hxxps://gofile[.]io/d/LOwIP7

Resubmissions

30-10-2024 08:40

241030-kkx47szemq 8

30-10-2024 08:25

241030-ka9p9aykbv 10

30-10-2024 08:22

241030-j9nrdsyjhs 6

30-10-2024 08:19

241030-j7vf6a1kbq 6

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
94	raw.githubusercontent.com
95	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
1124	msedge.exe
1124	msedge.exe
1644	identity_helper.exe
1644	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 2916	1124	msedge.exe	84
PID 1124 wrote to memory of 2916	1124	msedge.exe	84
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2088	1124	msedge.exe	85
PID 1124 wrote to memory of 2892	1124	msedge.exe	86
PID 1124 wrote to memory of 2892	1124	msedge.exe	86
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87
PID 1124 wrote to memory of 3340	1124	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8983846f8,0x7ff898384708,0x7ff898384718
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1192 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1208 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4330523578198434887,16404834976295272067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
136KB

MD5
763117b55dce8087df7c805a34dbaf35

SHA1
6d5efe382833ffb53cbdbdbd8cc95e60c37e5b43

SHA256
2ff806148272fb73c92593da175d21ab25296bb8398159c4e6a6febabd0499b1

SHA512
5627755883ee9ad0390ad221acf1c5d92c04c3bad7ce4ae3cf54e5277653c3334f8c7e99fd4a115d4026231e03506a181d604df6d9c756241391337196bde296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
44a0efdb62c8716a215a27af435fd27a

SHA1
d293b55224f753fe1eb368a8b7599d78709c3b87

SHA256
4e7f7517db2a941ef752966fefc24801b7c8a94d71bb5cc9c64dc8fb697dc0b6

SHA512
c039c14abf279adfe16d0c3621dc27a4713c447a5cced596fd8147bcbe5c5e60c444f30102797628954fb7cdff8de13448c190a95f5dd29713f409e7cea3fac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
27KB

MD5
7153c0e56f2bd0b9d61cbe3c697e3bf1

SHA1
59c1a4ba00584dd66c94113e7d38b8fec194da14

SHA256
ecf4f22780a8de18840ba98100130e64734d0406893841ac7361a3d73903a2ae

SHA512
33a20aa2217b42b59bda70bde70681fb75c0e615c651a799849b71afa276114e77e15087f97b2db231e2dc66cd842f367355fb268f74714de51ff15d2112a37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
2766b860b167839e5722e40659620a47

SHA1
47766dc72bcace431ee8debed7efcf066dcd2b59

SHA256
725a5e52a501bcd107624aafa44a857c00d02286fde07be774afeac2efed68c3

SHA512
a97f77977518ca755e9460cac34e0b5358ba98b3624c53f0e1ef7b947e62a6f3f99caf2852fb3132c822525d88b67b9c1ed778b3e40083d9df36028c85f73ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
37KB

MD5
c130e937317e64edd4335e53b17d55a2

SHA1
51bfff9dee11ab5a8c43198c0d6178799ed9433b

SHA256
46025a134ebdd6c6464ff422818e60938fc41af735f7951f4febe29f57612a49

SHA512
68e5fa69101a7347028ad30d7c004dafabcbd8f8009df90d0471b19a36741075d72da56a2b1693c2067902630584bda5536f0702302db5d69f407424d4a964de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
c67ee59476ed03e32d0aeb3abd3b1d95

SHA1
8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b

SHA256
2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3

SHA512
421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
a65f7f00889531aa44dda3b0bd4f4da2

SHA1
c8be192464c7e60d4d5699f6b3dabf01b3a9d1d3

SHA256
0dcf11ca854f5c350637f7f53cccdaf95492dbbf779b905138e26b1ec1dc91e3

SHA512
6f48f0f7cc1a35a9068c1284579db065e0fd4b2651355d68a8ff5ae9df86090be3f6e5ac4589585166829087c8bd3c37431a7066358eaced0cdb6c5a0d544fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
17KB

MD5
568f867ac41d3e2fb0a39b4e5aa2b335

SHA1
3ce36e229e8642cef02fe9decc84ee23f409b413

SHA256
86a625287dee58fec499322a390a33e33bd65f99bae9479b9c4a1f3279acebd7

SHA512
badb4a434ed850834a7b188703366d68f3fc5683e8f09e7930e1c714059378e1018b596f17e452bf514ed237970d02d6d93d2305990975031e5de568619801c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
58KB

MD5
2389054bc92fc6a9b9d21997feabb1cd

SHA1
d46b4bece5021bbb060dceef4273475b879c75de

SHA256
5c38b4d4f6b902a99e4eb9cd922a2a2a37b549388bb4dda0b756bf6d5887d6da

SHA512
5525a4228fe65d25f0084fcde29dce0b97b80126e36875d226549f379e56ae52c0b2ae12752b188fb9715812d14d740f1ebf35f3ebb5c1b4e3b564836ed30b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
ca73096d241a63e659343bb1175f6c3f

SHA1
0b95ffa70bbc837a9a9fe1ba7f331aedae1e8902

SHA256
a9e19c42f1330c343b458f807cd1490248adb5cd795407f58289a8e6c4f5e66e

SHA512
bf7d5d7d2916b6f10b71acb08fdac75cd659b2115c419eba4d3ce5d8cd056e387cb4917fa83f0f470202a3d21a23ea9ab707f9a388419571b803df79eb7f3d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
38KB

MD5
b376c55a7ba31e51dd8e8255789fe89a

SHA1
439c757d3520f276a8d313f8c337aa90ddbab16b

SHA256
97eab72e32402a938305438fa0682cbaf45b75af692793bd35bf9134782e3bef

SHA512
99b31f6378611df26a3dc827aa24709e0854f2a1595097482530087cc26761db5efd6be323005e49b89563de1169d44d86888c98eed8e9ffe880f516281a9c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
99KB

MD5
2940076ef5b451648e126653123622ea

SHA1
46adb402ebad36dc277bc281d15b4b9643c4cb6e

SHA256
2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664

SHA512
f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
19KB

MD5
9f35ba270e9ea92ab439941460109ef9

SHA1
699dd11d06d2d5925cc91c2df7e4fca4acab56b2

SHA256
344f84869c6a5fea3a0ba409a9716b2d5e83b27bd295603d72bdfd6f8af98f24

SHA512
8660fcca9cf7ca63ccedd93e9606b5362babb0d2b7525248d2530a1656043aaddfbd71d4e21cefbc1669f97efc2e54f6f5e60a2da51084997dcc56f02ef4e750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
eb6247de9526afa0570a6c34afd577c8

SHA1
d474f890424de998ed48f56736b2645424e0d7ee

SHA256
720f062777581175485acdde148678063d198b4dcbcdd49198ae3620179ad5fc

SHA512
175ab0f56353f4b985fa284dc1149852923a503693b81695ce1f071019524d608c5739dcc6dfb0e6f579a4bf21c98cfa6d77b9ae8e4f9e8fea2dd1d911040700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
13d8a5f1eb9147515ceffcd1a2bde098

SHA1
bd79466f2091b4cff57f6b7e5d62d51231016e3d

SHA256
50de9cdf4e9c437f061aed005544ca424b87b23aea9c817f456bd7ea2e88a6c8

SHA512
49c18a7d9c68396b5152b2472b242ae6c5be53c4a559c5a5676d7bedbc508827734a60c64bc70ce108ffd8d09eea004b8048990a1872c33792099c8a2d8a2b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
64bdd7fd182a5466246e87b494a8981c

SHA1
b4bef0e1b4b98e5a916c3aad4d168e6d73e2e3af

SHA256
26b538dc90b7b19d686403fdcdb798784413ab0b8d91875fa1a71021ff1acd43

SHA512
189776ac19a7fa7da2e5d55b92db15508936d9fadf3a761d27a26e61dbaa8b025405a9f0b8acefe9cb0037237d66f5f32ec1ef613543cc6729b3a9309dd1ad6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7af6d0fb0fd77bfe00b58dfbf8a37585

SHA1
1234e7584260baf223d6372c1dabb1077cf18c50

SHA256
54f8cc6cb73a5235229925cf7cd80fbd2a3d1eb20f43349b401914cda9537b3c

SHA512
fd58e50c43afbf93d86bdcbf53e0802fda439b110361153833088fb06d649aa1e1e89733ecd93db5ad7cc0c3394868587c4f65e5795b68d8faaf67ee9ff7c4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9427969ea810bc067f66359de7dc510

SHA1
aa6aa259d4fbaab304d32308ea446428fddf702a

SHA256
0fac0697ae93bfbc88a021d6d45f910bb81a1a76f235f9ddd6f0dcb6f921dcc8

SHA512
e199e8bc748a181392011ec3d91eed4c245d18b71e9d97ad1402e65e60f2f0a9881b6e48d10e7490010bbeeffb5dd1df0ed22262054b8e6ce4c39a866e1d083b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef366c2df78fa42d7dfd1a961147c283

SHA1
369fcae8176bb9deb86e22752a1201908c55ed57

SHA256
c7c429c2e3615a8f5662ab035bbbc3988784d029069bb114682b7a6b77bac262

SHA512
4559fd5d2b9188fccbc2727bfcba69a47d45def91a93b516a4c77f6c7f67473abdd4e917034490e49a75e2d17b5cf7008ff82a7c13c24f07cd6e7bf79e1bb874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ad1ef28239a9c1e668bdd90bf31213b

SHA1
d159458acc8973bc0ae5a671ab4f1f2f314bd5cc

SHA256
fb42a1db137d3ffccccc60099c17fb03d9c55f0c604c7ba09a45e14203242525

SHA512
136912878ca47d966e418f388dfde650ffb1e53c95e2b53d424eac36d91d376d30ae804107422fc77ba3a57e544e69a7be8e1ae35f9cf81fb1c9cf313ca223d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5eeb6a613cdd90831855194050603f7

SHA1
53281f2df3e97ffbc91ab87cdffb67371e89ca05

SHA256
662d086191f577801c5f734159d066e68c7bd73a2a18f42149c58e7a8ec63393

SHA512
383bcbc5fe8e77372f72d0f29bf99fbbdbce6cc8fcfbd557fc9f3a364d2b4251d7055f3967e44785d3dd2e21e5df09734ca6ed75d65e87dcf6f989d0c48d382f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65326a231ddf76fc5b77ba80d8c40b32

SHA1
affdca87eaa7c31d25d0d8e3640257b177e0c6a6

SHA256
a81bb3323e4318ae71b34ac9aac2996aabe65c80c0d417c91230ea7f62d92e4b

SHA512
2cc9a6adfbeb72e2b8b9033808a4c9683033931ebe3cb3c22ab2289ff8999e4e8bdc89f372a518c4f15e1d9e5b7af5011089cd3763f0a6a741c790502c984928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9505d9304fa420f717dc87f2acdb1517

SHA1
cf0d60986821608d15f7be28ce44798eae761139

SHA256
30dace55c00b59a4a50e50b919ba3ace6ad63702ca6869d332f3194d4b68a78d

SHA512
ef29c4d38744f85714658be45fa111904c0701cfb04d348e27609fd3c48be5bc296bea079e850dd6c84e0733e9d57240143c030939c674bcbd27669ca69c5f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d426d1188cc931c35098951de95e3f6

SHA1
a99b7a10f6d33a79feb6ed4b40bdbffa31fbde2e

SHA256
c71b88bf09ab065f1772b9a4d202b1473d5b6875173911f1f2a3f55eee24eab3

SHA512
403ae34c7902ee899708ea05e4011f023545fec73d24d805ae12715be8bac257a825cee562c97315fc5a2806516f0fcc1b71d930490913533b8be5343733a50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75af44836ecdb83e7207591819cd1f4a

SHA1
ef1fc40b9f62295a30a3f7d6dc19bd43d21b2890

SHA256
c058a7a357cb1f2fb403256649e81b0ba2320b1c46a113663853c9e822743a91

SHA512
f966e12fdb673feecbb21eb0bdb773b3b246352cc8534367542b51b1387ccae30c759212673fb5f1785733d13c23a548b317d02ddad819aab612a8300e01b506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0aaa3b6ef646db8f54c14e795400271c

SHA1
a8940a61caaf39128e4ff5efc74efd2e23cbe375

SHA256
304273d595637fc606356fe28f0cb2c5945384e4a0bfd4c56f6c77089609bb88

SHA512
b4f2533ecbccf4672120fbcb34c8d2bcb7af830baff23008ede98c6f0b6ec193ceb20bfb668ddf5d23ce706fc573633b43efae2e3fbb05d8b9dee2fdbcaaf060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ad414b73f2458934bcb2f85db4248699

SHA1
a879c4d0cc7aa11dcc9b791916f3676091562784

SHA256
2708683c08284357c2f235d218c43aed92a2b52fb91898e10a46ad85215e2052

SHA512
415047f38d4043c1cca8eb41f3e8f57c0037c5f8c8189457a3d798b14c122a135e1e9c6a30ff5df09501f85ffb70cdd146be45e720337b86ca82e53bb23fbba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f4d6601f83337bcb5987c475a40324a

SHA1
be52ceb2c0e59ee3d43eb9e1596f457297fc61e5

SHA256
f28f2972f3a3482ebb8d31bb395b136647a6c0bad43eb5f844e8d377767f1657

SHA512
ebd3930eec5d446b951885c4c1d1c47d8bdaa94b5a38d1c2c03c50ccc89e5a07b08b45587cd3e73f26bc474959356c6dfeab80ebcb2980a92cfa7913dbe507c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ff55ac53e45a6099df704d8eec32433

SHA1
ba8c3103c61bf507190815d4f7bd448fe5613be0

SHA256
c97f099b6ab2645a6be0e16e86376b636610bdea2930cec6d3d8730f5a830036

SHA512
5065126f2a8c3bba06c65b25d016a0330c5541b72e928380d67355065daf0398336d2df93abb788ec4afc063ef99abe74c2025b9578d0d26f4fcc8356e668dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
caef0499b172d41f1843604b7ace2c92

SHA1
be16e07f69a0b8325f5a5c62916e7f9895924d6d

SHA256
6b514591c81c0f3f6e9dd37647f784d7024543881f3168c81289cf2bf95994ac

SHA512
caf2e093ff4db562690efb43a7775310133085d8820e3098cd083df94f7778c775da0e137d2b2cf59e5eb5ef5dc7d693cda7d2be80ddb5a8266f27e06e7ba0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58241d.TMP

Filesize
532B

MD5
c19388b88b0428633e2c6db376a23bcd

SHA1
8d088d5446503d7db4d7ea142d19be58fc894f24

SHA256
12374ff2f9545684ebdd349d56e7c6985ce9e0555ffd2541f55f50dff18d762b

SHA512
c74ecc12cd6e21900f299380fa1a50ac8303d9168750146046162a44efd00c815d32552e90861afd1eeb0aa0ef0f5c38b5da848c019c21c7ee875806f07068d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
330ce60666025f7f40e01c375fae0bc8

SHA1
b0b65af674c6718abc33e6205d3e54d1971cf133

SHA256
00dcddcba5e8c62d45ac73ca2d6e1d5bcd76710dc546055c68a9568853615c96

SHA512
e97a7e204d168c90ffb0ba04207e865dc3ade8e1dea8e69624a849011f4bba90a7809e69a973150ce7918c15ed5a5f8bc4e0379d780d16259168893b7c72a48c

Download Submit