hxxps://shourt[.]at/hpcVf

Resubmissions

28/03/2025, 10:27

250328-mg376awqy4 4

28/03/2025, 10:09

250328-l65a3swpv9 7

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shourt.at/hpcVf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_2070632579\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_2070632579\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1968155009\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_2070632579\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1108863346\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1968155009\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_899289037\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1108863346\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_2070632579\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1629184832\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1416310551\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1108863346\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1108863346\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1968155009\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876312688311180"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{3B76CE94-F912-44A2-9E85-F9B2DDDB20C1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5200 wrote to memory of 2956	5200	msedge.exe	88
PID 5200 wrote to memory of 2956	5200	msedge.exe	88
PID 5200 wrote to memory of 2216	5200	msedge.exe	89
PID 5200 wrote to memory of 2216	5200	msedge.exe	89
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 1536	5200	msedge.exe	90
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91
PID 5200 wrote to memory of 5800	5200	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shourt.at/hpcVf
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffedf0ef208,0x7ffedf0ef214,0x7ffedf0ef220
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2472,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4988,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4828,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5016,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3732 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6120,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5932,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=3656,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5092,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6400,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5168,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6784,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3524,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6804,i,7046502814021704523,16290725894160853996,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1108863346\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1416310551\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1416310551\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1968155009\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1968155009\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_2070632579\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_899289037\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
72KB

MD5
0c24bfb73d5151493376eb1d19031fab

SHA1
a899206d003d703cff22f20464588743d2b618bf

SHA256
3244024bcd81b9acbf69488de4d07f9d6df8ed070990ad1706bc4f510d63e64b

SHA512
b73528b77c5b60a97f79ecd9debc1d49693dd7ab4e1df756afa5c3c455a83bfb2a8686558c0962401594e3f69fe662b8e7830f9a546a3b917d4ee66903bbaa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
17KB

MD5
bc08a4b62ed9f915412a7723b53891bc

SHA1
b59471d298597a3aa170fd1517ed3c7ccaa3fd05

SHA256
920239f06062ebd1e8320c88be06971f7475d2458d830d713d5e340f0b71e14f

SHA512
83f90c26e3af51c72588ec9acc7ee0cb4f19dbad1892cf2b0ad9340acbdeb185791d27880656a2f784f62e9a208981c669581787e1e8661fa405685fc322b26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b1eca6691c3ac14dddbb46cf74ef2f06

SHA1
d48ab6194b8884d743f484f4c5bacba519b214a9

SHA256
c41230c238a87baf542163950e2de4418b6b622f147150dc57a80bd1a905aa2f

SHA512
50807a3cb991f1b07cdef085bb19121a65403765cd953780b5c76346f20e34ff1777d4a4570947f2dba9dd02280591b370c1b5b83cac20b8b66eff3682058610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9e2a3867226a4c5eaf09f1330cdeb6fd

SHA1
9361b0a5781f56624921d01e9b08064800aca292

SHA256
61ef72d980cb39e0c6725dba240008b4ab2c71213371df5ddba48f7ecbbccfbd

SHA512
f2edd5d85ff9e83720af81f543290e4eced77784efb9f8eb4881b0fd4b51c398784c81b37ae84c77f3b30072cae59a27e4d4109aace257bd21921768b749fbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58e9ee.TMP

Filesize
2KB

MD5
fd9a4b5c8897b67020068231ae2ed0fb

SHA1
1af9da091cfc4ab78abc9e73fdab6761b3984f43

SHA256
102ad5b018be0fa9a72ca04df74e7a2abb7c256d68bd7752e2ce0a514db30033

SHA512
38868bbf6ea40e512b5dcc262f681060f82c93d82f7661053d9ca47dda959b7beae07b5b524b2fecbf5deccd7ea17b0ae7cfd50a14efb52f3a6aee53eba15cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0665f9f3d5124eb3b81d5cdb5e1b4b17

SHA1
ecf7796bd25a9a180d45a2ca7c2180791888b964

SHA256
813ca49afbed4e5451cf9c5915ae4e9fdd2754f8a0b13b815361741d5d502439

SHA512
dc6e47e5142f12a2cdae07f4611a3923f6d4c9829e9f4ee2d3665aa264b7d7cd206d7b9e34672f4d3af3cb08bfda13b7ae29d3ea6dfb2ebe4b9239372237dae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e3d3e0fab29601ea987dd657ec454521

SHA1
92a6c9e4775076ac39dcbe370c60306e3394271c

SHA256
da6b9b7503de1a603f6b6d97d2739b596778e18e785ac286e7e5e8a538dfe1e6

SHA512
a9fd1b2a265440bf785f6ab055d38c9feca3321c668278dfe3621c4ff706b1f54a4ab985888fc2f5576dae3d4091c1c6716bac66208cf038dbb06bc3aa97b586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\d9f443ec-67e8-4ca5-a8bf-c1a9065ba663.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
01c7816f2d942f13661a19201bffc16e

SHA1
b65268d9597aa897c5756014afb46372117dc81a

SHA256
9ca88d375d3a05ce85073f463b216570e4a4db484db7612a1edf94d1c92dfedc

SHA512
750e35709497b2fe090f146932930f916bb810f48a7a441d0bbc18ff1527eac3b15472c36d75fee112ff1680a42b864d9f39b0ed4fe1935abdf0a9debb438d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
10666b477b14a1b76b6e119fd01d13a3

SHA1
599922f4295afd4f1be80c8d16f4f202b92d9556

SHA256
6e8a5e6cc1e8eebf63735f9e1df3c51350153871751a8b11847353631874af91

SHA512
15fa9b7784b3f33e23640e9fbb3da6f862f1343e49632dcdbb31335749f399e82056cc5e99342e8d5ff68d62ee00063b42ead230a57f797cb9a905c142f0e6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9175a75f7f110166ffcbf85133117730

SHA1
d8b9fc218736a527fe031597ba03b8993c16ed02

SHA256
d53579fdf6768d1fd5354a02eafb398a336df899675874abe512b2ba2a112e0a

SHA512
9726d692ebb80d8d23b12d9a4d3fbbde7ce1c5054cfcdc8743fd12bbb6cd8476f69d0b75efff84fecbf420ab71f3c1324c4fad4c36a78ae2aa7c7f5da6f07a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0ff3a3fb0f5a65e7090adabdff0da54e

SHA1
9cf9fddf7fb98a5475c1feac62b43314919e9d5d

SHA256
264572657724d1b5690a135fbc2c5baae8d2553c2ee4c9056457c8447f910067

SHA512
de776ecba28a288498515c5acf574620b114f85e492662cd7dbcd4447bfd380e4175da65d7d2c648bffdbafbf795ed6c375a8f05226b630a61ec78ee094ba8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3b23d876-3b29-4552-b5ee-c094dacbfe2e\index-dir\the-real-index

Filesize
2KB

MD5
fb215ffc858f686656c3a9fde2876091

SHA1
89657299b45e26c4a1aa09318d7308ce74275f8c

SHA256
edbdbc53a51ab4261692877584f97ce2c7e8424814d30a55341d6f56d5a7552c

SHA512
60244d7dcd03f3389d571c329b790f38c773de66c82fcdb99ab3871cdbadfaa4064ffa8f3c8b76d1094efef4830518fa4cea7e5a3fcc28b1ea9a2b17bc9ab847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\509375a3-c058-458c-86e8-dc2911f03d11\index-dir\the-real-index

Filesize
72B

MD5
033d28ba1aa0b3df3546b05f37ad6e07

SHA1
1474a53ebbd5aa3335e6993898a93f1c7ad11570

SHA256
8cb01272c9ea974c983b8c0358f16f102fcd3fff428267a74d049fae05783f82

SHA512
5847548018dcd9f96cccfb5129011987569901e4e84cc90cefeb8336d7afd879d7a9843bb2629e1a39021b968af6a9a984a8b1e712c7d5bc45ecefc5624f0316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\509375a3-c058-458c-86e8-dc2911f03d11\index-dir\the-real-index~RFe59577d.TMP

Filesize
72B

MD5
f295b5ca38c8e65a8170f7cb233ce8d1

SHA1
8c9ed86c14abbadbe8c5ee975fbb7cc625ddeb22

SHA256
1277b09c8832a86d848820986fa064d24e8c1c42589e566839dc1733186567c1

SHA512
606c13909d9702051ea88d174544b58bb0f3ca8e8d3ac521aab91a19c44b75e2456c2a8a1fad85189362593858f1a92deae731bbe44ce918640d69c99de1490c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
9c92fb6dba8d5f1b3517846f18d032d5

SHA1
167cb3e7688b1c8b4f2c75d8ed8fcfbbb0e945d8

SHA256
239876fb973cb27ff72ae567c598817cddfbdc9ea20525a61a0caa6fbde1f69c

SHA512
60c5adb9cd4b5fc3b49c1d488612d7bc18b8ff967fc41312bd1ee8db6a98dce6d8da44da2bbe86b63c47a9252d74a5709b94ea395f2a1d85f0fcc6ccb93df0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
ded3ed338c6753e700ea9ed7f129bfc8

SHA1
9dbdb62289a5bb0cdeb580dc6c0fb0b021f53bc6

SHA256
580aaf99450772917fa1041b17c2dc01ec93559b031b45d3da9d56e402f189fd

SHA512
a13ab1a2579aac11d8a1adade39442c6e5ceeae369d0e715009ce1dd2f68cc2b51f0b6eef07551860e108d15c150e763988d80d32f71307c20f272285396fd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
921882f228abab88d4d636b7d4758856

SHA1
1776fff4a61079a53f3f77219ede6293c11e3a21

SHA256
3ed417b7eb77bd1b7125feeacb6153a5bc127d4bf6064837a9c063595ff05ffb

SHA512
4cc3f0238512e00a1978860123fd219828feee97d505685b467027d77e221b0616b76b0a8e7e81b72b9ceade14fd0383352ae91b4efcece1e0ae47b2d7f3b9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e615.TMP

Filesize
48B

MD5
f210c449a23807ce04e73d9faf927440

SHA1
cd3b1fc6eb412a889172ca91b50073c2402fb97f

SHA256
48b5b5db464ab2e08dc3d657f091bcd379a114287450c7f772ebf5dcda948caa

SHA512
97e3d0d401bd0d3d5984314e365da7e84d8a2abde5085df6d6fca8a244cc79349080a793318e7df81d53f563397afe295bd33e01ed6736b362da8d9ffe17649c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
f1b2667e6f752348a0e7ada198f7cfbb

SHA1
9329f5dd6d37b94fb564bd7b913887f731791d59

SHA256
647bafbbc8fb96eb48a9de5c94a781b521590345eb85d807ee31773d7fe4d698

SHA512
dd10cf06d49598515250f671ae4551061e10fb08d6d297bd72a8e2719f883d524a1bdb381924d9f1b13ed2b98cb3d954e71d14454c68c9b90ad70102fd92fa32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
3cc57e62091547324348610e049f2949

SHA1
69b188b321215a6aca03a6adb2d7794f63f82ede

SHA256
bca387002cdb5c232f4b26a21413c622c761e79daf35ee8f31af6c4d8a1513a8

SHA512
163e956696b78890a96b61dea966d3a94547a2676f7697c1167b01df46f4fac167b0c8dde66e44c77c783430cbc02bf29ee57a00ecce7984f74599267c3a0d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4e5ca1cc4e97792be7518e7e41c8738b

SHA1
f1492e22e2bb79d4019db876cbd8c7831694769c

SHA256
f0b0666ef437649632f4589e53fc451ca805bf7d1d23d1e9867a2c13c0209d79

SHA512
4e9d6a8206982ca91567708e37f8100e61c0684132d0ea2801c6a587de322daf771b000392ab9eddd54ca2f08ad302dfd07ebd852115ea0909b38ead3a6b3e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
f23f2fa965b153ad855dafe5cfc83d1a

SHA1
7aaaa020004abe2c3689f333fe22b0bab6f5298b

SHA256
3069bf05bdf2fe2229ab02aa31f2a960eab0adba98acda0bab3e8617c8327545

SHA512
6c9c5a5eaeeb3e814b51ac9dd5257874389c105be2f39bd1f915de700880b56d7e31f7ae4c2ee18e4148bf3b231cb457a76e75891bb3ed1aab905f0cb2335557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
e2ae2d7f31edc8b092facdd114722fca

SHA1
fb8dd5d18480d8c600022006a9370e5fc7ddac4b

SHA256
b544baaa168a991886f8dcc4a9269624be964a6df93764f60b0e5dd395afe82a

SHA512
83752509f0709af27bf68b37251cbb71604025dba521a3c5a90b1e12b5df3659f4f29e26c502aaad42b74d33212f501a63a8cfa388b84708c338b98e0a5e15ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d692bcae75b0479a6091d98e96441a89

SHA1
1dae51edea0e24be285c5fbe57603297de89e743

SHA256
1210409c43aadf8ef9198e3311dab524b937d54e10e12f097906f035c5bf8bca

SHA512
5275748881df0aebd3bd5f0d7bf7a2d2869ecee97479786707a4266c8cfed11eff6108f92ef52f5c5dc3057d33f3ce7442b54a285a8f6bfef4e57e11d2f18c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
f8f7839d848274c06803ee8ca9417cea

SHA1
9c87b951417a9d94be8f627ee5b562afa491bf97

SHA256
743450e28b30312d0f2e9478abe51dfa35b792d7469df99aa7542374fc58d778

SHA512
5434e75d27e60558394334181b7e99247a237d03c88e3f70e9cc14777c34c64d685c157582b3bdfe263e54d41e86dde121e4033bf6322ec5dddd45d3ac8ea3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
1989b971b1dd0a288e7b5171b50352b4

SHA1
f126d690e236392b60d839e689978318798c16c0

SHA256
e6dfc2f3ea8753bb3b85643f2448503824f63b960b7469aa3d81d77bcec97bad

SHA512
bbfc36169637036a6a1d814316631507aff0f47148a2bcce6e5efa2d39575515bb41689cd24669f9a7a31ff9b423d434f4714af7f553e73d09a45a620d8648c7

Download Submit