f9f6500d0d50a079281f4e8619b73f12e0b37496104dd5b079804b215d4b268d

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8a9b779e2649bc975476d0dd82dad4a9.html
Size

24KB
MD5

8a9b779e2649bc975476d0dd82dad4a9
SHA1

81b3adbaced3dd462db7b1ddc6b85b40c7013adf
SHA256

f9f6500d0d50a079281f4e8619b73f12e0b37496104dd5b079804b215d4b268d
SHA512

aa7df2ea9c57714b7977e82fd99172addf16024228c543b32207cab6e4c8057d6d001c0f35b7652660067b77e29348f7dd43df95e8125603fa2599aa989cc7fc
SSDEEP

384:SHc4yFbzn9K+M8VCV+8JjNa/KrAgJglhjja:SHzyFb79K+M8YVhL7JglhS

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1868656267\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1650582692\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_991960749\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1834203114\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1868656267\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1834203114\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1834203114\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1650582692\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2136_210602963\_locales\de\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876330181159345"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{812CA41E-7151-4AA6-BB61-24BAD34C65FC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 5744	2136	msedge.exe	85
PID 2136 wrote to memory of 5744	2136	msedge.exe	85
PID 2136 wrote to memory of 3440	2136	msedge.exe	86
PID 2136 wrote to memory of 3440	2136	msedge.exe	86
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 2376	2136	msedge.exe	87
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88
PID 2136 wrote to memory of 544	2136	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9b779e2649bc975476d0dd82dad4a9.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ff85f21f208,0x7ff85f21f214,0x7ff85f21f220
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5268,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6456,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5516,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,9511090452852257517,5812918016811858174,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1650582692\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1650582692\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2136_1834203114\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2136_991960749\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2136_991960749\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
fd80fe8b3f00cd04f8aa706cb158b860

SHA1
8e61b257ac1e7fb63554ffc5c84dc97a865ca451

SHA256
a115df00ac10998d1d9655e53fdcf5f89ff51e0d100c338c3c504848317cf4f8

SHA512
d7b6522324352fa45e2038c550cf1f309d961a4193ac22ed4b01a20411df36ff2e8e91aac48a7a9ae8441d198bfddfe014b909f4dfcfb925a96f5a348223ac81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0b4f4ac8f6166b58e7b57c53d62c3d52

SHA1
4a017a02dadce6ca399aa97327cc19e4330ee073

SHA256
be4281a068c5cd56bf7a34287efb336e22fecc27c81bd2e89ca83d6d9a5726c0

SHA512
8b49670f4703fd920e493cb6ec7715105e50a4281f83a9254c76252e82bf5d32ed09ae7926f37e15a8f86b35aed59692a453e36231df693cc9463411f3a29cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5807bb.TMP

Filesize
3KB

MD5
ceaa19b18c6b66072e6f922da9349a4d

SHA1
e340109f342e542bc6a19d5e9ea491917b798831

SHA256
319f60c5badfe7af8b0d0db38a6a2bc5eafcea76814aa0cf5e3d3966f49e9e02

SHA512
ed38f12f4148fde034e87361238afa56d8dd681c895d40e71a9bfcb33bee4bab228ba83c22697d120b8195818c040d7cd3467781822c638feb62431aa46de008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d257f095b0553d32e20821ad7577fe3e

SHA1
8efd05cba72dd361d47df1310ca96980258b64c4

SHA256
32c352712691336364f81c717ba84ebf13d205e62e057e43c06b24013962d041

SHA512
512ad5b949f81de21d0387482ebc46004895599b034409b75fae72d4221d62b9478301679503f1d2c6e63a4701ad066568c4db9d8413f98ee5a9f8d8c45e098f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6cdf763d7429046c1f254b483ab7e557

SHA1
a86ee39c7179d9fa4c9232294bbe4d3e67860a0d

SHA256
29f0487891252ae0f2827fa820d17d445e59bbecebfd047487675d50968b938a

SHA512
e70de46262b66faccd1faac76138c72b395dc0fe7ba0f1d23aeab42e1702b9448c0a4f3e522845c79ceda523c2e64fbf4cf48cd1980adcf187e87f33b3b5790b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b18c9011-b6e9-4e37-8669-a9a7fd4ac3fa.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c6de635fbae48ddec785f00766ec5985

SHA1
aad64d89aeb3e3f5c0eae77de64689932f684e6a

SHA256
b907ebff373107b74ca582fe3862b15933529f5c23c019043b8eb4b1036fea8c

SHA512
cfc69af829bc1b837891d5b9f0497f86ee517a4879d2f3cbc6eb61ff1d2746607c98315099adedc03ef4f845e838d98b82d8705d057689301bbf6f6e4ac73d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
2d0bc50fe92d30e8c477b5513fa7badc

SHA1
0ff22551c4d3641d4f2b97b9f747bd51baeb4d6f

SHA256
fe291b9bd8df76ace8fc1829623aeb69f07a5be3d703baea24b0199677c15b57

SHA512
83af1678e6c5cc5ffb09c401a443e8a8314c12cc4945bf4d44cf26365eebf91c82cea162654ca59601ab6faf311e8b4a2efcbb10b8c2d97b5327ca51230963f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
40c1dca2711dee220ebebe8d16cc8342

SHA1
dcdffd036d39c617c15529d82ba112bc142dbd3b

SHA256
181aca4d00f11b94c853326a3f350e550f192f57dac4baf194c12b26ed85bd55

SHA512
f5d0ec955a7ba30eb9623c9c16b34b7e23de98064d9928f53c8037b51381e3ac85941c0ab982bbc5e54a042b09e8e9df3c2db55c0727b326885fa8a27d4b3d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
545b82d7e6b77c75aa289872eba3edea

SHA1
aaa3ba509c51140a3ad179f23443ece823d4757e

SHA256
ce3616bfe5e2f0d23006bf6c762128f044c6d5fb57550a9f7b941a5d060d33a2

SHA512
b16b390c4f59442e7148230e4b6a013f71d8063db04b85a7efcce4d101c7826102986cb47b27ac2a0d9f5adce1a2754c1d38785a0c9eb2227f82bbb6df608546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
a50d2ace9eef616ab4aebdcfe952fefe

SHA1
c442d1ff4091792f3644286b9a282ad3cf3d43ac

SHA256
19c4247a389e7490176662d829d1101c1f3673d2e4002399cb5abf856dcbb524

SHA512
3625cff6062c6c6df33ccd4050573ce2a22ff3cf22ce62fc406444f8eee1a1e0599722fff34ddc340b00f1f0d83afab8d143f8f58e26e53c266c1ca97629239c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
dd46df326f3490f601a5cba88d9ee521

SHA1
fbc5c395d306bef65f7bff912bcd2609a58388ed

SHA256
4c9c722e17e05298c34faacc6e4b425bd2fd1cb5306e45e41d2ff837f3db49b9

SHA512
fa21543f1f67309ba587188cb19ee73afa8137134d69f789abcb551e7ab479a07f003d1fab879d69dc3891a565c6b04e206e074b6d617f4ec795fea434a73ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
ffa3f95175a5e8803d3548e26c83bdb7

SHA1
2d1170d1f53a86e1fda56742b5bdf9d7f4cc1180

SHA256
ddca15c21d6a4d391bad1ff85fa876b4e61ccaf416853730726a713287ffef9a

SHA512
e8d2cf70cc57ec15448b23a0bfd7bf5b0892591a6acefb62d9ce42401308302f5cde6a907abe19cfbe6246ddcac4088c61063f98ae50983182442f5594e90b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
c92d158d9da1042ecf9215c8d7595f98

SHA1
aac558173183772e8a1b6c7c2b76bf5984a4b661

SHA256
dfc73c1723832dd8d2e51e51c7f33262a70e0dfd7739ade4f9b6a85c3a06bf78

SHA512
a5497aad3436a803fe810fc049e2b005795ea870e344ba69bb90ebf349cd157fc701c7bfa6b116911240e806908bd26c9f927e2cbe3e0a96eaa392bdd8f9568f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
4765579f7ee694dda24625cb95cec75e

SHA1
c11da32d403c47622a8530bf7b9449ec8072105e

SHA256
0ecd48d9e10f37fbd3610ab0d5199717dc8a02dd06a1c06013fe6ba63c728c7d

SHA512
e42e6df55897b70648ee3a384e431a3e54c3f2e4401c8eaceee0f5080e427c9cdc7adfbaa3a295e662460985362c123923eb226181f2ee8cc62da93e98a55dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
b0c7e29cba7b2adc3d899feb634c1a15

SHA1
b8108ce91a13585e3a96443eb03f9b887131c3b8

SHA256
48107f7cdbe90a38b9c83a3dbde63d7bf15a4b975e3953db1d2894f39457455b

SHA512
4ca9fe0c244b303809325c2a600daee3b9337d5b342549835b4b3773a76220dfe6462453cd8e752f3c6420add1d534ace2b4a89955050deea01ab2517e876a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
971f9bfa8f350e6e58b078e00e36adb0

SHA1
5f37d7554c520bf9b975afa7e63cff1e791d6442

SHA256
8a8a148e572f18cfa2aa4cdede08fdea2c925144b3944d34363a5ba37a0d3287

SHA512
6cbcac41403a7f09e067125fda2cdc3136a48cdbc8b67d7411a14d84f676a7ab0d83e81ed7e4e74907934b3335bb13c856ed50b50e042169aeb2586f88cb72e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
be8fc9b22d4f6ca033fa0346344c6212

SHA1
9d78d3d6038de03d1a93201e078e5a2b27108a8d

SHA256
f89c3925fa85937406e4494e58e88b08f8b11c7327fbff7c11f07b372c36b3e0

SHA512
e5224c75f2e3a05cbebe47f297cd1c86e422d59299530ddfd507c492e00efe5149ab1196fff86e32eb950c264a1560b6db1955c274fb5a9d02f217971fb7b589

Download Submit