4e299075536c52b7fe1d8076e6bef32e4a1b673d591b96cc53aab4b3d9717806

Analysis

max time kernel
149s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2025, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O.v0.1.2.Multiplayer/R.E.P.O.v0.1.2.Multiplayer/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
138	discord.com
78	discord.com
79	discord.com
118	discord.com
119	discord.com
126	discord.com

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1969167075\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1487524548\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1487524548\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1487524548\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1541031750\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_745321556\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1969167075\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1541031750\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1541031750\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_745321556\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_745321556\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2560_745321556\smart_switch_list.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873189327143261"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{8539CCE7-A87E-4C90-B190-C7D33AF5884C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6112 wrote to memory of 3172	6112	rundll32.exe	91
PID 6112 wrote to memory of 3172	6112	rundll32.exe	91
PID 3172 wrote to memory of 2560	3172	msedge.exe	93
PID 3172 wrote to memory of 2560	3172	msedge.exe	93
PID 2560 wrote to memory of 5832	2560	msedge.exe	94
PID 2560 wrote to memory of 5832	2560	msedge.exe	94
PID 2560 wrote to memory of 1064	2560	msedge.exe	95
PID 2560 wrote to memory of 1064	2560	msedge.exe	95
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 804	2560	msedge.exe	96
PID 2560 wrote to memory of 3708	2560	msedge.exe	97
PID 2560 wrote to memory of 3708	2560	msedge.exe	97
PID 2560 wrote to memory of 3708	2560	msedge.exe	97
PID 2560 wrote to memory of 3708	2560	msedge.exe	97
PID 2560 wrote to memory of 3708	2560	msedge.exe	97

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O.v0.1.2.Multiplayer\R.E.P.O.v0.1.2.Multiplayer\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff83e21f208,0x7ff83e21f214,0x7ff83e21f220
      4⤵
      PID:5832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:1064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2060,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:2
      4⤵
      PID:804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1396,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:8
      4⤵
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3552,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      PID:5756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3616,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
      4⤵
      PID:4528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4288,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1
      4⤵
      PID:2320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4316,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:2
      4⤵
      PID:1964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4496,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5108,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1
      4⤵
      PID:5188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:8
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
      4⤵
      PID:4996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
      4⤵
      PID:4176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
      4⤵
      PID:2980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
      4⤵
      PID:3176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:8
      4⤵
      PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
      4⤵
      PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8
      4⤵
      PID:3248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6964,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
      4⤵
      PID:5900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7020,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
      4⤵
      PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7204,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:8
      4⤵
      PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7236,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7384 /prefetch:8
      4⤵
      PID:3372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7536,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:1
      4⤵
      PID:3888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7700,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:1
      4⤵
      PID:3464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8012,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=8028 /prefetch:8
      4⤵
      PID:2220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7460,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:1
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7560,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=8032 /prefetch:1
      4⤵
      PID:6052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7808,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:8
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4604,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4600,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
      4⤵
      PID:996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3524,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6044,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7688,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:8
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8140,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7636,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:1
      4⤵
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5244,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=7756 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8084,i,2042124403969115555,15797234463169313292,262144 --variations-seed-version --mojo-platform-channel-handle=8104 /prefetch:8
      4⤵
      PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x510
1⤵
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1487524548\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1541031750\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2560_1969167075\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2560_745321556\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b0

Filesize
258KB

MD5
6dc758b73cca60a1a581a33e0cf2e8ae

SHA1
efa96dfe51f74a699b05e441bfd60febc99d9312

SHA256
33c350310e8b2af2b7387d60b2be7e2e2cb78dffed422c478632626bbc42386c

SHA512
9d95d502d06e3c024b5a8c2ab4cd69b264552637ebad5253878c9a626659b92813d028ed87c16611ded3a38aae706ac6beef5484d4391af2d0587ab54715ac9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103

Filesize
48KB

MD5
4f43bd8516012aa229e3731913d73256

SHA1
92b18484c5e638b4efc9723e5fc3afba359618eb

SHA256
39606ea9321f013ae9805371e20cbe9787658f50c4f256fc5b738d6d7c11fc55

SHA512
4d7235c5c1e4d0a9676b9801c9d165ef6ff8c5e313d36452e77177f96e48178391499a4bfda4e47026fe57bad01b87cd54dac8cdee7bb0cf94e11625c47e04e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105

Filesize
93KB

MD5
0db54a9de7ca5829cb5cd1f40a7df64a

SHA1
db6c3258cadf35af46a24a2f10388bf9f8a48e5e

SHA256
c3f979efb9f6f93ba82b263006f177ad088d811ddd45a00d9308020374ac638d

SHA512
c3311a7ce812a39b0f0027d260eb59f7d30dbb52a9a4f52fdfc8ed4ec4840aa66d11723018e6d46cc25485c6a3d469286095e81e7574d7fccde9f098f392a1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106

Filesize
156KB

MD5
866fa967a11d20f6778600cbebdda8d6

SHA1
d71165d18fccb324990db5c5b08a6c218fcd6de4

SHA256
02abe881bcae956fb20650e9aca4f09bd5c5d2e792515637680f1849a98f186e

SHA512
d0025c198720a103983a87087ab435c7ec5038137a32d0d95517ce3bcd9bb1323e03e61e67ca4031ec9412706afacfbb4ee12f756dd65eb5c636d26f7b8caaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000108

Filesize
58KB

MD5
badbd4480920e01347c05e84b09316e6

SHA1
1e93ba08e65ae86e05c7e4455718f139a914bcdd

SHA256
37860d340af50c43c1f18eeba945a0ddf63f45654b7385f413370cf1f5ce57eb

SHA512
b735e554ff08983d0dfd0ab07374c9962d7af775a8c7d91481fa1fc4ff621fe9039539893e799c91552ea5fa8f785d2d068608c21a49de7bdb4236af6c394133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010a

Filesize
46KB

MD5
f013112b19afa3f40fd173aad327c2b9

SHA1
ad7e182846e99e48c52478a41affc52f85ae9315

SHA256
3e4154d4f7eb1a3b87dddf264d6beae057c04b193be290f6e065100c502f1186

SHA512
509a0ef62c2522f9f0a2e1153e3d7c281b7a20f38cf8c83aca301465e9c85b43a0638c980191791275c14978baa6a29ffa8b0693e562dec32c8a13a27784aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
89ecac2fff2ba977abc99ef1c733d877

SHA1
752d0b4502c03547f0aaa11b9cd8ff52f91102ab

SHA256
606c111354c7d4d49ef904ed2f702c94a5b52f0966d79dd1fa84e3b820bc2cba

SHA512
99d045d79b69da217c5af5d9c1dcf03333559b75cdef5612ecff982cec85c26103c0ac3395557a2be9032983cfd5918165bf5694467ddb4c9c3bc3598f41e862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e866809bc38c465ff5b350bd85aa269d

SHA1
ca31395598a2f0619a8de6e42c92beb709f62df1

SHA256
432cbb3dbf286e3f16744d21220bf1235de57e50b30d4d5b1a140a0ab540af06

SHA512
6bdb85fcd9ef9c63f3219116fad5b685d0967204607f1cdec7a4db89edfbdf00f4b4839907a4cfedb4bef52bc6cf8d3902b40d50fe6a0e17cb34c63b0ce8701f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dde9177b5cc97563cc1f12db4bae541e

SHA1
ab71dddf09bc866f84e75ff5d9bc495ff3b50660

SHA256
ef012467586fa29f1e3c85e4e8d1eb07af7c8047250abe9532cfa7b07a0cda63

SHA512
35ce61268ba9289f2747967334b05a996ba1113a2c6cc5b5afc091f58d97dd1389058fd20613458b8be360fc8d249e77b610170808a30e8cc26b503df514545c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9432f24225690f8f1f923c4b2d998bab

SHA1
1670b355b5961af42e97e75fbcc82360242f8821

SHA256
cda7d577a4329e8c1a92c1a2cd0c75561d92071e9406ebfb3ce267ebc2cc383f

SHA512
a491fc87081b150432e5aabfa9c4dec6ff1bd082a4b7813e0703c42155cc7328f2e8a2c956fbfebcfe5b7433929ae4c5d657a3da1ca80f10875e176eac9159ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5854a3.TMP

Filesize
3KB

MD5
cdc253f265a323bff91d2be88f995b2c

SHA1
924ed769c0db8ffdd5adef191f63788983e01a84

SHA256
b30371b0b62e188de1f1759e519b04ad202a4e5a3928e6f0c67b5c62e01a7286

SHA512
f0fc7582746941f8fded0db4747f4e65af4327cbecd3e1c194d9f9a60f2f68b51f327fdbcef88e734e6c02d95f0fc20dbb5baf3579c0ee058cc4e2eb989bb177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
412b5298396fb5f576e461447bb666a3

SHA1
aaaec6b9e91363ff4df1402c255e445546cea87a

SHA256
c36f107c9d5ba0327b0e1f74bf4855bb5259e7852b62976c9cf5768abc973e4e

SHA512
f4ed26b0f56af9f61ad4b790f0a22185f4738d8d56925f5333868883869087508626c0c329dbf1b7ff44f0a8d827edb67d69d34c5333619d67eb3c5745e3e11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bff825b5aa966b2595e2606fbc6e849e

SHA1
9aded3520577f6530be00c8ac331e9334d81b4db

SHA256
1743851a06a6185ae84a5e65007dd6323da68313a3c029bf5698a24f42382438

SHA512
671e83b1ac953cb49a05419040e720639362bb53bd758f2838efa3653fe32494a62ec128beecfa66fbe45ab8207fb6fcddea4f7d51b036a5d03234692f6250fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2ed47fddc1c3d166cd1a7717a60ebf96

SHA1
f6ecba9fd4983e9094a45ec757adef12ddb4be8a

SHA256
8371956cc6f164294d6cdf6fa602972cf76066313aab6ccacac36b4a69308a35

SHA512
f0eb0eee34e0c0cd65d91e44a50e270123dfacadc30a63fdf40808a7c78881c11bd56c3620c1c8e3832b57670d9bbcbd07bccd033c2fdd530d980d591f06aa85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
876f2268d0620144cf676f94aeeab57e

SHA1
cb067e0afa9e49e6a9215dce2045ddd5a1bf2f62

SHA256
90aeeb103024e84c8517e24b767f3c63689b2f6d62daba61db6ae9ae2511364e

SHA512
a88ddb832ec82a569ac79c3d9e27c9cc492fdfca289955a559ba32f250549805d0b5773af6c7c7b7d0341576ab2659c8347f1764418ea828e3ca955a122cee18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
81276d0616d61019fc38b5038921adb5

SHA1
f3d1a5255fdb3dcca33bbd2596892d3ada92da26

SHA256
7cf30a9fc5dfa4b5658559af3b6ec238a08456a0e6b486caf4fd4a90af3e7a39

SHA512
39c02f52933e542728e3344a2300b4a418a14e6af7c732d362d7d45243ca8a2c310f8891f1f90cc481bad354498122128eea45524c50bc02e4ec5a3bf56fc273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
709b1fc12e2888cdd8aeda544e641c7d

SHA1
8b95c06ecdd324bee8fc6bd0ee33b831b59a218c

SHA256
1f5195be54b2cddae3471a367585783d8b06433c1c1aef62c5f05fd545fcf6a6

SHA512
3700794cad6f8041629a9805efe793cb40d5489358d59858fdcc84998ea560992580add3f6957f25da87cff0d55bcdf981ca5ffd076405a28ce3dd4e5eebd149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
94908c155b008b1f3f817e581921e7a2

SHA1
6b7ae33eb26ff7fb865a4e0b864d3d36b3517a49

SHA256
71e7599e7a038fd4dbfe9ead91d418f362656544ac1731ce264987c11fa3ed8b

SHA512
ad344fe7f8a3afad3e2aa27217097b57a231a119f26366f3bf513402ed7332063fd51cb1150e1443d38a731095853d21ebae92f922f8d486aa26cba24c9a3758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4ecacbe9b925e2589e75902b701e15e4

SHA1
cffc79377bd94e2848a05794500703d8fdfe2abe

SHA256
96765d30ad4fd1f3aca096fd9a7868bd7359d566cc1ea647a467e2d4b77c9267

SHA512
4bf1834b90f218dcf442f8c9c883b51dda5150180d8aaf3b5770f392e28993cb919cbbbf950d119e55906cb57c93b20069d2026f30cc524f4d23e563eed492b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58b570.TMP

Filesize
467B

MD5
22714461430fff7c215c54eb9dbeb7c6

SHA1
8ab4d658b9722d7745306f729f9cc8255f964fe2

SHA256
052d17b5057e598748ee75f3d778f2613298d7a87f20ddc8c6135d7a14f60be1

SHA512
fa8b346c6d29b3507a880c7848d5f9398d7a08aaef6d66cbf5763abffb396068e8a282fd0d8677f3a49b3c0f5942dd5923fe5a03a5e231d7d73dc306f4b5782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
21KB

MD5
97ffbea42e9a0795865f12dedaa14292

SHA1
82b1a9a09d849ca8e55914ceb05677991729de10

SHA256
84db83a7515ea99283ea322d6ae8a7e806287e7e98771a53a5d0e3ff362ecd16

SHA512
884e56e3e7419a5ce22725d8b39b6d9424c882185762fe6ebb3a5c67d65e87b846ecce8a26491019acd3ba79641f489a32e20e2c7b99576315352cca1f5a13a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58b699.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
b4ffc7353c65199e4fb61d1adb3a78dc

SHA1
1c3d675ee376ae0ff5970cf490fea7ec06ba8ac4

SHA256
a5468d6f3cbf58f0cfed4b09d4ee768195874ae9796029f27443f110fb853cad

SHA512
bf4e9b3fafd268c846f17bc8958cde8c10ab1004d59e18918ef7b2b0c7baf9c1720b622c8c4d3ea7a85f153c41c844d8083295f24259755ac147b789e86bf734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
90a3c3328a62b067b8f3a4cfc3020b1a

SHA1
02a86a44d2f082e1bc7bdee8708eddef1d6b9576

SHA256
b9efb167e55746ff6f93ddb4cd899a0f03003081af22fd2da68bf9bbf47e699b

SHA512
9baa52b466ac25fd462b74e170c8123d689b47cbbfb6d49f95ed078cee397069aea12b860a942eaedb81de3e26a718928acd5ba9fce63dd992f03bca0f30d586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
c7aa5ea057ad5d30d13edef20c3e3fef

SHA1
ccda8e62dd49705108659d8f7754537df35da422

SHA256
e22b75573b94d3773d6265326cc7450117aa9ac67437746050b176b3c0171364

SHA512
6fc9a72c58dcbaf3bbaca632c4f9f16ee1a6ace324612a01c5a4ac57ed9e96194deb478834e78dda6b72b2aef1d7ad9da011bbd0339868379189dd6767d752fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
e693da6834a564b35272a0215a578dca

SHA1
49e3e3da17c3a4d5b01e7a483a6485f1036e9682

SHA256
a9c40a33afb0f3b9fd8d67914203e7906be2249afc9e7c6b4cbd716feb1911c2

SHA512
1eb5dfb9d25248a42710ae9d90398935297c1aca263c23df8dd54c11123b5e95d2a12f86f2528b7715ded106a8c754ccb97c21ebb16596c3bf85cea4d8532ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
52be182122db49ef2aa22f7859d7c453

SHA1
6e4840c7683ce7d93c1c5ddc8e2c637efdd18f11

SHA256
0b12a2a600f8b167b1add2afb48e185acf1405d23f091d8bfce9c8f3ff725598

SHA512
65298ede4afed68f951f92c8500424618b46119b75d0d5d1af4514a8a59c324100b3965a444f5108f140f7aea74296ede1124683ad0dee67740003eeaeac69f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\13c4ed86-393d-4ba0-966a-c6c45ec00301.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1c066e8d-56c1-40d4-8e0c-fcf19764f6d3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2560_491841744\cb6285a9-df33-4ce8-a173-406ca41f3781.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit