c559736718c795144c935123d1aed1a588e99c1883a1460811a976121368cd19

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_7269b0574acf9493deb0e4adf3adbc58.html
Size

245KB
MD5

7269b0574acf9493deb0e4adf3adbc58
SHA1

1f3074294aa3befc070741ad65845521aa406b92
SHA256

c559736718c795144c935123d1aed1a588e99c1883a1460811a976121368cd19
SHA512

ed00e52948fb23e118f7b778909be341e788137e7e45f22aa1177ffa0958ea1995e48428ff356ff7ddfa2cb62a042ba0305feb12e5987d51377160f47eab15fe
SSDEEP

3072:Nnw5lKseu3Shod8hz3uTH93eEpmmwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY3:NnwPKsU3O31pOSTF

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
45	sites.google.com
47	sites.google.com
44	sites.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Filtering Rules	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2128669237\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Part-ZH	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Part-DE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2128669237\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2128669237\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\adblock_snippet.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Filtering Rules-AA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Part-IT	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-de-1901.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{580EDCA0-22B7-4EEC-9CD6-A83C5D0372D4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 3144	4324	msedge.exe	84
PID 4324 wrote to memory of 3144	4324	msedge.exe	84
PID 4324 wrote to memory of 1768	4324	msedge.exe	85
PID 4324 wrote to memory of 1768	4324	msedge.exe	85
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 3708	4324	msedge.exe	86
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87
PID 4324 wrote to memory of 2736	4324	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7269b0574acf9493deb0e4adf3adbc58.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ff8ed71f208,0x7ff8ed71f214,0x7ff8ed71f220
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2540,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5180,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5168,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5136,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=2120,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5444,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6620,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7540,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7896,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6788,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=8012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4288,i,14543566258142449202,10362813386892831364,262144 --variations-seed-version --mojo-platform-channel-handle=8180 /prefetch:8
  2⤵
  PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4324_1428363079\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2016822471\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2128669237\manifest.fingerprint

Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4324_2128669237\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
24dad8f64db7693fff2f6c42ca147fbb

SHA1
54ff0171b9f0dbb4e41e3b7949ac71517a851f71

SHA256
ed97813836f26ce2515acd0e15c891d16fb3e60fcf0b30d9a0eec0d74ccce0c3

SHA512
6f650ab12b66ac08b36eab2447e74e6c00d4c98f5c3e47bd44420e25f0192d1f3fbbd6eb6ed7bf474458387978dba834688dad7207da1e38ce447a90801d4513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
87aea7205db29753e4ecf5ff00327fb1

SHA1
4ba74502d655d3ab9d02c62afa06a69b04b80b00

SHA256
445a01d1a02d1ebd193bae4fc734397cf052e0700cfdcbbca187b7d44626c7bd

SHA512
b2fdc0cf6cd596cdd9e1dcc58141cb3f8fd8f1fa35920166de553cd0ddd6cf98eafe38f3c14cf9464b7b30c3bdd2b535c11dbb0e9229a558700e4f486c8bce16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5869e0.TMP

Filesize
3KB

MD5
4f50e2f71b366eafe1b511c858bc890a

SHA1
146429daca4aece0e697fd8ad42ae1717ef41ec4

SHA256
611fbd36600601158c3e2e4969e1f62f510b1530fd53b073ad9bf1bcaf6bc8bd

SHA512
2e571c149103df71445ebb9c8fc901b6d20ab87482e59d079ecdeeeb7edf0569459349d654638736ae96b9fc6bea36681c9635f4c4adf80999c2b609925223f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
af3f8751e5259a9589335bbc4690f76c

SHA1
c98a1b6c23d11810da3f9a6f6fb2aca1600aaa17

SHA256
ebf8d4015befe5deff21f206108fa7a87281f1795f0673b952a5059509a7f611

SHA512
c790483d44b3e9987c2bcf2d6f28194e5e3b75d463a648a2bbed808a0ad25fbea452ea57b4f6156eff809790c002832136d9fe9c99bf8da7a9e7589e771c0d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
29cb1cbd79233facf3abfed099f8017f

SHA1
e9f2ba6bc3b6ef7383090fe73e6cb5c4fb5c6d56

SHA256
9af0639cd0a3af06611ff6b55b3ea10a4202f44c7a9d2ee917302d6c859c94d0

SHA512
4530470e4ffafaf1aa2575b4b67e8ae21cc50aa2f3f0b85fc5ae107deebcf06453333fc313e6d6611f9454afbb83c0a51ba01a17610e9aefa1c5d030acb06fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
60beca0211e9a2c2375a60a7401499a1

SHA1
4c21eb1bcf51ae89c76be1a710d10f01cecdc830

SHA256
a000a35dd900811634586642fa82df1da13ce76e4ba181b109d177619fb9c6d7

SHA512
236fe4370028ecf856048afb1e20c188046906823e73fcc85ac72884c34b5fb7b686c13fdff65e24e250525b1be6e2b6444229d5e4af1eed22a660b00c49ae26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
68e373b12d75bcac00509d5ee2270c24

SHA1
3d8f0e65f4c27e532b5c01c2121962b8a2e79c89

SHA256
926e8f12441e80b756980f747664efb59059664f3287a990a9ea231c55c7d42e

SHA512
fdd2aa5011d0b14547271ec2ef98f779ed4f987d3dd82ceb32ab7beb564b93b77c0e235579771b84cebcc3c8c561caf877e4856a44ece10b603f3253de1c2def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
19b2e6d66e86429d6bdc6669c37212d1

SHA1
f63341ef0eb4f24cee9af0403d47d2a2dee8e8a7

SHA256
a173748ea1448ce524e6279439b04e1d69a046fb676c22fb710fbe2d497e2f5d

SHA512
e471192bbb72a16145aa3beed5ebca2fbca3bd41a5c924867d4b3d1573f8f0ad62c741b7106aefdb16c68ff8cefc6473fa2448addf7cf0627485cc05b1a634e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
4be3b3bc9520e6b6aa19762bd99df1ba

SHA1
cb1ff3440be4979704b7994cdd7494c4e2cb111d

SHA256
9dcd4fa0d934b4ce2f1c488f2bd47f52c0dbaa5bde32be1f60bbffd70874ba07

SHA512
03964ff92421c9e3b039be594149bb29482c86885bb83133bbcea99a54e7688f3727d1961f50538c54750d470642bcbe6e8bbc36df22b96665286d45e4b93830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
9f48ce38a10646a74f443dbf39f783d3

SHA1
6a3c44880c0c11fd894c4b576ebc8b31be395fcf

SHA256
a9e046d4eb3d4d23041c81082d08e8d118d742a251cf661905bbf7dc0227e617

SHA512
02d32fa2eadf9271b2663863e5fc332a77d0d9764afdffd43ecb8c93b8ba419bb01d4f8bb6defd48f4931195ca5be739ba57a21e9f789b903415ed703d931734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
1dde43c0feb4cc0c757e6d75587c068e

SHA1
4c86cac72967cbccfe3027058eda44726db7c18a

SHA256
dc4677e7979f5d2514641d1c87057a9adc4bede8b8d3df87d126d26b30eb3a17

SHA512
5b4ccc72490e704db4b3244ce3b3773873fc6ffbc01f52b6678e3d1e0c5adce5c7fe6e3e30512258009e83716077bec9882a5b065ec9b945c17735450ecbca93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
05e859f1a531a25f907ea2404124e025

SHA1
5a6e92f6478f9e099a4849be3e245b26e1d0b2f0

SHA256
7bf851f4479d9d74fcfec22de7dc32d72026cf7b3634f810c1fbf6ca682d5eaf

SHA512
f889432148a606e1b17627c30979d6c5c89f32a68da6d79a32c06d1e4c110e65d516b47911e677d48c3ebafb960691ab46bd382ce12e652a800e393579ba8414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
b31d992df24f656a7659db084cd16833

SHA1
2000d2894a545c143fba3a6786c6193ef459f4ff

SHA256
3567e547ad38a0712b0c5a552cc031e7c1da4bb4231230766edc8703913cd911

SHA512
32f8db10143536b734d8a4ce459fe203d7442f88418988596cb3f5da2e2382fa766e87c8ae136326951f72969d807d08bad0d5fdcb4aec11dbbdfc7f1726501a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
7feb735a628b33289830ad4f4840a341

SHA1
9ed95cb8b575b184ed7c6f433fb3f41631e08fc8

SHA256
d198d07507b057197a015942992522cbf4e27e7b656dadc4eda06228a418f9f5

SHA512
d21517f7100a236d52f33d9601e0972f35633095faa113380f47663967ff85f2ea4bd73796e174028793fff26100427eccdaffb6c877c4236f75bd16f5f1c29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d2fc904b2ac9f557fed6c55858b4d49a

SHA1
31771fd32e181e4dcacf7a7377035bb7c6ac958f

SHA256
d83c03a1de3b1f7741967130f9e309fdec746138b3e5c9cc60af38df7f910887

SHA512
9d7416751583e613d8715091cfffa3f9e8245e7913b0e4dda0a74160d54d497807929fd9eba85a1f5994ca9b9a144e5384529414c1b5cedec73f1804ca5172af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a094e705690bfde048f3837f0ff5f9dc

SHA1
9c37c612eaa1492e23e4631e3d9b382a5526646e

SHA256
78bda865c4c44c993f8f68ead89494712262f449a76e02389a3b2d1a264381a5

SHA512
29b5f9bb8c39056d0fc398340827826a9ef090265e36fb753e2bc66ecb045e270edb9491eb4758c1b6fcda53efe805317525ef14304c008d80a4f1d6231f5ea8

Download Submit