4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

28/03/2025, 18:34

250328-w742ta1pz2 6

28/03/2025, 16:55

250328-ve97paywgx 8

28/03/2025, 16:52

250328-vdj9waywfs 8

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/bin/Monaco/index.html
Size

164KB
MD5

001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
SHA1

982a05814546017c40771e59e7677b53d84787e9
SHA256

f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
SHA512

9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
SSDEEP

3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
18	raw.githubusercontent.com
19	raw.githubusercontent.com
21	raw.githubusercontent.com

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_2113097969\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_215727441\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_933732457\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_2113097969\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_215727441\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1500169928\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1500169928\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_215727441\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1500169928\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1500169928\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_933732457\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_2113097969\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\_metadata\verified_contents.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876605015988390"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{D681B896-1DBD-4D1B-8860-C40495A0394F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5316	msedge.exe
5316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 1268	3124	msedge.exe	86
PID 3124 wrote to memory of 1268	3124	msedge.exe	86
PID 3124 wrote to memory of 1512	3124	msedge.exe	87
PID 3124 wrote to memory of 1512	3124	msedge.exe	87
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 4652	3124	msedge.exe	88
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89
PID 3124 wrote to memory of 1364	3124	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\bin\Monaco\index.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7fff4e6ef208,0x7fff4e6ef214,0x7fff4e6ef220
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2292,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2540,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4284,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4300,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5092,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6456,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6472,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4648,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4636,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3348,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6844,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5308,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3300,i,15789016243533267117,3807673494856696051,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1158028412\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3124_1500169928\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3124_2113097969\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3124_215727441\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3124_933732457\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e71baf6ae67ffdab6f34a14ca99778a7

SHA1
d43783295867e0722f0caed44f92672a250e08e3

SHA256
84441d6d247d6d36fe70b48c43b599eb8cc0df22f5841864ec32c1f2b8805949

SHA512
df35e4ca7377e4ea151ba540c99fecd5b5213b29536018582adcc3d5946bba941a65feba729731310129a8da7859e13653c5ff4f18f7f35b1a3f50a74959988e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f7ed.TMP

Filesize
3KB

MD5
7eeae1d43c1d3ecc6249dc744b7e62ee

SHA1
af2fe2df28e38c516a22bfe7d13b89727754d7ea

SHA256
2254c6aa4e36c6658516d5bacd908e8121ea7caedf9b4f227e26f5c667d7042a

SHA512
7681b2807d0af55d2787f4cdadbf7b55a50e722e31070e5504e4514bb3ae69016ce2ff7e140f9c2a7092e0923d87565d891cc78d8022271f4277e8230fee0754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json

Filesize
1KB

MD5
738e757b92939b24cdbbd0efc2601315

SHA1
77058cbafa625aafbea867052136c11ad3332143

SHA256
d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

SHA512
dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\manifest.json

Filesize
962B

MD5
e805e9e69fd6ecdca65136957b1fb3be

SHA1
2356f60884130c86a45d4b232a26062c7830e622

SHA256
5694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a

SHA512
049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bd05737506d661cef2b3f830417fac2b

SHA1
f644223fce13c82b9c299714576796e770937c98

SHA256
85dbf170d8a7622434a34f1c39bfc5602ae4f0d761351856bcfecd1e2687b18b

SHA512
5629c7c00a1731609958b9b9d9334863de1b051433a2a395b985c4ea0fd3559a338ad5ba85fe1e3fb46c0081a0fd96119f2ed9e7478da49ba5a9f252d8b16dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4d472738f83af03eb34ecb0d256f2cae

SHA1
545d7e424e66e3788e71848b9ddb2ffd34ca4002

SHA256
4e6ba0f01dce8f49e6c16188a6d6db97b6705587771ed061c94e855e84033229

SHA512
6434b6367ec2e5068122c506d31287b88ff22f26f69d23fc61525e4439032f4487c03f0d86a40adc7f108b9ddaec018295a27b49e8312917b4f257fd90fb158d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
92dc73a2b41f7df206cd77053657c8d0

SHA1
5fb7beeab39a38b45541d4dff3a9dc909ca5a02c

SHA256
f430fb5eb002fd2ef5a197a517a60daefcbfa1948401e4fdf4583ac046bcc936

SHA512
93ade7eb568f638ed03933b1248266d6475f4ffe8d3da64a57d655d114ba04fca2a9a68d2e49ba90c6b98ff8033cc18135ab83c759446101c35ad5137ec8612e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
429fdfd1b27bede9a03827e46992de81

SHA1
6510b31eb1ce65cfceebfd1ad6564be0a4995b77

SHA256
ae046ce6613a2ae59d4e93b6e0f6f65673dc3a18398c27641134e6155bb32a55

SHA512
386e9a315c59ce63b0c0fbeb99c623adf29936e50d341410ce414a8f8eb45225072ead152b2fc63c6b79a36d521e4f60655a5adbe135218bda98b74f3f526c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
36dceeaedabfefbe6d4f2da344ee765b

SHA1
ed1936d1aa19685a7a374b24930bd61e3e8379bd

SHA256
2d70864d686118ad9e0f8271c2ff4b098900ad13bce891bcec0ec9cb2bded935

SHA512
e8c0e82397af79eb70723b477b429b05f0af8286c5c0b04cafe8bd80b066fd6ab2289b20b02e57273d4704dc421e689f4c4af852f368b9ee03c3976b3e7bb37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
1KB

MD5
dc52912d8df18426602352b82c0accea

SHA1
0a01caee703d836449e0eee837c1e437ecd55dc3

SHA256
8b15c3a1e6ef42145537449feec77e03d5f3af23bbd438fe709f0be8e9ce420b

SHA512
8b8ff924b1183cf60ee3d308680e76728a1ef6c4b15fce265e0d86845ba1d9eb8275fdb0cf688881ec5620fd31664c2b1cdf7713cac978a115090e46eb652f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
6366aa77f15a8494b20d62bde13eea4a

SHA1
05899ef50cb03f5396b2772d1e0b02d8150ce397

SHA256
fb07571b7425bcd0a7c9cc74598ad8c61736a26a3bee5a3cf0562a31d1ed8f2e

SHA512
f44e05857b3202f0fdbf267f4072e18104699e74e9c416220cd6ab20afdabac125aef7b1894dc44e2c106a8d12febb08c622116cb3be346adf095523568e9bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
fd7753e2f07684caabaf1dc085800ef9

SHA1
b57ea0b510948a07abf2d69957a34ee70bb41d48

SHA256
f32766ec815a59aa2d1658c51c723d308fecfb7a14da4065a63f070901e1bc0f

SHA512
2084316f8e8d3afc644780663bc6f02c17957260d33bd0596d37fae339e6bd66a010f3ad7222a4713a9de41db8ed76ad05821ffe4ac867cdebd4eccdd4573f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5891bc.TMP

Filesize
467B

MD5
d1cd4fbdd9f0e198e1b94cd1af7b97fc

SHA1
93b5596d8c8bbb5ff14dae533db8bc76421c732a

SHA256
d3a76086c20598916a6cd01f956916a437a364ae683869bd4b2cf89f688bb420

SHA512
43489abba4357927182f63c34db8adb3d2b7a5938f18a1183743346551a50f2b02e619165918435c9e8a9c1045d6e3c8138294661257a7b830fe03daa2485174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe5892b6.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
2e30e2b1a04a4c5f3324d9ed87c088ad

SHA1
3dbacdc5dc0ee6b9f33dd8b6ee0b2aab30208ca6

SHA256
4656df18ee52857a341a8be0e147330fe9871b62d40d92a8b1bbe9406f1cce1d

SHA512
75b9bda696d10af8b745fd2600557b23957e18cfe07a4d216569825225e9e5a4628c9ab497801c817a43a66f30273863f3cc07b03489b6ddcebaa277c83c8cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
f87399f79ae9ea106a71d95227215d2a

SHA1
2888210dd92b67b38f4aee562ccf7b820968728c

SHA256
4c81318981ff191f3fc3555ffae80ab0a9eae5d54f15d6f322b5ddf2a0833d56

SHA512
c3f5a11d7f855b89c5cbc05bf3dae82fd0c5b39a0dd4797964ac144810c67fbada704bd8e077bfdec864e9fe40a01b555ea3e77f262d73ae11343b3544bb7daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
431cb5029ee502a06fc6a0552fbb2f4d

SHA1
8ff6774d2ce2ddc5bba73457e2a12fe585883414

SHA256
94b32866c689854622baf8f923f7a27a087ae345935f8d12327e2c048c8078b6

SHA512
f55ad73b81d2b583b94a7e36099b8bc0b9d441e1c2337c5b26fb084d80f38e8b8b90af15ca2bc7c93d335c12c0ade4d0f40947070b7b1dcefcaa37a5e9c98a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
2b9221037a4819f9570ab7dd4fdaed11

SHA1
a5a862de7f5ba491d8e06b3a020ecf28a55512df

SHA256
4eddce8effd7ebbef7757676bee1453dcbdf279332066eeece45529e66e07285

SHA512
8b4c98c7caebe006f54439f6abf0e15988c647311da251a07d5912fc77daabed0410e4e9850540f77deadc86edfdde22473d84a9fdc0756cdaf07fcb78a8f34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
376b075d03ec0e10402bdb89ec646168

SHA1
bb6ce23aed42367248b319ee14b2687d48507d97

SHA256
77de60e06092b77637e8afd4c58033291ada651a6bee3481df92b55000798888

SHA512
e2466b153316e01ee2bbfdca2ee56e577eb6817f7d52f7b4c2d7f3d738f0fcd6db1a2568a92be2d4e21f79061b9a8b73e512f3d61523c20fe8c5c032570e2f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\18f7149e-eba0-43f5-89c5-b67e395bbb54.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\495786a4-92e4-4e5e-9d97-5b74bbbeb139.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_1743388367\CRX_INSTALL\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_2133962275\f284e260-7345-44fe-a19f-a9284078e206.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit