2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe
Size

8.7MB
MD5

605ab1eaaa0f22a5884b703ace476e66
SHA1

200ef10925d33afc80094c4da77055acf07c9ed9
SHA256

2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0
SHA512

6e4a5624312fbee85816b67fad46265093ab439c2f8c331899c08d290f53ee3dda77c4d224d288e44b69c777ed527039bc96a11d58b9474d82767912e8a1e34f
SSDEEP

98304:r4XaZDS9+Q2jHX6uYYZN1Vac32z64SDHNprebZtjKjCB3bFWDxFFcUrvS/6Qc:Qt96HKuYYXF09IgYjCB3bmxV9Qc

Score

9^/10

defense_evasion discovery themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/3540-0-0x00007FF7893F0000-0x00007FF789D0D000-memory.dmp	themida
behavioral2/memory/3540-4-0x00007FF7893F0000-0x00007FF789D0D000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_2068754946\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_2068754946\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_1888490914\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_813541428\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_148133260\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_2068754946\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_1888490914\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_813541428\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_813541428\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_148133260\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_148133260\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4960_2068754946\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876304181442124"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{FEA3BB1C-FE6D-4C33-B285-FEF58D8A8B49}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5204	msedge.exe
5204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 4960	3540	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe	94
PID 3540 wrote to memory of 4960	3540	2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe	94
PID 4960 wrote to memory of 4200	4960	msedge.exe	96
PID 4960 wrote to memory of 4200	4960	msedge.exe	96
PID 4960 wrote to memory of 1968	4960	msedge.exe	99
PID 4960 wrote to memory of 1968	4960	msedge.exe	99
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 1304	4960	msedge.exe	101
PID 4960 wrote to memory of 1304	4960	msedge.exe	101
PID 4960 wrote to memory of 4336	4960	msedge.exe	102
PID 4960 wrote to memory of 4336	4960	msedge.exe	102
PID 4960 wrote to memory of 2884	4960	msedge.exe	103
PID 4960 wrote to memory of 2884	4960	msedge.exe	103
PID 4960 wrote to memory of 2944	4960	msedge.exe	104
PID 4960 wrote to memory of 2944	4960	msedge.exe	104
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100
PID 4960 wrote to memory of 4980	4960	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe
"C:\Users\Admin\AppData\Local\Temp\2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pc.weixin.qq.com/
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x360,0x7ffd1dd0f208,0x7ffd1dd0f214,0x7ffd1dd0f220
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:3
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3736,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:2
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2016,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:8
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3084,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3092,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3268,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:1
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3288,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:2
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:8
    3⤵
    PID:652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
    3⤵
    PID:3336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4972,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4180,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8
    3⤵
    PID:3352
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3096,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4208,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:8
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:8
    3⤵
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
    3⤵
    PID:880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4084,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4176,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
    3⤵
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
    3⤵
    PID:5396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
    3⤵
    PID:5808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4592,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2968,i,11787247130814988240,1053882072393886422,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
    3⤵
    PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4960_148133260\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4960_1888490914\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4960_2068754946\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4960_813541428\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a9fba534b46fcecacb1e5193a9df1039

SHA1
7508272aec8aa3fe0402647f0362e400bbffe754

SHA256
297b035f40ab1eb8de9f718c8348bd1d4e989877d18121787ad14e437bb9928c

SHA512
b87f2a2897c18281f1caff85b45c8e4f43c8717abab8f66e40d00fb588d55cf50c86137902b9c3f63f5f4cc100001e97c767147a7ce231b9ccee6f1c01e65207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f2bc.TMP

Filesize
3KB

MD5
5d23a0c3927d9631639067f22699911f

SHA1
5668165615735d84b8821abd2c0b035bb1ee2b13

SHA256
a38efa835214aa75032658c748989f9df487ce2ca4f221f2db018a79d2064067

SHA512
a44c700f1c4179297ceafa8113967c2bed64a62383739c00db24292967d0daf3a0e2be3f80a38b46d3d54a86c9185f18b99e9cb865a981b99cc22d433e394d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a2c21b036f7659e28b9a86c4748d6989

SHA1
566c6acd4801dea44c291eb52479f19db2e5044f

SHA256
78ffe1b0244742bcf06a3f84cefd61879d6681503034178d644800bb94ea194f

SHA512
dd4f0382ae1a1362bf99e21e6c718379f42c78c3aebb667934d671316b7d42e53ae3eccd99240d352f6969f4da02b7c81bdb45e602b26bc03e7ae5194ab40973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
19eb906d1d49a3c25e5934d0a07f6116

SHA1
bc54ef77a0b54801cc56df3c874d7af3d6eaa10e

SHA256
50c3797e403f543cb7979c494040fcd29571a0cb0db1bfbc235c6d57d66f6971

SHA512
aec3afba47686c251ae9e3f68abe0683d0fa6572ba5159db9eb964d4578c4099973ada7535cd93dc096a110121e5b9dfde32098aef660fd99a66aa27703683cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
b3f6a938fec6653dd07bb75778565771

SHA1
69576b0560baac7e51ec3234a27242968fe6b738

SHA256
d59b8a2c42407fa8456dabcb0cf1d3e2c526df10466e26c76886d79e89879939

SHA512
376d3846cb8f67cca9c497be9d55414e4928be9c450625146d21e75d88c6a71a2165c949105057a529833ee4c5fc8ac9cb0279a84dc0892929b2129fbfc82998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1aa932cb2b6a106911981e0d1c063b8f

SHA1
b21107f3ad50894cbbed2edfce3be9028d86880a

SHA256
fe0de912e8614b9cbea2ceb7668ec598060f3f50f85c2b65191e087f4fee0e73

SHA512
21e5bd573becb1cff6be62d696fdc85b8591865a5215a38fa2f84a633e6bf1018707779299e667f00be63a1e56a8f8f6fcda5007cc428cbe7f11ffce80b003dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
c3844a6019f28043a5842f05c627a410

SHA1
cf2d7894eca1b9c3bbceff0b268ec65bf2d289e8

SHA256
b8e6c03cb9cf9de1c865a1f4dc8e7d58e46bba0f9db5df2cbb9f2c159b95a4cc

SHA512
b345f984db66449288b240f72414c686d3297e86388fcb6ae352a13595ac9dcbac5869019978284eb054bce47b284b8412e74dfa2b37a220d299865346bfd429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
44c862b6c3aed482a187929c516bb66b

SHA1
691b225d2e686b27f21255932c95d9fecd541b53

SHA256
4e3e0cac32194da676a1bf04cb1f5d9120f3b2a3a33233376376a0ba2b8d894a

SHA512
50608a4be17d84a5fa438ef29d138995cd4f391bb0b966ed418162c5bf7b0747f9c67bc430d2e066c7976ffd9c53a199a805c7d35b3c54f67d5281a970b48706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
d7e03632f3729674f89991e9adeaf598

SHA1
5275c3ff99a3f7b92bd3aca28758c8d4afd64aa2

SHA256
f6a49885f2eaa07ed879d92e358a2d3b1834235021b6664c7cf05d655f0072bf

SHA512
729059f825f71feab7408ab9b94a3832e25fc99bb7c2d305445dcdd1dc8c4047a2ff27e52cee1b7639b30816d7a941238d2683aab87ea7e86d928db2c86fc59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe588047.TMP

Filesize
469B

MD5
91c95f45cbd05d00035a5b8520e98f2e

SHA1
350a298ebec8dbe7d814538df14abb2823ec6c52

SHA256
74a12241470648c775b4f4b53b16cd3bced0cc8455404e47b2ed58535e0bf8d4

SHA512
729d7461fbce2ac2d0785026d993f3a7af040cb43c18528f8fab50368cc4c3bf8527e1114f95e3c9a8c7a1cd3dcab18e3fae9154ca0de0c772d50377ba360aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe588122.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\c79e45b1-b5f6-4ecf-8489-452cb0b59cc6.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
47467be0931d07a8d43f7e2f097a9337

SHA1
8517f10b2fa5d2fb235a708e946012e6022ee627

SHA256
f390325fe8717cae6ce30e9c8da36e2f4c0ba22a078e3bc26543bacf411706e2

SHA512
35b540a921bccfb4b8bba9fa0123cc761125a9fd321cc26c70d02304cd2eb7f7dfd1430d91751841a1d15199dacf0877edab034deb625a8e0d7d226518bfa5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
1e5b345bf6816b3e8877e593ce0c6722

SHA1
53f10322fef5ec79451b31c70dec9a153cbabd4c

SHA256
21a8546849602b0d7bcf961dc79a364163c2e8f6998a73bbe349ad864e4277a0

SHA512
624197faef66693f71bc26ea39073082dad9cb29b1fc98923a7ff87c79728f1bda4f123a24a52663af6d311a32e471bd050a93e27fcadf2c48e7266242b675c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
0a1ed14f6497eb6301f3e3046e620abe

SHA1
5020ca6e7dc711d0e00f5ceb85b005d0d22e88f4

SHA256
a34df9b15aebda77669ccf8de705b5b5fa1e144e0ccbe4b471f7f9bf98f1dc33

SHA512
fad2b40a95be3d2c16bd68e8bc74b868e665241507d4ef6c98d5eff0e29c88dab6f2e49e7456b3ae56c635d2807cf8fb320137928824f11f547028071da02bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
644349ff2d42486435572d5b0cdd0568

SHA1
e214db674ad0f36976d1fd9df3f7bf4df279c600

SHA256
96237da77f3ade7a9018cf3b40dc551d5ee90155ead30cf9c7af1857bf543932

SHA512
2f9b4b0e787361d9f8158e38bf597ca54a01811002acd36efe01d824320ccf108636c244e271e10f81e7b3223e4dcc1ac96fdb2c4b6f78933ecf01fe85d5f5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f3d3735f738897301f1a57243a6a7a48

SHA1
d3515056179683a4b404fbe070ac3f8b8b33f3b4

SHA256
8bf5fa7176959ac9fe3f3b39eb6e4147a0b90f6836df7a90260e7748d44ad957

SHA512
e7023332438d9092ddf487378a34a597a382cb33fda91f3f37de83451b376cf2cce1999d10c6d61d5b3eb32ec9de78fb98dac426a8926e1cf651ee673c04ead8

Download Submit
C:\Users\Admin\AppData\Local\Temp\64f76b1f-e135-4e20-86d5-77391795b4f7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc7fc1c0-bf62-42eb-8c81-819b5e2c7fd7.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4960_1799946734\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4960_1799946734\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4960_1799946734\c76a716c-4a06-4dea-abcc-9a6e422860bf.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
memory/3540-0-0x00007FF7893F0000-0x00007FF789D0D000-memory.dmp

Filesize
9.1MB

Download
memory/3540-4-0x00007FF7893F0000-0x00007FF789D0D000-memory.dmp

Filesize
9.1MB

Download