6ab157f8e87b91bfc479878eec2a4fc345f6c9c5ada4b5711c2f96289dc14b8f

Analysis

max time kernel
149s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2025, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
73	discord.com
74	discord.com

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1143368194\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_600352851\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1362211694\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_600352851\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_600352851\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_600352851\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_499190779\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_499190779\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1362211694\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1362211694\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1143368194\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1143368194\nav_config.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{AC0ED0EE-065E-4D8C-8CA3-5137450A3E1B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 388	2852	rundll32.exe	84
PID 2852 wrote to memory of 388	2852	rundll32.exe	84
PID 388 wrote to memory of 1184	388	msedge.exe	86
PID 388 wrote to memory of 1184	388	msedge.exe	86
PID 1184 wrote to memory of 3760	1184	msedge.exe	87
PID 1184 wrote to memory of 3760	1184	msedge.exe	87
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 1964	1184	msedge.exe	89
PID 1184 wrote to memory of 1964	1184	msedge.exe	89
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 748	1184	msedge.exe	88
PID 1184 wrote to memory of 1620	1184	msedge.exe	90
PID 1184 wrote to memory of 1620	1184	msedge.exe	90
PID 1184 wrote to memory of 1620	1184	msedge.exe	90
PID 1184 wrote to memory of 1620	1184	msedge.exe	90
PID 1184 wrote to memory of 1620	1184	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7fff44abf208,0x7fff44abf214,0x7fff44abf220
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2360,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1660,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3
      4⤵
      PID:1964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:1620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
      4⤵
      PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:1
      4⤵
      PID:936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4268,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:2
      4⤵
      PID:920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3568,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=3696 /prefetch:8
      4⤵
      PID:1248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
      4⤵
      PID:4420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5108,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:1
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6004,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1
      4⤵
      PID:2376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
      4⤵
      PID:912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
      4⤵
      PID:2184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:8
      4⤵
      PID:2340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5692,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:1
      4⤵
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6912,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
      4⤵
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7112,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
      4⤵
      PID:1152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7112,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
      4⤵
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
      4⤵
      PID:1908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
      4⤵
      PID:1176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
      4⤵
      PID:2204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7384,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
      4⤵
      PID:1672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7348,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7828,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
      4⤵
      PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7832,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7380 /prefetch:8
      4⤵
      PID:5416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5524,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:5488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=560,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
      4⤵
      PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4560,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
      4⤵
      PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4572,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7668 /prefetch:8
      4⤵
      PID:5628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6612,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:1
      4⤵
      PID:2852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6676,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
      4⤵
      PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7084,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:8
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7200,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
      4⤵
      PID:5944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4516,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:8
      4⤵
      PID:3956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3668,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6732,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:1
      4⤵
      PID:4916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3320,i,9239620106788381717,2368743336300127482,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:8
      4⤵
      PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x4fc
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1143368194\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1184_1362211694\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1184_499190779\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1184_600352851\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ed

Filesize
255KB

MD5
e80cdded42978faae0ba033638a524ef

SHA1
4bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1

SHA256
f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb

SHA512
b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a71078ab36b55c1a1e11ed07c4bce98e

SHA1
41c6e4349cd190a87a6f6513c8a5310ea47f8f11

SHA256
3d7b175f2d8d547955471903f0772726186d32dad586183222abcbbedb395944

SHA512
aa53f6fdb03786a8fbd0221242f64df7691dc0151348d1b36a65c8e0cb673d16e6dd4cb0b1c2fd3032314aa71ac3a47e1bcd253d6c9945db618e9308d34fe93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
205e51b5519b796e2c914f6073865123

SHA1
31187b68111c8f73df7e064c0dcbc7425808a37a

SHA256
da1df832a8d75346cd1a2b54df1898570feffec86a3f6de68078b742ea3a0d45

SHA512
a9e6c76d0c41dc53b59da8a8d2703e2b63bfc7ad8697f92486bdf4167e61a6b7720c8387dfe94c9fc18aa9fffaa9da8dfc044e71a9393233863e7e0afabcb6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
ab807c42f64f6e9439ad4aa94212ddd3

SHA1
337ad63e9eb536f5040e8ac3bde4d26895c9f0eb

SHA256
60ac23ed90fcfb42b49d8958360f2401053885f0190e51ff4c547a2e34133407

SHA512
151f7eb95509be20ef9a6bfb13b8171a3a43ea23bcc3aa4ea0b319be2799e001b608b8d813304d57ccb80b53264890dc0662c16bb22003bb9092ad86df6824b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
5ea2904de44bc69c744bbe6080b0be9e

SHA1
72630917c5504090c8173825f319ff3a2d9aee5d

SHA256
a217ec732248d2aa4b9fc5005e0b8ed8ff9147169f1acb7148299aa657e0306d

SHA512
e48992228f2874e378f53f9e84648e9244edc17da56f67833a1c12dfc1faf0de476d33c2b61621d5be0389550f7f7011f8b14d7368b1c798b2f7a43c61a63b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
03f4a8a5a7c4bfa4bb2c05dc13c607c1

SHA1
2aa9fa750241cd329279f55d710ac2ad225eb59f

SHA256
a16c9e590d25ae25cf60426fcc2115aa682688d1108a65086bec48fcd725661a

SHA512
e408dd24ce369327b3054cbfd16d95fa6bcf5101af7435bedfec5b12cc3caa7cc7f60573fa24b6ebadf5ae4fe0e4088a353424369a88cf75d6c677521ad3ef27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
4dd2a2613eaa885333f967c02ea1a3e5

SHA1
09ff2add945966018aafdc889e5103d7df8a0d75

SHA256
064d699bd243715d5ed8d4bfe807112ebd9c995ccee8b38610091d3b463db82c

SHA512
bc53cda33fd0cd2ce95ce9983a4a86ec3e87d498b09529937b1ed1ccddc6ba1c5d590f6ed0f2cd8c38d06fb82e75854df35b2e12eba2d81d0a67202a54523189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
efcdd17bd91719af242d61ac67b146a1

SHA1
c524b40dc9bf15a3b8406d840d2c48777513a86a

SHA256
8cb7311e0f82c8995e4376a54aa7beee62c133560d53b71f87d7a8cb232245d1

SHA512
d019891c0992e9af5e2519a63f1d5c138f17b67ebdf15290b30bc74e41d386a131e03e17e2503dbe0f9fa9ce0bf51c7a8b879522cf683452eae7f4ccd6e85e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
d4e610743e5c7a2068a4b70439457c28

SHA1
7dd8f36a4267a20917874ece779488075484926e

SHA256
71fe2fe420c1f467b798df5f45252d14f48b5a2f57949568781436e5a67386a5

SHA512
3c11d9b1bd93ab079785dfefe4291975d874c05f371d5ff31c1ef3694de7df355a53f2e6f9b7f60d1a2236528baee6c3164190dd257d2d85e4da51b902fcf7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4eb4ce3-4a61-4aba-becc-eacef036ef1c.tmp

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
d64d9eef0915a4f8cabae1e19b10be45

SHA1
9bea16658c800308398e21462080c47bdccf5421

SHA256
7353bfbf0401b9adace4d70e498d5a9fbfa66ffa7c07f8fcb9bd41520fc5ca05

SHA512
afd1f189053903cb5a43c6dff7c0c95e2449c6ec83e17d229272996287d53ae01462c3a7166cfa9c448880dd634fe8971b617b27e42d9e1ecfe0f97d3704094c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
c3267a9b4686e198ae7215db2f96ad64

SHA1
971e7c63095b0d54035bf68750c004e34bcca96b

SHA256
8e33246cea440665288f33807cf340f224d2a4526eaa128ac04214f6b9b8e5b5

SHA512
7357e4c20900489783fc2451509b5775db49a280e5e718232bf0aaea7f9af6e093e1b45c80191fe82e6a6004cff93a4da94faf8b30177501483a6cd6543fda48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58d433.TMP

Filesize
469B

MD5
cc9aaa3705083b708403eee32c1e3751

SHA1
dd74d0e02df2ebee923404649feeed0cc71df596

SHA256
a52fac43275570b9f0a4956b8e13a00f16e6882f9f7ae17e475b4bf1cee9387d

SHA512
50359fecfaf34822f647ff76c4c9dc49b29aa6f88421ed92f4e23929119df22e7bd2d526a502c66021391730538b3617f51c91ef8c06f28cb31b5286cd0d89a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\c3299473-b462-4899-862f-a151df11f379.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
145348ccbcd93b47436c0793942c26ff

SHA1
06e88e8d24ec0d233930044f69928be36dbc30a7

SHA256
ec1fabb21bd5d0ea01d404807ef7d888792cc4e591fb01fa7500c2e2fe720d4c

SHA512
2beb1f0961972aa589b47f55984b59f08ec6d50797b96fd994c95bb59ac0e86836de06f3dd21a9f46919168bf57ea2e45e828f286222961ba280e749bf169c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
819bc3082402f1b3a30c17ad2f83ec1e

SHA1
7c551623d9bddb0b6433f21ee7c2a7e321a982af

SHA256
3b9f826e134c1ebcdf1a9d295756f388401b16dce3c170409be063dbae2deea6

SHA512
3889f4f1a136833fd7e7d5f6070caa1d90baacbfd9ae96302b1f1e6e572932549c321eb590147c137846d0d7e48eef7912e3011c68f4f9d168be655683995071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
9b0b1816826288200cab365a067a1f0c

SHA1
3c879dede4005bf9ec2ad41e160b421daae79696

SHA256
3333260ba973bd7b96c32ac1281ed7d54aa020d9a40b29e3ed4559c8b215672a

SHA512
541e854299f893b847556c840221a4eeba4f602ccec6d09e0be83d56e85dd8720a2ac88cf04e42b7a67b692dd35245367fb40afa4cb5e0142453b42d8e62dd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
7b4fe98b5d3cd5e80b22f4d8279d49b8

SHA1
e1d4a236cb2e7ed816873c1c63273091772f0b29

SHA256
082bf3d133b49ade21e817cc084302c5842d9c4b3763977985d867ff34cda3c2

SHA512
eb3a63bda303f1e409593eb9fa5c1eb5412b0f1d310d3af17599a9ee10046a0337a602109a3a737f4aa193fed47e5efe6048cb9a547488734aa292b2be3c5636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d2e9e394dbe1a0fd99c9f430d928ec78

SHA1
2769f70a56dda3729ae090cda9b3f1386aab93a8

SHA256
b9c5f58bc7ffea9a9587c8e0e58c601ff35aa94f6a10073a719e6e0e59fc18b6

SHA512
80d731e4da6e18d5e3714dadd65970d0a629fb1e1fa239b501b3c1fb5260af4bf5a681251ae0efb75857fc2c06ebbe131e213e5f6714d666dc52e5150ed23432

Download Submit
C:\Users\Admin\AppData\Local\Temp\05fbe758-9d73-4ab2-9c64-67c6484a0a6e.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d1b7faa1-3553-4ab1-87d9-3c6077fcbfc8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1184_1706601693\dfb61079-5af9-459a-803e-a0954ad9cdeb.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit