hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/Mobile_Legends_Adventure[.]apk

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/Mobile_Legends_Adventure.apk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
233	raw.githubusercontent.com
234	raw.githubusercontent.com
235	raw.githubusercontent.com
236	raw.githubusercontent.com
237	raw.githubusercontent.com
238	raw.githubusercontent.com

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1127387439\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1188111561\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1188111561\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1127387439\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1127387439\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1188111561\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1188111561\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1188111561\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871323551862872"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{AFC6B39B-F7F7-40FB-8BE8-80FD2519926D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6008 wrote to memory of 4484	6008	msedge.exe	86
PID 6008 wrote to memory of 4484	6008	msedge.exe	86
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 3260	6008	msedge.exe	88
PID 6008 wrote to memory of 3260	6008	msedge.exe	88
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 4632	6008	msedge.exe	87
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89
PID 6008 wrote to memory of 2668	6008	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/Mobile_Legends_Adventure.apk
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffc8860f208,0x7ffc8860f214,0x7ffc8860f220
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2636,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1952,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:3
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1916,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6068,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3380,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2164,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=3660,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6624,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5500,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=3644,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6272,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4800,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3384,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6860,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6848,i,168903269870564118,10176596288394881240,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:820

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping6008_1127387439\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6008_395165713\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e144a9c387fa15e5345578f89987d45b

SHA1
23e30581fefc7f54e73f752d3a5aae2680e9de8e

SHA256
eaa93f73ca8ca60995242c6f7dea3a0c1a26aff8c29b862e3fd8177775570ea8

SHA512
023b135dc49674b86a5b50133b81a3ea87e5c23050dfd8a7eaf096a94301810ec7626761645f2debdbf3cef9138acc0e3cd96d99d37f1a5a9867c4930a259ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
008b932a43de21357176d1f78993ee3d

SHA1
6e35e807eca1a82eb5803b3a7f5d8e9b5237ba1a

SHA256
fb46ff344d11c047500eacd99615ad62e1b9667638c2e1d5aa1eed3268706e30

SHA512
e32aa1ee181e2015c418ff921cb0f8fe25505cb9b02fcae973a1a80578f7f1d870bfc4edf7115f5a56b4b7b5f927201ea33d471ee0895c9243a1f79a559dd6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583505.TMP

Filesize
3KB

MD5
e4a6ab5df213515f1dbe8ef546135f1a

SHA1
4838af248f0a4f4ed96e996320f863e5c7fb4a5b

SHA256
2354ad85a3a83c700faf34c150bdbe3591e8470c61fc82dce6171a67a007666f

SHA512
a22e4384a524d6393ae478f2a2723804a33781dcd266da0744a7c292a9bd05d0f8d3f1c636edb3d9cba1d500140ecb6d5985095b5eb91c2f5a122b6e048cddb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_pie1-word-view.officeapps.live.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\244c7beb-df3c-40c3-a2be-0e3c58b52ba6.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f707d764a39598ed45af7194ff8c3ea

SHA1
f3e2e5406d04e0af210e52a0a19436ccc9d5a66a

SHA256
0edea43a7767c9c82c13fc36886c0258b3ad1bef0e915ca8103869ec5b15eca2

SHA512
26307f19eafa9bf64811a3ae39f376b96d8df153d1304c4463dcfeac67029082ded02f6bf8ff0e1a49b521e40d3c8cd220fbfbd12c29b520a680369e0c5aac24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
356610db631adaafb542c03d9942f1cd

SHA1
7501b6aefb1e6d00cdec46f4d921d47018a02ad6

SHA256
d4c55580564909193531c7e97b34640d8f8c954a3f6bc42e093378b5b5d7927e

SHA512
79fe9692736e5f4ff8f1a84b57f168ed024201f457fb50a77afb9dc2e7b1980d8d7c17aaeb90c5799717df9199cffb6d3ab1c717653df611e3d52c871043dde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fe1de495650992bf80712c551aaa78a2

SHA1
9287cb455214b61bfc5b9a299fc335363a1e741c

SHA256
cf169038b712e73be1e621646e3e04e0899a46c8798b2e4d0837e76991a84c9b

SHA512
bf672fb898a0d392a0576fda171b4420ed6ff84079e5f2ca808858aef2ad540225a930a0c3b6dfe7b06ad6d22d53a8db7cf238565e5d4f14cb51fc936af48e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a5e8cffc4ed26ab3e2a2308e567d1dba

SHA1
d251d25825ac507249dbe8731ca4de0e7db9119e

SHA256
a189a804ec619110eb430e17cd435b6a97f9e1863a7e630d556a26eabdc1ab69

SHA512
f46f4158101c629639e14e46b64789cdad7b6072f6c9922a66c0463f95f25555396d3b163c299e64ab2c1f7e587f8e45bb4049323369391c648adf0d9618d49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ef495667403c113f0209d1847fd4d54f

SHA1
8fef728d037f9dc7f09c718ddd7ac3c8b3766c22

SHA256
31a408b2171784bf17842adf7e0bbef4fd558b5c128849eee60509d855b420a5

SHA512
e6b7c95ed42b39cca7fd0ae8acd9768c0cde2f04a848292946430bd0b06a06a4ee190cfbaba8706b69ad04d4f86c88b3b028ba157d2dc7ce089703c9b6711934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9ccb801c0aaeb2145373483b30360c07

SHA1
729349b92c00364623c54f185afc1d0d27792958

SHA256
89f69385a1bb48c9d4cb86eed45b9eb71c5af557260c9bf3fbbf2d05e065995b

SHA512
7186077543da65037f37636fa6a4e63764622cafdbfab4ae6f50e8a716882a663c2f5d8dcd355a72d33fed470c5febc8b6451e3cc4e2f53ef60e2dd1ceefa5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2022da7a0b4fd8f2d5dbe05e9de8255d

SHA1
d123b0f4ebc5009ef00222f6331e80627c2a3499

SHA256
a697f7c9df5a0a8b72de172588666cb2af98ec704512ae312f6bf2dce0776172

SHA512
313a6574504f2f11e35d482b7b4e43881122bac2b69404112f7c4a9d2d2b461e80a5800307995707e8bd5634d90d43d75d9334dc780cef217ec079c279f21ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
59e908485e13ff0eb4d112d6515cb38c

SHA1
eb65bd711e5b3ab69bd542b6ce6c1a50ede58e97

SHA256
449a9dc31d9bada691f5174027c5eac9b096b9084156e00470f76195d90bd700

SHA512
9a490537357c158691cacc2093d8c7f86bdd5bca8217b031139ac0da2f3b1e1f16387c897c30353f10093d181d58e965c38a9a6beae559d0f0ba86dc51282d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
065b84f75962ee9cf2739f908276ce0b

SHA1
89067f93fff818965a3ba90892f98c097914727b

SHA256
9634ff3dc84750f2fb054fb31943e7370e0c9a28d6d055800aae48b88357937e

SHA512
257e6656511ed116915b488e9936adefe1df7eb8864676c4cffc5567c0590682891071c30d248172ff4db17987bfc392b140b6cd47060fd3e5a788b593423775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
ec3cf6f4e3eef4ad4292cc0cc7af3ab3

SHA1
3211db002aed2fe86d07e2ea6cb4b1d837d46247

SHA256
7579e86549966d38cd5853696e6201d2f97900a896725ee9b2ac8d82e87ed22b

SHA512
b93859db3debb6eda1dfe3536ef2d274e21d0c9e78b63ae7d5467e7728f385df3a844e85b3213edb95f5938913cecc637eb45e673b4d8ff496f7f0df17e2c480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
ccce32b190b1594dfcaead565de20e67

SHA1
59e1c4bfd0a42521859ff73d6e44bf2252ccc1ac

SHA256
ddd629c08ececf838b618b775691abdf1848c714e71ef556d6077bfeba6fc359

SHA512
7e2d215651830b473982a051cde74ceed5683e852f0d7dc1084ac457694431ab39a5fe5b7f7d946f31e7f46cf8698123ce757bd5a6af020307a85255956d9b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
28f2ac2fe42c1478eabbe34286235122

SHA1
7ed0bd23536966ad8be045dce363e8858896d280

SHA256
f7a5937786113bd9caed4209850e47d3b37e57930c252939516abb4ed0a794e8

SHA512
7619447e75dcfaa5490889b9dfc50f08eb26611e54429d319a9af451c91ef061a18e576acff45933c881d0b72743a2ea2a59239669dcfa064e899639e0214dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
cd0b640cfc89429118276cdce63aa2aa

SHA1
a5f62f98b8e2aa0a77f407ace014bfe4e117f339

SHA256
a3137a618deed117f7560eb927f82ef79643ae20fc57ed61e8fd05de9640b658

SHA512
b73acf3a361350fb2a474516fa676f4715b9e882c828e23a4a497418e58ab9e0fcb940b8dfe62f319f04fb0b10687cc03df547f585e8ecaef190300c3b717a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
edc0237e140322f6a4149a12627c5ec1

SHA1
20ba46ac6bbd69ffc93285920b1832a14a8afbcc

SHA256
556081f87f3b00a35b19aab83c44dd4fcc29c0735b35300f6282889ffaaf1d24

SHA512
b2ff616909e4b4f32af287048d7a1cd20a9ab4a51a6c69291270faa9e94a67bcc220beb85fbba86f594fd231a0b5f58dfe2f97469d7bd62ac2a4cee5ea90dd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b4a679386bf03e9902006282c2541f21

SHA1
7f529d4b564fd83da98a4c1abed390ec6d17034a

SHA256
d20364de9599a0634601ceba946e40f974fd30620a9e04d29a8098408206bf6f

SHA512
54b2c74f204b1a01bdf7140a227e069777876f3ffb5fd536963338131274120bb10fad6a7d859c4d8e00bc2138371c33d6bc6e1ca865bc0acdb0336a16abc909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0601204e237364cba9bbfcf2c27adcc5

SHA1
bf8df66f6c70b1be1dccde33f8c1835800bfd55a

SHA256
c92d22fdbe4356f4f4cbf7defa8e0ce0b3d6deb36c0a42c4db52bdc1d1f83c0a

SHA512
19e1a09a2e7a279dcb938134254f371d3613b2418d81e890506921e27c1983db8035f6bef17ca2d5390b73c66a8177757675746db573907e7eb4741644b748e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
484224b9066b4724e253d617327a9804

SHA1
f13e9260d844e7d9c462d7bde33b841b0b576bd9

SHA256
7e87295d48c71e4fac026f7ca66f27e0077b2d931c9025d60893282f70ee6d40

SHA512
19263ea0f124698e86e5491215a98f11215a5df85b3afa9ec2ab8cb71816a34bddec46e8fd3128e6d142f23ca734eccd45c166cfb26e36da8f6900d988e9ec0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
91461ec2a8ca2b1d8d790015e4b77cb1

SHA1
6e34ec828333601c5d0a2cfcf329242ae70cc0a9

SHA256
29183ce65e4669703788f279687d51b1a20e3725d0110e5688c1389df559da52

SHA512
f77a5b8e8cd9620f470e2e94fb28b30348e967584e5e79efd875e8f511484107edfdb5963809bfad454c1698f2ecdcdcc2c30454a3fc48a766dec66d4da4fa08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
37a1ba43a71dc07e8c1be4c17194ed86

SHA1
dae8b52e10a414054b20473f2efc38e79db4e66b

SHA256
cce54684940b56d589b3f7918a8078d75d6daa1f97248d15c29c4fafd4263251

SHA512
d70b7b617763e76c6950189a6d6b7d2f01db5c027706dfa7190037f2915748e7ad5bc1690627a2f42913d0aa22e054bf478e7af519888f90889d31d4990a10e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d0e9bba7857c4847c3147943fd6e5bf1

SHA1
7bc5642893dd9ddc69eae6ca5b9809ded3b1ed96

SHA256
9979f8bea6cd20dee21d473d01a047c73f2785e3e39f62cb8c8ba1dc80051d7e

SHA512
e82329d4617e8342c5e31e823e8e269b714dfe578ee42877d4389dde6f3ba8f66559f127d7fdace5cd4339131d8ca1efbfd5ae762ecdc90cbd3b65e2b8ef1bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d43e257bf97e9515e350320b46ce331f

SHA1
a396bb141856edcc588b947a6a26c537050f7eac

SHA256
88fde5a36bf0ce5a46650f8ee76e86a6192a288ddd3e289791681d6cce902ad3

SHA512
461b629dae0815c5ea4bc2e104dc1dc75ade9c0e3c728bf1025e5e1de26960da8b548faf5456dc60b75872b2c641447a7f6b9e8b231306f3218370a0bc5bfe2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58053b.TMP

Filesize
392B

MD5
373b8e2b42d7726dea879e6ba59e1779

SHA1
43fae880fd87f329f8da7a6026c13bb91d181373

SHA256
56743b1b9ff04fdfff8bc7f93bc51e92f8d8d8b9881f80c8b7856e3721a002d7

SHA512
08913f5d2d0bc700bd2659ecd7b453406ce8e0c15991830fdcbc167d826aa9e6b2fc1b2dea9cf5f708e9d3c07cfe4a3c317fd7c1fc8e603da7349f7ca838c1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
55ac9089a33d503005933d5caaf29612

SHA1
0960ff2dd02a4b59e02058aaebba62042a4a4876

SHA256
27d923ec1a104008ec4599b1a6143b6bd6c85c133c7a32221a74d698d44a7ba0

SHA512
77675c4d69a4da570a7105d42dd954b6e67e3aa6279ef7f8a83000bdcf2eda59cff8fdf7380493868ae4239e6afa08864e3cc4a75d09fca856d5dfcf1e65df7f

Download Submit