da0505796ab890c176535bdee5604aed3c69d03c2157cc41a233fa4b90a582f7

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_93b6347c256310c1416d6a0c8a31a5cc.html
Size

56KB
MD5

93b6347c256310c1416d6a0c8a31a5cc
SHA1

3e4bbeaee334edf76bc64f2580a8c998cce3828d
SHA256

da0505796ab890c176535bdee5604aed3c69d03c2157cc41a233fa4b90a582f7
SHA512

ea67d7d88af26f4bdd0a034691ae33fde3015b57fddca161affccda06fbb3a58b9bd69ec315b02e908652ef599538e3315a6c2ad205aa8a995ee0a65e2afe99a
SSDEEP

768:ai1S5y5v/89hh6f524PZ4l5pllUI85l8pJodJhmTYK832LyMtrAB+E2i:/g81/89hh445USodJhNzMtra+i

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_668917164\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1956165855\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1956165855\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_3844_950659105\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_348928025\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_348928025\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1826692974\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_348928025\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1956165855\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1956165855\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1646956170\_locales\it\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877793269073779"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{8EC756D3-84AD-4B76-9A5D-567378F17198}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 5860	3844	msedge.exe	87
PID 3844 wrote to memory of 5860	3844	msedge.exe	87
PID 3844 wrote to memory of 4716	3844	msedge.exe	88
PID 3844 wrote to memory of 4716	3844	msedge.exe	88
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 3488	3844	msedge.exe	89
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90
PID 3844 wrote to memory of 4780	3844	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93b6347c256310c1416d6a0c8a31a5cc.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffbe68bf208,0x7ffbe68bf214,0x7ffbe68bf220
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5416,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,5428834613039256474,9101420048265749145,262144 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1826692974\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3844_1956165855\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3844_348928025\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3844_668917164\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3844_668917164\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
466f9d74d3befbf7a96c81d53e5e04ac

SHA1
d52aa32763a0d98aea91c092ca432f0b03651b49

SHA256
fccaaae7635756cc06f812cdacdc93fb0ac680a58d41a08b481666a2f7a3d9ec

SHA512
6a0fac18d673efc17ed9e265eb461a2f76b18962fee9023fce3698c49bbf89e2ad045ca8a3b888fc33067997248bc75a8f61ed10e55c07f0728ad0c890c226fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5b165a403a6af19276d21b2cba4f3a46

SHA1
57a6ce2a96134d6ff15fbdc2a5d4cb654aae72f7

SHA256
44f32714093e6f7a559c94fd7cd8dea44bdf20e81f74f1a0b9706823700480e2

SHA512
eebecbae12b18a321d5a922bba59ba4c2c3b35ead37d7addf500244515eed51619b13ae19a052e153e525353ed582154a172505017af1775e9065210060147ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5d6ad5b373b9de00e235b7158b4c19df

SHA1
839bec0dee062b2860952e7262ede0b53bbc57d5

SHA256
b0a45bcdd6815952bae616eac475a845fc996a50d62ce3076a5a70828bbd33d9

SHA512
e37374210b0d30ff20cf62161c7764f4d5d790a33028a5de095d6142b9a909e09396fe3d847d9ea51915618856dc58103005acf83406b0402322dc9d4b37f8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
82204e5e1a04978283e07af6e3dcdf03

SHA1
83b8a6c8384fc8ea5238f3f738c3f4dd2e9fdd4b

SHA256
094958a0894572f421de6d368797b012bc73f438ac6fdeb9bc6688b03e75214f

SHA512
1cde1be2ac898868aedcf45d8d35cf1335d22178f0d72bb8a1c7db0106323b4c12e61ff9f7446a0e88f5676ce896e20cde68275311f6c65265c740e653399d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
ad651f31259b380b4ee953a8b057843c

SHA1
0e210c7dc90cdbcc240411f4efd2926986229a5d

SHA256
ef4d9e8303225b9c8488cb3cb320c0251b9e133f57e6deea8a30cd87b524297e

SHA512
e519428ba186775e74f4463745a11aca21e3cb263d9e41548c6288f828e981f01635b16d1213186490f0cbcfe72d4b047a73a8307dfc69f294e1df4e97e239ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
336297f6a686fc9bd41a61a67cceb6a4

SHA1
958a7a727798e9da874de0598fe3f7f3d38653db

SHA256
31f2a37824b2715d38e119c0f3b9535aeb8c4f2545a9898ad42c2bedf05ebca3

SHA512
f8f2965409f604cf1a0c84cb01573ebb6f9c708473a7de75f29e6c49a8e8ab4f18787a5f20d80b18c385d2aba7c2d736359f8f0c117dbf8f92baf7d90d7963d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
140bd757680073595c0b82cae3efafe0

SHA1
9b8c3ee4856bbab1490bc47643ce90c3ea8a81e6

SHA256
97a4778ebb1589f417bc2de8e51735beef496c1596c897dd53320af01ae9cd8c

SHA512
4bcbdeb1ca4f195430754f2c52be36325ad6634296e6e27211f6398089573b333a2a601b891827b9b7e385b01223738add39e1f3c42b75363b971dd4eabe3291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\12b433b6-9749-40a5-9b1b-470d2e888db5.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
1d5a8f8a94c4888905eb6d69c1d5b59d

SHA1
effcdf7fbb84dd37bc597cd0d7c57b2d06062400

SHA256
08f63f510261daccc13c8b9f8a022502eab9ab67314811a9b949f5fff60e6421

SHA512
0f3aa77261a569c46b38620c3f25e68efc5cebf9a3e63cf231651b8f5c4c19d819a47f680f0d302ffbef40d59ac038770b76004c8a7e3218b1541043f1186d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
069f9a3b0cc852313a5653502c18c05b

SHA1
51494051b60cb8942f954016237f7a4467e36152

SHA256
68d15208cb36cf356b71cb6c36e68e3073a08c276d3aa033c226140d0b6a4406

SHA512
f7d0f2f5fcbd02b46dd7f94f6ddb894a0fedf774222a005f3e50f1ce99ea99e2fdb4f16f6d5339c47dc23d4936b75ec0ff1738ce77ad2568626f52eebdd8a27d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
c9771b8ed23d465a51e8b3c5bab5545e

SHA1
5fb37f4db8a56fcd5964af1c3c00779aa2202924

SHA256
7d72160c6e809c46383922376784c6b9374452e62a8a3d0a9b6846063360384a

SHA512
392a6bf2a02055ccd7f6859950916d6b5ea7931fbb557eed06fcf13cc5811fd7166f8a613ba3b5554e52ac2cf6a080cdc9e843fbe7439c634ad01ebcdb383ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8f73496cfab66493250687dced878f85

SHA1
aa7b08b62463ca06a2884445debde37a5e8d0955

SHA256
91be18a0470a9af0c0bdf6005664b7bc84f93b4633c8ad55049c80a176f994ff

SHA512
1ebf5622fecef53af966452eb7c19f93821884252c7e6026167a389b80e32cbfafad93afe14a6ade622b1e85c4542d69ef41f00813c6da7420eaea9c47c063b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
02ba11816e14c3b730c6292abf5333a4

SHA1
49ea65e142b5f4a5827d36a1c5a80234c6e5a657

SHA256
ccbd9b6aff50f973f2bebe646ba86b967bec1dfa90dc5c7ce31a1291d97e6347

SHA512
aaa9d94c78ac273ac5fe9dcff16ec8faa6e5e13881b6655d1fbe7be45863e5d108fd01659b96d06bbc0988d55fb098fa749b26d67c0f31a077988a028c964917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
f9c8f3506dda47d953de4b6f6cfbc176

SHA1
93d57cb40a368b5487e7696eab7d5015f8e652cd

SHA256
e94b67bccba8e871e080e776f53fcd30cafe528245cb9fc64035ab0cfce662c8

SHA512
fd3a7ce82a32d73d69b479d0a6e9b8090cd83f991369a3c1139a089632989bc8189cdc4abeb99030dbb94b799e11788fa4bccaf4628ea166293d08fceec28a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9ceeda0347aed1f9ad5f6afa731a638c

SHA1
e05fd4199fd0cd9581e300bd26abec3da22c0c36

SHA256
7f0778672c8b4a0586aff30d1cedf86f7d7e6f6140aa84016dd7665735944751

SHA512
f835c013497ac485e9a31d64a6e4f6eafbc73fb0442d2f78d9738a7979cee950df08869f44529029772b2735aa7e32834738c0a3547fa2269d12b10d86a1e6e4

Download Submit