1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be

Analysis

max time kernel
295s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
Size

896KB
MD5

f22c3c68146ffaf6b04d6104c1cd7017
SHA1

d0558cadeb111a3783f9d377eb1709b891d97b84
SHA256

1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be
SHA512

c0d8c81f4d23c8fb4e9572a5ff751a9a93f0f7c862c06b4b8843c7c904598fd68567b9f98449075db5e163ff90bfe52cb60f1bada776dc06132badf30dd0fe7a
SSDEEP

12288:PqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDganTj:PqDEvCTbMWu7rQYlBQcBiT6rprG8aTj

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1368729942\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1083208835\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1872433016\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_205028786\crl-set	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_205028786\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1368729942\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1872433016\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_28514334\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1368729942\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_205028786\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\extraction.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_28514334\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_28514334\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1872433016\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1083208835\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1872433016\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\travel-facilitated-booking-kayak.js	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867326980959237"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{ED58FCA3-0EC2-4359-A1ED-280018899260}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2268	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	89
PID 1944 wrote to memory of 2268	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	89
PID 1944 wrote to memory of 2632	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	91
PID 1944 wrote to memory of 2632	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	91
PID 2268 wrote to memory of 3192	2268	msedge.exe	92
PID 2268 wrote to memory of 3192	2268	msedge.exe	92
PID 1944 wrote to memory of 4288	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	93
PID 1944 wrote to memory of 4288	1944	1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe	93
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 3820	2268	msedge.exe	94
PID 2268 wrote to memory of 2984	2268	msedge.exe	95
PID 2268 wrote to memory of 2984	2268	msedge.exe	95
PID 2268 wrote to memory of 2484	2268	msedge.exe	96
PID 2268 wrote to memory of 2484	2268	msedge.exe	96
PID 2268 wrote to memory of 2484	2268	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe
"C:\Users\Admin\AppData\Local\Temp\1025296ad73c142202aded763f95657fcf821107e0947247cf41ca24c8bc95be.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffe3d6ff208,0x7ffe3d6ff214,0x7ffe3d6ff220
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2036,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:2
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2144,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
    3⤵
    PID:2984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:8
    3⤵
    PID:2484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:1
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4300,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:2
    3⤵
    PID:2628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3492,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:1
    3⤵
    PID:2760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4688,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5520,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5628,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
    3⤵
    PID:3380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5840,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5916,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6216,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6928,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:8
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7108,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:8
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7104,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:8
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3816,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:8
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7012,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7304,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:8
    3⤵
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7292,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:8
    3⤵
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:8
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8
    3⤵
    PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7028,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3732 /prefetch:8
    3⤵
    PID:4008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:8
    3⤵
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=868,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:8
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7624,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
    3⤵
    PID:684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6460,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3348,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:8
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
    3⤵
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2868,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,11210513540396848480,7449867955569661560,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8
    3⤵
    PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1083208835\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1131583013\manifest.json

Filesize
80B

MD5
9e72659142381870c3c7dfe447d0e58e

SHA1
ba27ed169d5af065dabde081179476beb7e11de2

SHA256
72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

SHA512
b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1872433016\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_1875101092\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_205028786\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_28514334\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_889634731\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2268_932122466\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
37fccb80407e76f2d4384073f50fb8cf

SHA1
73cfe70c3132fd933e95e841c9669e0b5b27d4ce

SHA256
5851bce01703acde344737e9cd62a18cc5aba741f4bc796e52b0fda5b4b470e0

SHA512
3552e6d5483e8f1e1ac76b8738acccf21fe6c06e632040835fd31ac310556f2ce862dd3c0bef34b11b4e99d1f71eee221bd8b61c947a6a53785444a3b92ed3af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0597c406358b3efc216fc363d5eb86dd

SHA1
ffe5ed61629ef10ea92ccb237befeef531538841

SHA256
4fc507603ef4a29b02ee9cdbe1b2cb3d20294bae3eb64c0e83ea2424a3c651bc

SHA512
d2ca82b8b6ecaaae9fade6cb75b302e61e3b2c44d9affd40c5dceb4bebe969c882e552d3606391263ab5377fd37680b79db2e17430496dfec2b68105580888cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57df15.TMP

Filesize
3KB

MD5
8365c16cb5ea5f1e3b009511f5814211

SHA1
2124939b8ee72c9fc399d0354e7f218663fe6797

SHA256
298c8752869f60dbaa50dbfa25ce7a4dfa16858879866228257e61af213f26cd

SHA512
f552bf096c3f3d75635e3307360f42c465a502c38e9b5b245868022c9df8d1a32b8903c40226a4b0f17fd219f6d7edf05c3095f7c305ff21fa792cb46adefad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ac9b9ec7124cd698aeace4cd57dbc976

SHA1
340d88ade30d29c7be56343a66264423d57c81c4

SHA256
2720083fb6b93373d2873a01ad286ba875aba3b53f002d09d31349b160dfab43

SHA512
19d80d70ad15fde92522ed3e983e9e6aa0d8b175d270ca51567d5ddc262eb3865fadf0f5c5030fa558fd01af03f2c64d02032f2b9a5b8c16a9db01de8e027aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8dd0283102a749b8804281dde050e241

SHA1
eb2377f99c098a3df15a330aba8d280652335de4

SHA256
8fcdd66acb1830a6fcd7a3dd633c3e2830245e89a9e553d15f9d353951d8b670

SHA512
163553e3c59919e21014d29227020378848534d1ca02a332232ccd7da70dc6de08c5c6c3f82848c7678340d8384343f65e877bbac0684329ca1897085098bafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ed1e2dc0ba3b635a2a1f02517776fdfe

SHA1
a5570432e9db0b556a6661f064d855f19854b7b7

SHA256
f652ed1b2424fdf95bc2c175b7ade3f6f662b2c8f44287f5418b4ecadf086aba

SHA512
77d6ebef732d03c7e91315d5c192d8ab54b843d345f2329ebb441502eed0e3544910ffdf0f1691aa29c253319effed7f21975eccc8819a86a3514c6bf6885b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
86f84be3cabdee034d661a5db163e971

SHA1
0c974098cacf92addc7f02e8c13880d06bd07a41

SHA256
f764d7fb5f73eae38d34d4452aee77c227c6349c91cf5fc9277bf2c6ae48095c

SHA512
bb7fdfc790870b5a71a5a7e8e0f1f78de08bd7c5d1dabcaa78745c00192f5d040131f66adcdc2365b3a6a0226624e1d88265aae609ce4ec96ba9d3571ba34071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a6c61bf33a38f7ddae541832982a6b80

SHA1
3b16740883380f82120490bdfa2332d38116cf44

SHA256
49f90f1eb664fbb9073b1e4fa09a3a5b714e8c514be6a7056f592026997a7ccb

SHA512
8d23456a99d3d2c9b82c36787a9da942a5a0056ac1fa1e76705aad40162381326d75e907fa73b848487903945e92a40f8337bcd1bae5dcd1d1654446763635e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
3155158970586a511b8e2e488f74ceda

SHA1
9bde282c1b400e08dc0d6a3e65587479eabf365a

SHA256
a0d1cc7c20d28b9a719378f9782b78df3571c8f54d92b184ed3b09b4d27a551a

SHA512
897502d1a34b547d139fbf6543b895ae0b84875baa99880877ce6042021bcd99172ed3103ff97d959d4508242e160b1b0de1f4ca49dec5ed48957c0c854d690b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
6e066a37d440d23005deabbb00a634b4

SHA1
c2fc3b73b25ce5609eff40fe0e3f7b6fa42d2883

SHA256
a3c5f6c0ceffc45dd970e897feb663ddd7f66b377bf21fa72066714bc3a1e341

SHA512
953ba73c906d26e0c9d7c0a55cc9233128c116ad065106e1579422dfdf78facaf5e2a93f9dc81206103aebc3d8961faea1268331011b3a44882e0b28c8aea7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
6fd274ea1036ce73cb131792321c0aeb

SHA1
839948d1a0b50118df751c3a63ccb857091b101d

SHA256
cec92cf410352915541e727bd261978802c329d72b62ac349ee46588d455c938

SHA512
5addbfbb9fdff742f8184a3ca3856a3a7ca7753fb4f27158c6a0a659b52c47f7aafb6afab3c8178c70f476a113f891aeebd60b56aca3684bf7a9eea608e2ea8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
21KB

MD5
e07f3ebf75d9e9ef8c00b7dc53ed58ed

SHA1
a338240ca1e264b59a652f51b60349cabeebb282

SHA256
d23a473b15dbbf505340b6fe9cceea3dbbee31303a4bac4fcad0a71d9a454155

SHA512
31fe8ab5e068f5670a4b23a119eae54229b3b99e573d0dcfb528a9eaa04af3cfd6aa2e673079ea819f5a9cd8ac313e12090daa61841eb4e3bd304a159e679781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585f42.TMP

Filesize
467B

MD5
0969706f11f7a3fe5db57f8134475c41

SHA1
d8f6774e2df95d443854cf44b8a1cd0b5db7444f

SHA256
62bf7cd472198c5ee6f21a55ecd42bad11e71c3d725623af281e69870d387bd8

SHA512
3b4c76355e4f988cb6f96f13f07dfe982fdf0b62871660c108454d94f496927e0f2e75cd7f11f7203a6ff3f6ad0369d88faebd548bc40297e0431d49b7d39466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
d367314b34204cd99d4993c33020ecaf

SHA1
eb136fd3e827361884bda4930685c6a5a7ec7604

SHA256
f182b48ca3470af0d05cccf7aa63c20c7ecf00ca887249f577436656f1417e7a

SHA512
a947e7ebc1d1fa80168afbe279e55949e8eb4879f93342afc462d16c974cf7376820bf05b2121ac1447dc9276e002743df0e01ad2bea55f7a6eee7c5afd812f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58605b.TMP

Filesize
2KB

MD5
ee334aba4dd4fb9caec2da190449504a

SHA1
83d86913e3555e9a83208a777607a621965e9d77

SHA256
762156ec3519d73a52878b137bd506781d5ce93e10336f2010ec52ea9ab78536

SHA512
5863b59c91b1045cb69c5a8feefc32d579f615c3d1480d13369aff2cdf521e7d991424c4edb61f58b1da763e0bbb98f02cc56b0d9fc01236db2f4acc799b58f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
12d2e42a0b6d615fad849407fc422da7

SHA1
e44ac015c1eaa39bb021e45afa3e85efc7adfc72

SHA256
34b34a72de64873473ca046138499c39a9650c8638527be88b11c81f2342ba1a

SHA512
8c910a9e8e512b8c70f9bad1ae5d783fa860807f6cd54f854dafb58b622b6e9a563cb5670a53f0755832e20b58633a54d693b727410463fcd9ba7ece008ac4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
b9c7e781485e38f66c191c246e98ccf3

SHA1
1bbd2acc1f62b44166bcd99d8bfe58e0ce4f3e68

SHA256
214244e98959597f519c9c97d86a032d33168eeb75a84695bb1f95fa208352b9

SHA512
3982444888905b1848d96e2d8e36c45c62a93c17028bdd289309df5c941edaacc2815f78eb73ad3242cafc064518ec9b023f4c6d93d1338e98d74cb0264a30b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
912294c9c8f0d9a737f3545c0075f48d

SHA1
f1b2761058d18f5096d01bfb26f02cceea5b5162

SHA256
12cc7e64661d6e92f1ab33c9e94346a2da3a21d2490400dbde8cff2c062a07be

SHA512
3a44e01932bb49eb9895e2adb281bb4d0adb8e2a772249200849cf9b130fab0a07517cf704c99d7fd3e85f5b1bb5bf5535cf49f467613a05ae5fe3274bcda42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
b7d17c4ab5dd7a8fc0bc9fa777ac96d8

SHA1
f0a83a0a0afe3c7d15b8551a508ddb4faec9d148

SHA256
b0ca8af1bb122951f232a73ab11d97cea59fbd24210dedbd7e1a45c9fc02c87e

SHA512
4d7b1845b5b6b0d65b227bef5916c3acb5b6ec616c635454cded7a43ab95fce816e0d0a885a63dd2b4d0550fc8f15056b75bcf5219d7b9f01172ac6c7aa40631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
6f62ede829c3e59a5b41db55f435314b

SHA1
4eefbe8c7b287527aeb0a3fa21d2140ce5adc46f

SHA256
62d6ed400babea95d9ae865f1a8637c846f6d9f0dcebaf48e67822cfb476de93

SHA512
e6860dec4df7880e972a913f5a2741f55738eff5530ffe732803e7f0740a115c65b4774e210d1910ef865bcaeea1b40ca752b044f6d8ee0c3cf93cac92f9caa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c90690f78328990674dc0bcccb884573

SHA1
28656b1fc28f0d5a8c0d5a3992b79453f746470b

SHA256
b6db9890cc94c728aa70b958fab5f52b90e921de967be5b6d03bf51537ab5dfc

SHA512
3b4bad2efff8bd63fe4390b40de5036666de6ddb44b44ba43bd383ecb1eea737ba8fd888173c5061c4471c5b924594ef95e9bf0690fbbe68a95bb03d0cba6f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2024.12.14.1\keys.json

Filesize
6KB

MD5
b4434830c4bd318dba6bd8cc29c9f023

SHA1
a0f238822610c70cdf22fe08c8c4bc185cbec61e

SHA256
272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

SHA512
f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a50cedc04db8ea12f205dd86dd107802

SHA1
b6688027e4f9da63c4847b2ea53168744157ed77

SHA256
e579bc54bd9cd9923e981302892d566cff59b2462496e4b6005c60cd7168e064

SHA512
be2b0d6b4e7c9ad6d3b92e599bf795bb1945de655f6bbbefcf7c292182ba57daa11b134789ba08c8bc611d9bb3334720fd26d28ca9527347b7c01c089faf3d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\81203f4a-73da-4982-a072-14f377814113.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\9d95d120-9126-47b0-876f-a320c5027113.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2268_2052226533\019b257d-785d-4727-b68d-feeaf56a12ed.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit