fa441853c97bdb64cacc7874bb45ac80b75919bc2ba4e738ad2f8b5f0757c4c9

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9398c198c5f0fe712d310f7d799332f5.html
Size

90KB
MD5

9398c198c5f0fe712d310f7d799332f5
SHA1

658ba511bb26ab1aec9fcc3a5b8f069692c87729
SHA256

fa441853c97bdb64cacc7874bb45ac80b75919bc2ba4e738ad2f8b5f0757c4c9
SHA512

c3aad8a3ae28d144b9692ef5d55fd5997037541c04db19f08a07cabe647bcf683d034c3d1e9f1be31be9b39d30f5f21274dc38c84816e7bd640bd3b52389ef67
SSDEEP

1536:ozwTiMRR+Z7CCCrP44Fvi4KEYcn3xFTp3eSs0R1eDe+5nr8+9Nvla/JSi3M0Bi38:o6iS8exFTVeSsUoFa/JSR4i3qrV1odkt

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1681328025\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1597222462\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1477803737\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1477803737\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1477803737\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1597222462\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1681328025\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1041925206\_locales\no\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877773580236386"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{5EB7363A-8777-40D3-8331-F42689F50DC4}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5724	msedge.exe
5724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 964	2340	msedge.exe	85
PID 2340 wrote to memory of 964	2340	msedge.exe	85
PID 2340 wrote to memory of 2332	2340	msedge.exe	86
PID 2340 wrote to memory of 2332	2340	msedge.exe	86
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 4952	2340	msedge.exe	87
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88
PID 2340 wrote to memory of 5688	2340	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9398c198c5f0fe712d310f7d799332f5.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffb56c1f208,0x7ffb56c1f214,0x7ffb56c1f220
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2008,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5188,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5380,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2804,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2844,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6788,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6788,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5864,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,1446905190842492373,7094105432272078747,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1477803737\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1477803737\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1597222462\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2340_1681328025\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
6d35454c7c8c33aa149c4c99e81b5e89

SHA1
77392fd26f746186dd23b3714b9201a934a54b2f

SHA256
4ce1ca7540ca7290bb3aae684bf7c273d4d487b3fb382e80e5d7112aa1efa4e4

SHA512
4dc7c90e0b4af3e9882a242ff30bbcd992a59456c42f566cf74cdb665d075254c9ffd8e8ff6ebe64aaa0021c839473ced1621d3fb86327379f9c719895acb977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5800e5.TMP

Filesize
3KB

MD5
48f327abf8d8b4ae6388742539175229

SHA1
18374c2d7955fb9efca7c0820738a905ae59ffca

SHA256
7761b2ff7d35bb88c0066465c9ffb85ac94bef46805cedb7cadd4b650cf2204d

SHA512
78f679b049eac5bd044ef58ef30e6a4ac9e10d08db6289075c033245ed1c037cbf10f572919c9363d3cc828f1cc643e3a825e659bf3ad48fb25f0e92da18c845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8b3979504790759ed484952f3c8b571f

SHA1
17cabd50db4a5ecb7929c044065d003f5a1388f4

SHA256
c5fcf4fcf76e2da96322b26b22aa6f01039eecf9c44bd7f89a2d0d26d586539b

SHA512
0fb654019b2ea188374e2a8f7e4276866d03716da4cc42ccfe10d40a3d9d0b6cce65995bfe8f2c97377bec461f6ac221819fdf6be52ee0a8ba6ae753576d2b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7e625358689b38851978566bde26129a

SHA1
38acd83bd1e4ef9c8c9d05aecaec4a964768d68c

SHA256
d567fa99e3af1743c4c064518569128776808642cd3f8f57d412b682dc772f95

SHA512
42ffaad3b78445ccbf82aea7210b17ee723974a679712dcd58d360fa3e35f20275e9c75edccbfa6ecdd0571a64a2de4c62e3f4394920e2f46f86d236ac3f3d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
9a8387a7e12e0c05c157b6717e0de1e4

SHA1
14423146d4e00071229784e3d2979cf9b2595ebc

SHA256
12619574d8692d3205d7e53ddfd25a4c48c07bb1105bc906c37694ceda390e5c

SHA512
2eafc8976d7f71774b5e061cb7fbae767c12c59671766b890c597ce521f2e0f288b3da556a7a7537fb6d0f703b6a9c15a9f756ae44a3a5f2963ac7d74cf1d7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
6aae93253202c789a5851218259f2665

SHA1
5c549884e896e071254fb48eb328cea18cfa4454

SHA256
3b92d0ec041c2288589b19fd0df0e6c3b7c7ec1671a39d9863a5df6eff64bc45

SHA512
8ef3d0cb8389ee2f49204b29685be4bba17c65dce40785c2353bc6aabb28a8b1a0845e1d9ab86788ec8fd07876573d6224d80e453a9a9e0da86c3e740c42a937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1a416c84ec604373dbfd5e58d4eb0cdc

SHA1
9db2d1c121c1bac8f72c7746799eeaa1f60817ae

SHA256
28407ff150250031eb0650ca1c0504607e11b9b0fc56c759ae5dff1c47b1a071

SHA512
a14b5e679206cee9dd19d9d2ae19170f814b7ee0f2163028562ddcee8165c7dca36ea2b106da9e97fdec6c9a33d6e0c301b15af0a4f14f6912286ff79daad200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
15695db68478096a02077548a9c4eb50

SHA1
097a535b7aff435284f5e4467af988ca7b0256c0

SHA256
be688a2c790443a949685bf322cd26d3d09c4c1f045ae27ff46a0ff45ede1431

SHA512
8c5f353689b4010da0d6499d5125bf87003c2c2c81e972622861cb956a45f6068250f73d9ac16da1e17dd42a7a19d92016d2d6b84361465734618fdf0533d01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
65B

MD5
f012cdf7eed009b6531e662c6b34787d

SHA1
b0cf0127db406b6184aa1230ceaef87f6d0f7c01

SHA256
26e78cb8e189406e12ca36d7fe0eee3d0757dcb21dd8c84917e09c50bff3b708

SHA512
89ab98a58175d02e277f293cd9cd021d3dffd012d12bd15f4163b6a90216d6bc3fabeaf18fbefb17b9d007eb734624065a9ce52fa418ee5216d4250c588573f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57b2e5.TMP

Filesize
129B

MD5
666bf54dc88d2ba020b240f2d18f3cce

SHA1
88c563b746c8ba406fc98cc205bc8732aef9dd82

SHA256
965f3382d7da64db1b46253cc7a20d5e9fded8512ecd93ba53f46fbab37be942

SHA512
1b7a0ea6c96ba60c51aca5ff51abcc52b970622c533ebcb1df73e5e13532555dabacc0bc2643507390b96389d54ffec2dba0f8fad986ab2bc2c0a6410e19ceac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\550e8cbb-e3fa-4466-b55b-fef3862b6ded.tmp

Filesize
894B

MD5
44d61f4ff17e409d4b7caf3de6d143b7

SHA1
dd552ac566cddf2e83731d2e4ca40b2d2843b314

SHA256
e66ac178dc6564e062f05d4119716336833efdf0f1ac871c4db270147719164b

SHA512
5704e056f6eea3ab6ea03431e8acad4a6b5c1be662fa94b7f51ee69dd30900f6df61a4a88f5aca4c84c273ea3556dbe2d98a2d38e34e54183e1abafee392e4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
b14378c0bd063f44a2e4fc3965b0c47b

SHA1
cb578f10866f98ad9baf2e96bad2153496508779

SHA256
5b9d97923fc8757ec68d734b538ab1da057041294556c0874238b27f0f11c0c6

SHA512
9916e90ddb142fb2e64a6ab5dbab259e96648efd0234593db6efb98ce75b12a37ed027d93d85c4a03ef205b275fa4e312745d63bbc583050f6fb9bde7e956d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
5196d298fd799e163baaf03d87538aa3

SHA1
0ff6d951378b6de777878b51c24f684b78fd2354

SHA256
78162324ad50bc237041d20b2195415fede591aaf52bd03246fc63a86cfc435e

SHA512
5333a6178b42cdb33cabc8c1e7ea7ec876a94c747e23e85a3db5988b2ab9dc62b2f44dc552e05c6b89db5450cc06bd0c3417caeef8760743116331f9d5a15835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
5b0ffc4588a86919de7f70b53ab4200e

SHA1
bc56aa34764f99bbb41e55b04e8b015c36705c0f

SHA256
b4fd9d060c755994e966de147678abe001c91fd52e43a13602fd59537a8deec1

SHA512
9700b589c7af3c61830679e001a8e948046fe0ccbb56d1f9fe19a8aead7d0896fe4ba540960bed8f8c9858f503e005a1c498fa576e3e015f6e8259f3c6c6fdc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b22e4b62a4cb016e72bdda2f3e3e889b

SHA1
cbb107b7922130fe0ceb92824c0052566d7f7a1b

SHA256
28a4814ae92349383019e4bf55e85101ccd40781a93e451b1c75dd5da5bba575

SHA512
d3e36194d97b9da9c495ce802189ef61ffe73cf1dc7cf70b7009e5e12d3095541ba26e340fadda545c51bb109ef28a2bbd4f99ce69f2daf3db9648f3a6f45d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
75468bf7952d77da0f66d2bccfba2329

SHA1
0e73a75dd4a17b6a1344d62c650d67cc78ead2d8

SHA256
4e951a670e500394ebb4a6e37ec09cc978ff15dfafcd1ca88d45dfdcd1a65b5d

SHA512
0f9444678c169958150ec20d4e20f02f93c395a272db79ffdb579e11719ec0ca623d297471b2e55a3025b36174273f35df604f065ce777c450f028832f88b821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
aed48d6010b45484524bd79501cba1c9

SHA1
97e0f732ed0ceb659a58056ffb3bbd6ca526cab3

SHA256
fadc139dd5cf4ca41dfac37af8834f4ad367abadc590a6c2f3b69b4c67e29dce

SHA512
379642128726c3bbfd2ed14dc7e06d209b1e24c90a7be26360940f212d006cf9b1a359c0c4c93c41da76a19d11d289a9953972a0303cd8151d99e933c954bf1d

Download Submit