.exe	82
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 1680	2044	msedge.exe	83
PID 2044 wrote to memory of 2000	2044	msedge.exe	84
PID 2044 wrote to memory of 2000	2044	msedge.exe	84
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85
PID 2044 wrote to memory of 2456	2044	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rekonise.com/tsb-gojo-moveset-sil21
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd6546f8,0x7ffcdd654708,0x7ffcdd654718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12942976924635563555,3911526752984729217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5144
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1725724019929-Gojo (1).lua
  2⤵
  PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c4ba2bfc2f2707ff221ce94cd92d6aee

SHA1
6e6a954f8ff652d51ff1c2bb6806c51aab7c79ce

SHA256
a102b33ad1190bd9460f9751e7edec38ec31b86ad9d23f39c3501b4b58cfcdef

SHA512
5c3fb1dbb0b70695a2f25b1f785126aa11d9b1824fce84b3eb31bc5790ac235ec3482777741bd5fe23e0491aacc4b04ae01c3f41b0b78c1ad2b159676a10ab64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b0897cc6fe3811338dc9e7d1e0848c37

SHA1
32545aa941bfcedad57e206a5a6cbaae104d81b6

SHA256
f62b8f9bfdaab2f770bbc806af96d43361da64117e62aa302efa929b48434aab

SHA512
dceeb2d309596fd6aea06f39e9413d4c571eef217c3c5aa7e5c2750074552677b3f9502f78ef8804acd1e89340df199617d08da2cb263c50e20a2883a9aa8251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d37ce9de19aadcf6db04f212fc9a9521

SHA1
902a7b97cb36ef8ee3d480136fcf79f74ae0017c

SHA256
492a39f11f20cd3401f4fceae8651008e12b948b241190507836933834e68516

SHA512
64f853456c927ded8a43f980add1120fc8ad27e54da10446b6d45586b5bd5f39e10e2d26461eb5b568e52f51ed0afd2fabaf0b6285468da9fd09b0261266a30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2085c6455b65fc79d6894bc9a195fc7e

SHA1
21579333bd9847865657545b0fd71ee5b44898e1

SHA256
98ac0a5ad3518ba595d63fb0846821d9d569334596605eee51a28adc02bfc744

SHA512
dbc762b3f7812b2cc5e4dd71e8b0badc2d5d2b55c2a1bf1cc7b08b7ff810ffa0abdcf8b25e8b44b519faa63672e1b29c2e7d29db9936bfb17a8ee850ca0a4d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d713947f08b291f430d78b8b1b5e0539

SHA1
b36fa6c95e5ef2e2110ea7b2dcbaecf2f580d422

SHA256
14a318ff8d2cb28f61637976ae1f912bd96e00360245bba6e0c33964f24ad143

SHA512
05ca2856059bad542cf8240480c0d03adcca1d2a271ecb3496ec0253dce478b7141bee4d61bdf066b7a18d6a1b17b38c41a936a1958af026324e7dd26346cf89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b6e16f652d7e3f9177cc74736885b7d

SHA1
0405d7332f783a51983f04b79f900c04a6e0319f

SHA256
e8771f137a0982a971eb3be5fb7f99e4e22d91fa809ca2e6394aebd80dd2f3ef

SHA512
e10f9426623cb9b0eb690745d739a7479ebfaefc53e5cd9ddfcdeda4693e40c11511c861988f983d2163d1ce04735e03205ffc972df99b0dbefab2ba2d25dc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
11cd9c3b5bfd3eafdf7f367a4b25a464

SHA1
6d00a8ac5a199df6594a0e8d5ebe76c48f08cdf4

SHA256
be53781712f8109ba88f45b172ef6aed6d2b7c9454f0fd0fe32612ecee789f20

SHA512
9f7594add568550088f3ce8057d61ab1277bd4ad1bf6b13e5e8ebbc473d3e03fd5c468b79c9ff609750f4e8eebe47cbef50df495cdd5c1d79f0cbb4207e15dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18bd44a22526ae676421965905f1ab72

SHA1
6197739b9eb0971b9197a5f64b2db0981e4f4a9a

SHA256
d31ed8c8b1be7c438f2352a79608beb789ce13f2a9cd7d44e0ba2152bb085c32

SHA512
6c40fa91cda582abc46425dfad9a219529f2ced2a90772e2825e7769c3932fb26fe1a481950a950d9c98a532ca2cfeab206a44fef9ef03182597150076124230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8dfab05b-e52d-4e40-8f07-697b7ae1791a\index-dir\the-real-index

Filesize
2KB

MD5
be4080e89f6ee520fee47ee60db030c9

SHA1
b8250b2af59e0cc278192e5ec941e48c01821e69

SHA256
8957afe57a7c96e0f81ed73df4dd2c3e0e49018ecf31e15b5893d014a60f75a0

SHA512
cf3fda1ed89e43388daa43d3f9365d9995d2b9345646b7a2cb247fecf7dcd083554e076a07e5acd89c4496e852695603683ac7339f7fed5dcda8956f6e0f1826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8dfab05b-e52d-4e40-8f07-697b7ae1791a\index-dir\the-real-index~RFe57eee4.TMP

Filesize
48B

MD5
84cbf57ceaa3518c65d692a5fe7c834b

SHA1
d474c08a64b8726dd3787ac42d058de338df7c60

SHA256
ade7456f98ede287248dfffd3e99081ba41069f0355bebd2c693621e88293041

SHA512
728bbdce8c6227fc75f1357d5aab95dd8976a7d7f18a5e872c03afd721adca97cc850da0814c4c276f7fefe82b7b93bda60a8cf45e8476af72b43c06fe870ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
34f85fd785748723a1910de11d2a6629

SHA1
6edb63073483f5630ecc427934083685ca5a3b01

SHA256
793e1de3c25432a96ae0e8e986433f909dcd5851d27480ce163a20b9e1d0b8db

SHA512
bc2840668b20b59ced96853e638231cbf7214cff65afbbe0851f70de59d8d5f4cb6942235b5702d471bb1b3ad327879ccdbce40c11149a56b784e8d41cfdafaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e0e1a6aa98e52bcd6ac5ea86e5e268fd

SHA1
a8bb20922010b263e6f17ad67d1ab177d8073847

SHA256
203436b962b1731cece0072047c9259eccaffad3a946026045502d489c105963

SHA512
f7f06dbcedeea6e6e833d7c464205a7b8440b2612a99d50da34ca2a95998b8eb8ef04a58bb9cc1138ae940e4043040d3b4413f04944f3869a38c77f5d350bbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f2188d770fd2584e7d5fd054b2e599db

SHA1
9624a8edea5292273d891eb6b4a85cb51bf63396

SHA256
7ae00ec275c24e53aa1e6f0f02264cb72d9b5ca608f8862d3efb49e0618b4035

SHA512
a20db38f0e76964e1412b4773552878ff007c34ab2155e3431955ee822a17f52f15ecb800d43dfc69329aee487e344ad1b2309783f368c8719e72c3c57c4cca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c8af.TMP

Filesize
89B

MD5
5bf06208fb3cc01b31e70e40551640ad

SHA1
a457da775abac0cb589da4388f5bbd1d54c93a4b

SHA256
7288917b0b44b3716070844378c3078044f713da9a46889da7788135b3f94e8a

SHA512
144ade90fb14fb9a9cdb74ef42cf6187a068b4c624a25d3fea2311e635c202f696e4160f6a346378b4dca48317d7d143358eba77ad2d2c7b818591ab3927c528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
9c584e4d779f534daa1918664b96d149

SHA1
647ace1a50ef6c81f4e923e5ef2a802abd4d7e60

SHA256
2054bf04729562648844b8a267e32102be44dfb57e065d8f48578251fb2f606b

SHA512
a7877da666c7123c914eb10317e4bf8701a7978d709801233cb1633031b70cb563ef0b1b05738d67865832620b1f2be3e727bc364197cd086ae87bf09c2c3b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583ca6.TMP

Filesize
48B

MD5
226d2ff34b9e6ca530dc719380cbfa31

SHA1
3cada53e43ba47cd0acfbad82d6f3e0b80831f52

SHA256
5b4fae8c205a9488904c9c761c01c139c72c8c3d8b6157824df01286284e4c4d

SHA512
ca3c54234beaa81dfb6f25c5a6e5e869463365f289d7b376e1e6b586f8a13eac70b5bcfdbb99344c7076908e829c21b00593539a680cbd32c6cc8abb2706f67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c58e9bd147e7b163c5015f5d72e1003a

SHA1
2d8e6fb80aa927a27209936d076ae3abd5d29788

SHA256
bddb5d51d633777aeb0e7efa8ed1a93a1b3ba8c64ac6e9355746f2ea467a6688

SHA512
da6937deaf16a524536a7d82016bbd2b6bb8b699c7eb2082d0107f6adcde27b92023d8c21843fb1efa4cce6c4f09b52f8a4b59ddb0e6b0c8dac677352fb6a663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0c0a286f706921f46af36d3bd54d37c

SHA1
4ae776ae64710831f5a2dfff4fe5fd07c21a8974

SHA256
bf18a4da1e9c4a13a4ac33db5f5f0fd8e23eeeca9884d90e2d69f21ac319ce33

SHA512
f56b102cc0a2e6b85faff24d82eb2e5d5928910289a584fd2a98e469fe922247a0bdb5134ff3ab83e77e93c139c5bcf8e64fa18ccc573739d5a4b14984244122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c8778dda085559e2bdc7524f3f82beb

SHA1
8fbf10552705f0374e3dcadcceba38e9538f4e29

SHA256
dc78d7c8da3209228027388bd548f351d8a2ee6b4abbb90be10916210e668894

SHA512
9022d454003660f6b6556b93c0e5d12de9167df87a351b85fbc0eb36feefc0cd633c7a1bad73f91e230f60436be6fa55ae733ec75bb090dad7b70a3c024f6592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d93a245a638249f10c78a88f9cd488f1

SHA1
09055640ad156a2e9222f816b52ddd5f4d51f794

SHA256
863730fbf3c921ddf56f9c28f6cd9214bb40dbc1e7682e2920374eb390b0ba04

SHA512
378ba11d90b62f91028bf07a93783da5731b1440c49b3cc363e27963a693925c18d822de5514eec78c049746d70cfc013843af9dffb6a0d7061f1aae597762b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd2045df745f31c4042981394a957530

SHA1
d04833ed8407ec7388244bc31f7e726eeb442139

SHA256
a9c31c836a26c332735f4b7c47a5da778ba23b6fa409a9e96a933d4fb0486e1b

SHA512
76f2eab49df902fba8f6d4935880e9fdd969844c039d32ec0b0cd70f0001fe4f210d7509f679fc7e5fdf7c40ab504e3200d39d9cf02d1643fe7387364da99c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580431.TMP

Filesize
874B

MD5
92f103662b2c48ebdba4e456503e410c

SHA1
8283896f8598ae6117120ebe909b48de00e020ed

SHA256
d87e15e7af0a57df7f2a6a01e3e29958a620329721926ee2dda454cb1c6e64a7

SHA512
bb8aa936c50169e99bc45a8e4d3871780c00f9ccac823a6c1842ccca271747b2c4dc6b7b2934fda7d32f13295f25f8b17cf461a0c887de3595cabaa1edcfd701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d18a39d5-7c69-40a5-b77b-e90b2c066e18.tmp

Filesize
8KB

MD5
b2ab95b847398f834bd7af740e9f1827

SHA1
22f6e764d25cab6359d5fe22503a4a8696e0b80c

SHA256
266d15d8e7c990077daa98b6eb2239b70be27c907ce29fd0ec40a71dc9d0aaf9

SHA512
9487a3c9d7488ba8e019c55d8c0755d9af0b8c72fff99ad40da673db0490a75d91f684cfc5269ee0c5388dba757b655c2403ddfcb65200153db960bffaf06fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d6333bde66768c7f29096d0cf079016e

SHA1
7ed7d6c7c3a63f80edb6c0ebbda8d0e1aa1cb745

SHA256
edb0c979269772aa28c300456c5345d77035582093b19211fd56fce0c53b31a3

SHA512
5a6dabe40a1f93a0482d1f06a6e6a1825f4ba6126c0b4ce8fae6e5cd234d3bb8293fbe6f28a8e5c6980f3d6bf1ded3f722a73f4c48523d7ec2869274414badee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fc406d67c4a4a3a6aaa69cbc38f5a58

SHA1
22f0e4e5b9e0605690b859e83d2a004a08323f1a

SHA256
1df201cfb1003cc743efc4d872660aee241942a40992a0b9792d0312a9a78798

SHA512
987778d1ab954f8c6bf91324c16a790639b3fcce8389e5978756ee7d47b59d9eb56096b0d15999e19d9f7cbb1e07d2259238a6ffb107ef8a5f65eb9cf67ced41

Download Submit
C:\Users\Admin\Downloads\1725724019929-Gojo.lua

Filesize
397KB

MD5
442bd5f1e84d58036fe954bae8306bc3

SHA1
1ccbe41a64f45b8833fb832fd9dd516b14521676

SHA256
8b0ea6584ec3e4dd2d7c57293c7c01fad54647803a80fb1129f1fdc5c3e124dd

SHA512
7bfc4dc683d54103273a87579707e26fcea07d306a9d395f35cd66fa91909386d573dd54696a64298abf8a94a04aa3cd84fe434e71b9798772e1c3550cec941a

Download Submit