cab9695cd772ad48340471ca7a6fc536ffe1fe02319e91042b8971a03c50597a

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8af4954a42c5cc0452b7a639b44326e6.html
Size

81KB
MD5

8af4954a42c5cc0452b7a639b44326e6
SHA1

27e492cf2d9b0bd94464091b9c4d16dc65e2ba65
SHA256

cab9695cd772ad48340471ca7a6fc536ffe1fe02319e91042b8971a03c50597a
SHA512

79a65878464488c7cfaf54fc678bdbe7a0b350bb25c97e8b4446fb36214cb9b78b6ce9d835396ce63fa0d533486b992d01a365c9eca28a494306ad41f99ebf51
SSDEEP

1536:C/x8m/kD1odohuXtzodoh9FVdCntMIutbd:CdU1odohuXtzodoh9FVdCntMIutbd

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1681892585\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_278530028\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_278530028\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1681892585\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_278530028\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1111493081\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1111493081\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1681892585\deny_domains.list	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1404_1770928698\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1681892585\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1681892585\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1111493081\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_278530028\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1252919698\128.png	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876656783341132"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{B4DAFEDE-E60B-48F6-ADB6-8E7083269C81}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 3636	1404	msedge.exe	86
PID 1404 wrote to memory of 3636	1404	msedge.exe	86
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 1452	1404	msedge.exe	87
PID 1404 wrote to memory of 1452	1404	msedge.exe	87
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 3080	1404	msedge.exe	88
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89
PID 1404 wrote to memory of 4548	1404	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8af4954a42c5cc0452b7a639b44326e6.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff80598f208,0x7ff80598f214,0x7ff80598f220
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1948,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2304,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2636,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5156,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=564 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5276,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2852,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5956,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,2563533169196849103,2819661662011001569,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1111493081\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1404_1111493081\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1404_135124558\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1404_278530028\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
36a503be0a1035858ca13527ddbc4410

SHA1
18f12441345310c85e3cb962fa06901bda620db6

SHA256
51209a030b733480be0eaddfffd6c152e845dff391d8548dfb52444d795e27da

SHA512
5b9bd657abf1bf850ddb5c4fec251ac668532ff2309279d00f5e0caca604f059cccce9169d2fd36a3269730a72dd4eddccaf6730cc3bda256edd44b827d38844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c3da5de5e667b295afe4c8fe193eb6d9

SHA1
30d0ebb327ff3c95ed9acd37f78ed365cdcef5b2

SHA256
28fbe0003643dc63a10f60fc6c3b97ba8b367bb3ae66ba62df22338893e4a809

SHA512
a78fb3cfd00bb14fcc208f36209bc8eb99f6279744bab34a55dd71760c14c94326a1483f517dfb62ac0bd633d135d4959757d8cde444a67cb486e9c98b73cd4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
2642b347287ffa26d7501bcc7aaf8ddd

SHA1
d1792bc5ab4c0c8eda4538bc455b9ac14f65a549

SHA256
8f5d8c86467ee810cd98dbcf89ad71711e5c7cbdcb321cb30cbfeaaa2f0b11d9

SHA512
967eb7007d92edc665f1130164043c19d3775c00a5c4f2da5d40781bb60f14d201dcb98dd336f74a2ae5d9159fdddfa07fb6e778100ba78b460b8dce97ce41a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
44338fd4cad49d272b2e3d7fd2ec41ed

SHA1
51b4bf14546e98d49582abd17a5597aab9d14014

SHA256
33b097476dd837c38ea1b5e6e81acad42af7f4b47646f16cc0d8fe2e8e9b363e

SHA512
991e1ef1766ae5e81a982ac161f7e31a0a88634ec6fe8428e214c96542db40916f4b0cd3755abe389eb97b710c2109b9fc8c8891ac9a49cfc7a0c567421fbdcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
fc3b73186c138d436405c8e208ef856a

SHA1
0deae7da6c44cbb704116806e8e06b0f3ebc4a60

SHA256
e7fc9727d15aa69fc2ffd2c86a8947cc670560fb0c3187b6725ca456c20b770b

SHA512
3ecb59a50f9fff9500513ad9e60775e85ebba1b049eb7b7482e747f7aff973eb09acf225dc612637bf3771472415d10af874f620136e340cb199f8fe556d07c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
b6025267f13f348b286236201b28f8bc

SHA1
c5ef7b370c30cb718406034acffa50dd081e1190

SHA256
1ad9f3312b68038ee4875888c6b8a34976aad974b4d0289de8649f40c888c2f6

SHA512
c73cc5ad54de2a7ee250ae05e8a39f531c7ab59fef6feb8967ae3e7958300221a298260ecb1d3562cdaacc2c8a5e165eced1427bea319beabcd00fb7cc060e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
f81982edf8ecce3b325031d133bf7894

SHA1
1fa07bd68d7b9c6798cccb1ecdc5444d31688a7c

SHA256
5cb7f0949efa054a8daa38c707a81210416c134924e2ef123de9bccf3072ac05

SHA512
6f489278b8f5e155cf40130e4313d0c2880b6ae98824f217556553784b1d88c259cc8acbdbcc045e19ffb09660447436eacfae35ffa64aa3a9c63c90d81b993a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
c69fac8a5b4dcef734bbf2d48d4aa9a4

SHA1
d344b87db6ab9355acf04ef41ce89cca4c5b5314

SHA256
0da6eb15f3561ba957b97b9631ddd9b3ef4e94361977a293a11d492f391d2c49

SHA512
08d5a9e9925e3680ebdd0c6ee7739aeeb6bc5e9d0da142123fa51e11eb16f1bde91d57742fd3c7d7e0fb2f8cdc47adf656e4c9c0dc9812d07b14a911d57fe2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
94c9db9c8f5192d7a006eac8b5ccb576

SHA1
787a9bdcda591645d0d0094be823f5b48d113d84

SHA256
71fa5ce2fcea7410521f5ab75952628b600e2796a1bdd4f9aa59102630dad2c9

SHA512
d25f62d96b394c9450d70a66972fb74c4d1c96a147e6abc2f242f406129d1bae11133557923abb12d4552b6058f076b79f27a535cb63bc2be7cc0169bd3a63ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
ff09a1118216731a911225c3e5b8eea2

SHA1
b74f7e06168212dee3d423e758664c9092900599

SHA256
5b1dbfc99939c223f71ea96d4d8d5a901abbd5454041015e047d1f0629358752

SHA512
203bb558d65b07dc871abe7d20ad589dead50403e77539bd7e4621a82dff9f6edd2f8e7df2ac9be655cd916ea78f3df4e6fe36ed6d54843e902a6c30e9b3c228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
9f35cc54e12691795f05882f41dfcece

SHA1
d12265059cb43fdf29bf784523736af4ebb617b3

SHA256
3e0453843e68dac36c2b4b42305b042bdeaaa4a96fa7842506549d612e1c4db7

SHA512
2713dfdf567e1023575585a83c6471306a8eb8376c2ca932cbbb2988a3f8ba5e99287e5b8d0ade28715af697ce357e0e3c285132f558300acc384918d3cf483a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
4cce7f15d74b3048412cfd8644b34462

SHA1
2cf7c49ee8045bb513c7da8abbbbb43deaa99361

SHA256
a4767a695b338cd074171f7ea77308fcd72c95a142e6de5238e2157e5f636789

SHA512
02bd2187bb63162cb667008814ad6add89a4baf53559fa83df5ae95bfe95e2288ff2d5421a92f259b4a2f16b853eb60a43157fdbd204594705084711bd28d370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
a085020251907c3ac8d3962a8dd70935

SHA1
b2be0ce04523b16a02c646d1b8da5db3440c9349

SHA256
69d06a788bbf79de93bcc80b75181c43057c208b48a04801a4e1c10e24939bdc

SHA512
6d4846e253a3729a1cad6342cc1c5741c42576f6614366c125f05f2b1c87d7b5843cba24fd86424aa98f2f66ba4c85a7e85e90d9868d7c8fdd5ba28777bfc650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
640cb59841ac17778f606761c5347103

SHA1
c9e2783bb077f0ce83c0f524e13ada6b19477546

SHA256
0ffb0ddac3cb50dbc4386c2185d022ea636dce1a51556121dbf60153286909eb

SHA512
f229e98b62d31649da22c50bece6c35d480e0b4fc49460f5178149a1e627679657d1ed711ead792855b53040d98a0102958e8d9c1b2a2cbfe44b4df345344d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
0bcbf34760c3c8ce8ac06b001b03096a

SHA1
a6c9200363bbf96a1991580b774150cb82a6fb45

SHA256
501c3e0a6e1959caa4fc28c7ff25f04fb776671749e17c95d5b380463d0ce36c

SHA512
adddd2c2e7da38c85e8104001d08d87d05de0a97e1d09714457bf30fe31cae7542e443e7539aaa1886fe7651b3f01c27cd0b4359da21560cdb3b2264b1ea32a0

Download Submit