f134e7e8f358e5cc4455a35e78ab77f4bde0a4805820331a31a1a1e5a0bccad6

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

taobaoBatchEvalue/下载说明.htm
Size

2KB
MD5

9785eb39d2a933dafc7c713baefda91b
SHA1

fd66e14363e866222e467c4397e8ccb1d0954a7b
SHA256

b7a5dde4b441c67156e2085ebcb90ac91e72f376cc4fd7874c69974de39730c0
SHA512

7e8d6f5e77dae8bb4cced6fcb9d3d6d79b3165ce8fe1c0b6d8c6a5184d28d6bbd31959780f0e212f6f1a0f373fc23958f6b5481cc5075a4802b51538efe79dd7

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_812275289\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_814562551\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_812275289\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_1733792138\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2084438044\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2084438044\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_1733792138\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_812275289\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_4032_1079102097\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_812275289\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2084438044\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_814562551\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2124853665\_locales\sr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876176759334119"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{8D89D33A-960A-49B2-AE84-A4F67C8E5A78}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4392	4032	msedge.exe	86
PID 4032 wrote to memory of 4392	4032	msedge.exe	86
PID 4032 wrote to memory of 2116	4032	msedge.exe	87
PID 4032 wrote to memory of 2116	4032	msedge.exe	87
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 3736	4032	msedge.exe	88
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89
PID 4032 wrote to memory of 4220	4032	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\taobaoBatchEvalue\下载说明.htm
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x280,0x7fff4cdcf208,0x7fff4cdcf214,0x7fff4cdcf220
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2312,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3364,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3388,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6224,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6508,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4884,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5044,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3584,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5260,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3460,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1040,i,303243495092281417,7464956896478662432,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4032_1733792138\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4032_1733792138\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2084438044\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4032_2084438044\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4032_812275289\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4032_814562551\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\33b3c714-067c-4ffa-8b98-17923b5e192a.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cfab623c21500ca1b8bf43df056268f8

SHA1
d65d2b3a3987a3a7e60f33a2581be2c81c027e4c

SHA256
69974387933bb6b4678f6d0fb22fed2d4ae56883ddbe05f4820f883d4f8422bb

SHA512
47f9552060df65511d52b62b92a6ad0d6e359e86525843071f62e60845b2baa3491461daeac7729959c283305981c5591103ca8c39fc7bdaf109943bbc127f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9f0ec2b561e98c40dac27fca96a3d54b

SHA1
37b733331e5d006a2c972cf3bef4e0a8f5d34b4d

SHA256
461ff1e531a016a13486f7c18e76b083977aa307034b59d1ce7d38ebdfa18452

SHA512
4763836de5510ba810552b522f5d0ecf3f6405b9d49fb51cbf86a9a99e02708d6a396d77e904f46cc1fbd07c73d22b59547a95b351313e4c6437cc1e922f8b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
63e410c4ba1f4e64dd5a09c896b1a521

SHA1
03a86da66d0c9d3a691e9d5d13a2de5dedfb6252

SHA256
fdaeb131cfdb897dd79f57d348ad557c5a3b3ba42d9410918ce2e6d5c3301e57

SHA512
1c20bd2bd1928feefd5f0047fca91e002f3c1f6ab76ca9d41cc9b274ed280e250cc2712bee3867103edb9c2cbfd8ec5dd2d650c4c764d99c2a1ae569d4194375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
2ac8ca20ca5ff8e283253e79f893e5d9

SHA1
2f11412e04e554af087d8720ac7ecf0e80752e79

SHA256
9e969408d691af052df110ef693a6bb2b1a26bfb28e4734698591e356b7d1422

SHA512
00364e538ba58c67f6a2728ab38ae89d910a0f1cd3f1b7834ecbb8b45662fedb384d182771f24eebae2c52b3aeccfa2f4a34f25e361cb0977cac57dd3548b0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
098831b7fd3648e7c9644b5ca03216a7

SHA1
e3e3bf979936c7dbf9cd61f1093ba25f21e29401

SHA256
1dff8aee6ade10d78ba1ca66b47428b32451a0aa4df2ccfa6111b04944c18821

SHA512
e810356471151419d1b1cc099fb729fb405d35db24a9e4636b8dee90c0177649530aa1ce7df3108571be7fc70f428aab12c55c30d2b0ac23a0bf8fab8767b7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
a5644ce64346123efbc1ceba18ee42ab

SHA1
3c90e383b6a1d835955a11c97a22585f47a6d2d1

SHA256
3c9d11a62d3e8721fb8dce3e2015cd81a51277e602c55115db2105d6409f52cc

SHA512
82b0f48097ed0d5f4ac32ba628b1968060e650ba8727174b6bc729638b317c575eab4571cd7daf1eebfb4b8d69fb775300d896ab28ba79bd7313dd7ba54e7b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3253866b8cedf366189f579e4f649078

SHA1
a1e5eefe6e0757c89131b1f7a4ad479ea2bf67ff

SHA256
b13f5a8a4e1534ad269dfbc5c6dd42a8d63e33b370034ecc5ac1d924b36cb4cb

SHA512
f637b5a415934ca521d09dfb0a46d214e5db14a2f7149e86c08383bc73b72ea77227d90be217b7dc6b8f39bd681b79f69c9ed196edb4411108a5434826696ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
ccedbe90e21cb4895ae798b5ca39469c

SHA1
78d223baf9421b783e27980420ba3fc1f138690f

SHA256
f3df2b5f7064c5ea972000ba22d7faf02f13faec1fc514f6ed28aeb4cd09f04d

SHA512
0c9285a3cbd0225c1569a258a77e1ab9fc5ad503ced33dea901e64d0fb7dad5e899b3904132864bb9a8f5494212a6a6aa674271139fae33fb8d52fd036294189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fd33224be674c2c4981b4e2613ff151f

SHA1
cbf8b95bb6674c31022c9f85edbf6c6f694bf389

SHA256
58ca30aa34bf2153357afaa1b4ff9feb061905ee2396c3b0f889defae269d075

SHA512
801eb700947f700f52dbeb376b1e64b2956bf32796989e5661074a2671850c436c61c4c169d65a55538a580a438140c297c0f79b1488f70b02fd2bcf3d5baee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
343f90dd7e95f79af03fc29a4f486b85

SHA1
dbe3745d4473793454b1cbe903b59a2ef139a45e

SHA256
e42bcd5b99aded823ff504642a7d3cc33703d10b251547d88011ce37acd2991c

SHA512
f206bc53a944ae5406edf4cf0948c0d558730e11ddf8fca9218f50bdc14b7f920462c961e32485362fa4d2e06ceea23a0b5889c005aed02e02344771c869d7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
8b8ae4bf63f6f6712537c13d18840f63

SHA1
de3e0f0889d866a1f63fb6aa84021a1f682dde13

SHA256
eb5dbc8c2e155ef3ceb81e1a2662789178fe24c61aae1c89de3f6dc0a878cdd6

SHA512
3fd22df355d5a25f574f7622171444b5e1390dc2e5895c454645135f51b562402ba54cdc0bf0d8eac764ca0e21f7433b69c073fbf4b02b6da8ba412ba95705c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4493ff529b0f183b16d4982df958ab9b

SHA1
879ab6be59b7541a29427be1d752145efe3c5418

SHA256
de3ac725f4b44c52a4cf99d62ad81558250a9cab8593a960cb95ca600dc825f0

SHA512
02b11a22c9cb41961838f6c797fd2cd735bf1e24906a2de033067dcb1e50369707fb0e860787eee32999cda7a5be32b3a716c8f453849b5a49878141d6f3465c

Download Submit