4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8

Analysis

max time kernel
286s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
Size

894KB
MD5

d52bb71e5a201fd4244a0a1c0dcb9205
SHA1

ac8b432f486ea037fbea677afaafc689573cc5e1
SHA256

4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8
SHA512

f79a408196eb64fa8207786fc93b4edf8d778a261da8a9e54a5d2e54569d016f16ceb95a0a58c98723b9a5741ca77ddd02c845b1a96ef508956137c3b483b087
SSDEEP

12288:aqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TL:aqDEvCTbMWu7rQYlBQcBiT6rprG8aAL

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 34 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1104574284\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_254094813\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1397645063\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1104574284\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_254094813\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1634377554\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1634377554\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1634377554\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_254094813\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1634377554\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1397645063\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\extraction.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1397645063\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\travel-facilitated-booking-kayak.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867425157385933"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{9EBC2ECF-C140-4C28-AC06-7C74C92C5273}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6100	msedge.exe
6100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2624	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	88
PID 5112 wrote to memory of 2624	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	88
PID 5112 wrote to memory of 1572	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	90
PID 5112 wrote to memory of 1572	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	90
PID 2624 wrote to memory of 2008	2624	msedge.exe	91
PID 2624 wrote to memory of 2008	2624	msedge.exe	91
PID 5112 wrote to memory of 3728	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	92
PID 5112 wrote to memory of 3728	5112	4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe	92
PID 2624 wrote to memory of 2100	2624	msedge.exe	93
PID 2624 wrote to memory of 2100	2624	msedge.exe	93
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 2132	2624	msedge.exe	94
PID 2624 wrote to memory of 1016	2624	msedge.exe	95
PID 2624 wrote to memory of 1016	2624	msedge.exe	95
PID 2624 wrote to memory of 1016	2624	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe
"C:\Users\Admin\AppData\Local\Temp\4e3598636facdb235043d609aea92f2d23bb0d4f76171b559f370c4405c156f8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x33c,0x7ff9ef06f208,0x7ff9ef06f214,0x7ff9ef06f220
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2496,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:1
    3⤵
    PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4252,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:1
    3⤵
    PID:828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4280,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:2
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4656,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
    3⤵
    PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4972,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4940,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
    3⤵
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=4976,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
    3⤵
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:8
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
    3⤵
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3712 /prefetch:8
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:8
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7312,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:8
    3⤵
    PID:1252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7192,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
    3⤵
    PID:1088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:8
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7420,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8
    3⤵
    PID:6096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7316,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:8
    3⤵
    PID:2520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7144,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7448,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:8
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7100,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3780,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:8
    3⤵
    PID:2920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:8
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3332,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:8
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=3248 /prefetch:8
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7208,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:8
    3⤵
    PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5780,i,10654026175225692499,5707616034233356754,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
    3⤵
    PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1104574284\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1108883072\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1397645063\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1634377554\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2102313328\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_254094813\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_262198443\manifest.json

Filesize
80B

MD5
9e72659142381870c3c7dfe447d0e58e

SHA1
ba27ed169d5af065dabde081179476beb7e11de2

SHA256
72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

SHA512
b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2624_756438765\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
59a5734eb342698cdfb3992156d7dbfc

SHA1
35bce3c4240e47309e8cc51304d5b671e4cda4e1

SHA256
41c8a022ee58e7b3b789ed4cf04bf4c33b4b12dfb895e9db951414bdd1f19145

SHA512
16d897ecd05df33193c906bc736a3c91ca1d9867a8edc9a5b1d51dd40ef5467939102ded50cc40f18b524c9e0f025188945123502b99506a91b88755bd08ee4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57fd0d.TMP

Filesize
3KB

MD5
3694931883ff0e04163aae277852f793

SHA1
849bff222cf91d43728d4a64e6972933dd9fc9a2

SHA256
2c063894000879e28bc7a388a3fc2aa63e447df6158d7de596a985e6c0be8221

SHA512
4aa9c62b3530f567595a8fb4c083314a2012e07dddd89ea5d2e005030d63aa77899127bdabb824a45ddcd194309be5d76a42ea7454b3ed710eb33cd3ff1e99a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e0ed8d189e9cee07178323df37fc87cb

SHA1
1b7973b40ed8f7615cad1c5faa9810686c2e03ee

SHA256
5cb1b36af7d0118fb92126cac890ab7820c8425a8378b0d5aa7c310d34e13c5f

SHA512
72d81cd9531b45257bc5387afa2a618286fab0bc6c58eacaf5774b84974a80018f90eabb3f1f1ebafb05c62df089feae62b4feed33b5b2e22781936d6df27036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7e81e9c7adca0461b6502d2f4fc7199b

SHA1
777a56f63ea006e4cac8b5b548f7808b3427ebec

SHA256
9d76bffe185163f16262da3a4fb659a1fcb8bd9f50ac145afe52a6695cc4a2cc

SHA512
21aede47577b899baa1fbd879ed93e5eec450b7a6cbcca48a9d02974e7494fc801eeebedcf62f6cefe2cc0e5fe324df3b3e20b32543f6e69875116f2553eaa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
84f4c3634e00bdcd888bd3cb42d1f74f

SHA1
8292e869a0c44a35de5e4e1734571fba6cfb64e2

SHA256
41cb01a87d29751543155a5227a71f141064531cd46f1aff93745e5af599fe49

SHA512
ffb257ec0a48ad6c4460f60359d37fe1d70014e61d5957e57c892e4c2dc8972d686cd7d0661cfdb0d4d9eda5942bf69ee227ffa2728f39f7d57f71b7d19d4047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
42c0e6eb77a5319db7d6ba342d7e3d97

SHA1
71b52b130ccc44166fbc34ab302dca37242d0fe3

SHA256
6af55f74abfbacc8f0086ce21d7e8add3ef0329f28a75a47fa5bbb6860c40d17

SHA512
3c80cce55e3b14eaa0ed1e155dc358d42d113ed8642927533b42534ef2888bf8e48a5444e033f8b5c27423779b4343139bc082844166cc42b4a61af0fd2ad9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
30a807580c82b5b19f1e498035c36010

SHA1
7551cb5ec9ea26ff6d60200e6466426c09317bda

SHA256
a37d1f6cdad90290d59319eebc9ee9d2e72c24e5a05515140e04a32a0b7a082b

SHA512
d6290dff67b2143ec4f56e22382f0915d5f0bbc983e19c4d3d50fa53df6beca670570d0f8902d381d2af7f8d42fb17eb04e72ab98df0e3f8ef9dfd38c6fae6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
c44af02f4f916f8df8a0760a8f7a365c

SHA1
c15a1f5f71a3c1ef842111343d0e7709d9fcfa8c

SHA256
94909dfabb6e2ce144fd5d86cb374fde9487f782cce2af7cc91e73331d63815f

SHA512
646733965add00231e6ffb7c041f60bca87d0732b2e7bdef6ea442cf4533ba48bc024db748ec9632be3c65824425edc524b8cec34565e0e09549570552e1b314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
21KB

MD5
3cb21d76abc26a8188162dca8c176b3f

SHA1
793d954239a917c6d2e88f628d5ce1077ea4e551

SHA256
6974cfe3adc16c953ebf46b666ebe3a4d478fd1c44d46aa6e2edc9b6e4baf2fb

SHA512
6e69357555859239776149f08a930f514a1aec99d578841adcc01d429c290e53c599ce78e2bf0f7b24d733c12d6e8197d493b36bd6595e7cc06aee7a88de5946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
efeed92fc8057409e5b3e9cf4c801710

SHA1
d7f39a970dd295fc430e2de22cc8efe197a217ac

SHA256
0714cca35d22b357dc92dde683968023342843daf35c148ef2eb32cfdf57e053

SHA512
69b4967d730ca06e5252152c5021654e9e54031efe4f7abd2dc85abaff20fe5c432bf3489ff5b94f376ddc8884b545d0317d9bd505e30017986017a482d93c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe587e05.TMP

Filesize
467B

MD5
30955988cbe5cd93b4fba4988d06fa1d

SHA1
262b10155ab8279344e68e5c165294cdfea66312

SHA256
036d29f369b4f72904ee84e034807d56cf9d8704db3d2bc111227f3ec91508da

SHA512
87b015a37b493484edb46072195cd9a96b24fe438cbf44c643daefd29150718ce28156c173fb025ea61e3e5c04979d20c7f10afec58acae08cd7ba277fb667e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
d367314b34204cd99d4993c33020ecaf

SHA1
eb136fd3e827361884bda4930685c6a5a7ec7604

SHA256
f182b48ca3470af0d05cccf7aa63c20c7ecf00ca887249f577436656f1417e7a

SHA512
a947e7ebc1d1fa80168afbe279e55949e8eb4879f93342afc462d16c974cf7376820bf05b2121ac1447dc9276e002743df0e01ad2bea55f7a6eee7c5afd812f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe587fd9.TMP

Filesize
2KB

MD5
ee334aba4dd4fb9caec2da190449504a

SHA1
83d86913e3555e9a83208a777607a621965e9d77

SHA256
762156ec3519d73a52878b137bd506781d5ce93e10336f2010ec52ea9ab78536

SHA512
5863b59c91b1045cb69c5a8feefc32d579f615c3d1480d13369aff2cdf521e7d991424c4edb61f58b1da763e0bbb98f02cc56b0d9fc01236db2f4acc799b58f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6acff7d591839dcbea4d4af6a5eee7f7

SHA1
62fd12ecc7c6aa2ea6f548af35df831df20aa8c5

SHA256
66b31757005b72d56abac06350c752739febac2581c63f5c596050529391526a

SHA512
2fa26910b2bebfe8664f4a2abd791a8d695d23b010976d766e0dc413dbdb9eab735d3714747ec9235527949d8bef6984978d7d29daa62b7589e1e4a7dc250ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
e1d0fe2b7056b7c72eee4665ada24b4d

SHA1
dc10c91de7ae801b90cb4415d98b3b23d350ed1d

SHA256
1a46faa9094577a8506df3befc4aa51ff08212c59ff48cf43afd4e904dc1a454

SHA512
90394c3d8e443d821d985efb306a5b0262504f87142bcfab5943978c6c5f22fd3cea9bcd13844642e5837a82b91e619a1e7883885ac9ee7145f367152fbe36e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
334afc622f858c281bf646e50ce27d29

SHA1
9262d872a4d36157c9be871cc81b7a6db52d04ff

SHA256
7c1c9552739e7cb9ce161001b7845e0c1b20d90e43862d8efcc5ea329f919b58

SHA512
bf7e776c646822b4298d9ca391011fd9932f566e0a06885c2b442f093f69201b6d52f9c65ddfb7472e51c08accca35815eac6af0bfab2d89872ad5890b6dea58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
b0829b22ebe6367073f6a9da13fd5576

SHA1
2aa7f2b0602b3f115d85fef0ac875fa4b9e1e213

SHA256
baff442aceab16515cfa945e7125d2be51d768392961c965fdae9804f0cbe23d

SHA512
289abb391e71a14ab53193696b61da6b77e4c2964c46d8ad50a66ba91fc2cd77a8f6e30625057096cd0eae7875c5a1da833e17bcfb263d42f6bf4b7cadc83784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
74f4ec9393bbe76139cd63cdeb5a1fec

SHA1
e5a00be9d78c5568a8873773f654bb6749822a1f

SHA256
f02a4dba249aa27d2688d3f1425eb403b2e52fca5e10376b9d9739d790d1d7b0

SHA512
0bf54c821567445412b4bd629887833e608161fbdf809f44547268e4ab2cc04f57594bc0f1b13b4f83cd3aaab74e813ca599c33dbf83c45cff0a293c9569022e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2024.12.14.1\keys.json

Filesize
6KB

MD5
b4434830c4bd318dba6bd8cc29c9f023

SHA1
a0f238822610c70cdf22fe08c8c4bc185cbec61e

SHA256
272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

SHA512
f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d1d14df08dfde073f3927343d86207d4

SHA1
0d86447db1619b602066e368e81a7186a6ef4b19

SHA256
1d2f6fcfa70ee501f3e0014f301d85b4f89d62dd118d54d90c1dffdd13206efe

SHA512
210d5263163afd17a3a53acb61525ceea260c71e3080ee050678bb5264b909119b1252bc0872a7c52fa179128a669a65f0611e8225389aefd195413092f7c8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\26c819d3-894f-4da2-8dcd-5b3d270d750c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\f77297ba-8116-4907-8e98-845b57b30777.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2624_386842866\6e34d59f-dac3-4765-88b2-698db026fe1e.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit