b1725dbb7944bd24e64dacf92716e455f2bc22219e64cb11d2c227b2ca9f883b

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_94385127020f46dc37472a18289dfa48.html
Size

13KB
MD5

94385127020f46dc37472a18289dfa48
SHA1

096ff4cb2506f4a89514845ecd1f016b3cd2f868
SHA256

b1725dbb7944bd24e64dacf92716e455f2bc22219e64cb11d2c227b2ca9f883b
SHA512

2ea0f9a0bb758c6e5e49b9a11830bbe02ec08250d5f971e1a9bfd8a1f64cfc7ec527cea103699e0173e96126faa1be57232c776068edcf9da283e4fdf3b716f9
SSDEEP

192:SIfz+E+VpTRQ5SPG5VW3B+Usme2azj4ABzR8w6RQSChaDiQy3sMwcQQQgAAAsUgJ:SIIpm0HCFu1myw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1811335625\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_410357066\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1611976618\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1611976618\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_410357066\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_410357066\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_300956770\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_300956770\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_300956770\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1611976618\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1611976618\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1811335625\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877799041248947"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{F89C06C5-BF89-4658-93EF-1F0B65D23FF3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 3336	2832	msedge.exe	86
PID 2832 wrote to memory of 3336	2832	msedge.exe	86
PID 2832 wrote to memory of 1016	2832	msedge.exe	87
PID 2832 wrote to memory of 1016	2832	msedge.exe	87
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 2752	2832	msedge.exe	89
PID 2832 wrote to memory of 740	2832	msedge.exe	88
PID 2832 wrote to memory of 740	2832	msedge.exe	88
PID 2832 wrote to memory of 740	2832	msedge.exe	88
PID 2832 wrote to memory of 740	2832	msedge.exe	88
PID 2832 wrote to memory of 740	2832	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_94385127020f46dc37472a18289dfa48.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7fffb0c5f208,0x7fffb0c5f214,0x7fffb0c5f220
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4220,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3552,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5356,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5512,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5656,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3596,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6540,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7184,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=7196 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6848,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1208,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4488,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2100,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4208,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,16850414856633659056,2746867138874204876,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1611976618\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2832_1811335625\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2832_300956770\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2832_410357066\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f69c389-a255-4657-b332-a75062b41757.tmp

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
de49caed14bfda558b10334a21b25d68

SHA1
e4e96456f26b763fafc658b7393f7753c10491a4

SHA256
05b31736277c36ad57fd31b992f7b347a5ab5a0f07982d1912f3e1f120a59424

SHA512
93d7815740eab51b6a577f9f3d7d43277193f377961ad64084e0452ba250a31d892a950bc9cbacc0d636df769e5c6a844365b3db13b53a982101b3feeeb905a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57fa6d.TMP

Filesize
3KB

MD5
31b0e278d13d1d1917d8db1b723e9a9a

SHA1
80b53c2272de340aaa8d48d860668c7664ddae56

SHA256
23560c288485df9fa8f1cf296cd47f2cbf21d785fb7aeec7417612732ec3effb

SHA512
06bbb4f106ca674e7aeffe349b346bd9b7e8d9bd166a44ce48eac8104610dfa0d2706d7fde4c04fff553fa668ef695b42c55539daed63461fb433e6bf8929fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c4db4ae8493a6c47524f4d061d5a33c0

SHA1
be4ebb400281c12a1823c55921ea040ddc97e69c

SHA256
c647ebef693eaa1d062599464a6e7f259fd5c4db92e21a35a27ad7e28406c146

SHA512
0b2626f64883494d86e86e69463defaf33d5c42a8b59c27d93c0b52052561db2a6c5138854713dad79e022b366334f2a86f570df7d13acb7ad65dd246125efc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d3f4158741206a52585685b75383f216

SHA1
39904f902e74efdfc674f431d33c3247f2dfc07a

SHA256
a7e7c5a4fb5acebff2dee2fe423bb5369ecb72c5505032c10f1cf06330b9693e

SHA512
415d76e82183cf2dac45fd6dd8ea2e3b1517ff60209f70dc0c5e6e33ba16d99f9883f4d993ed9ef2e7ebb04171cc7187edb987b47c647ef8f6797520a9050dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
3fa91fff34c00f59eb8dd335e205e5bd

SHA1
ce90d07d16ed3dbfacef96e6c71986beba5f0d43

SHA256
4923241b0d0b0975434a957d076a2460ac2b256cfb7aaadc2120973f5aa0509a

SHA512
19de0fb756ab1859be8e604c24663b63e096b3ea5eb7bb982df59168eb88c162227a6a97c4a30ecd689a3b11e715e49d659e78066138d219a7b1b59e5fbefa9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a1d24360c1d047f4eb3ac7a36da40d3b

SHA1
cc65961181f06fb250a160b331c4f5c90fd5a09f

SHA256
7b6a0885a9c8a51232cd47a4d3f932f04db0cf02f454b82021ade7c651756463

SHA512
0b1ad3bd23b1e1a5ee184c9a282ef53240c9a3ae3a2b8c68773964972cc040363d9e62ae4b62254967f5f280ac4c9c607dba5a14fb4db06cb45be049be1a436a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
276a4470126327fa9d85272de0708b53

SHA1
08f3f5f069f9ed266237a43818bfad3d3c8420c4

SHA256
ced483c1035f1b80e537425bfe96feda1e24cfa7ab2620e5d2b3d6c2f71e4a86

SHA512
4a26b4d079bd7e90b515e234a1bb36f3c8ff5da86c92fd2b7f0b1ed944fe1fb7f47ffdc1d231e818d66dea8aa236920eb8319a1a978b1e9212066d5b951c1cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
babd161298634205f3fd8b63c88b26aa

SHA1
7657b99b294bff0e0611dce6006c62069fb748b8

SHA256
343172048442ae0684db01f56ce3e504fc4a1aa7892a096dd6f2078b26dfd30f

SHA512
caf57e93c00caafbe7b7f71272d366fd9017f5bfc975edb26b19ef711ea49b276794c116669a61a1af38645b83fb8958a5e1cdbe045f58712672162a04b26387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
872B

MD5
72d588f9f60cc4622a28251846a30c8f

SHA1
8b7a82c257da4ebe07099c77878ea4520b695a3d

SHA256
1a38bc8db9acd8ef2ab92fd257e6f073f404ebcd55003178c4c47e1acbaa0a6c

SHA512
cce50a0f892658c343f27e5653aacd1fe0da9d5e4e0ecb60eccacc75aaf158e440263c25ac9cd1a9286d1c39dcbeb44d0c50bbd2dbcac1d2098667458f8ae29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
1fa8e8cdabbfa7e945e0d4de03c438d7

SHA1
b2f0591699675b6a71e8f5121389c23821554420

SHA256
4e9aa03c6c21f28b9c933be83a618eac8bab735fd954b46a52a6bda2f3917386

SHA512
0799552d1264b4bbcae95f8a65cb1c9b31e861d363184b660d0f1b6826e4dd7a3271ae51890a306762849028792451d71f1f80c47c5d351f1c90868bc306ef3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe587867.TMP

Filesize
465B

MD5
0685a319187d88c1516109321f3ea1ad

SHA1
35bf076938e9e4c6f2247999a9a6332f3742278d

SHA256
aec9565988734d29949a9e9d5ccb7ca3e1d1c08c1138503355c405ae67fb2f3a

SHA512
8b62795b8ee3d56fc717297e079452f33fba68365733c398ce9fc38d06f2faf81ddf087174e78032edec7ce52b7ac1a4ccc3a56566ce9caa4adad0aa6c43eb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\d9f454c9-81b8-455e-9a24-9d041cb92fdf.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
59196f27123f877cf3e83ca29fdd126d

SHA1
c5c1c8a7e1bfa66a7560179a9f5c931cc6c336ca

SHA256
af66ae5a53cf78e753db8b5e0494d4cbab0edd7d84ea78a8721090b8c4b891ac

SHA512
8b4f372027141ddc8fd49c5a63cdf855d4159f05691748a15fc7e6a787aab4b9d57c824686add47eb101e275ae8d3bbd738946a52fc5f9387e369fe2148f850d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
b5df59453d37a10f528d52180939e8f5

SHA1
564fa8648a00300da2a0a81e130976ffa81dcd1b

SHA256
502028a56b3af8a58f0a44c95628941d97aa0d9fee6008e316e93320246e6077

SHA512
e8bb4c1c1bd1c1765d7f7f63c4868b5c38eee6d9e80e7501f55ba9435203614f37b0ea71a93fd49a3920503f264092d1f5bbeaba1381a0fa1379e83a9925b0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
556f1f3a27a46f6d41c118bab48b7358

SHA1
e551b73eca18a609039fd7700c3f63fb34dd0633

SHA256
f3c8833be46669f60b101e8bd0a01cfef42fee99a454d423dd2bbb588907df2b

SHA512
b6eaa8019936de1f4eddeac5c576fc7f0eae9b06998a90ab4bd3cc4f76c3a86525e00acb1ac86d64c223bc06d6deea55f944509063835f085c788e2aebf8d894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
5c771424595ccc1638b5eebbf25b972f

SHA1
edffd06a50bbc1b715b6f01fcc501bb61bc36755

SHA256
62d0812007a100bb2376b8be16a729be5a9147c255ab53aef80435771c607f9c

SHA512
be65d7b58f48a03cedcff51eb83a8848188f209a80dab3e872abc3bdd754e8d66cef46a3999b50bc966323613ef1e757e5f2741f9a5e0308e710a453a32b4a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9acc1ac5d3cff7fdab8dfda657a67528

SHA1
32dee3ea8401d8f70abb91a1a8b5f147889fe610

SHA256
39d06b5e844203621b089207ac66ea995410828508547818c2d5a51a8fa66468

SHA512
dc4a30b336930f42780f1bf9f38e6b34147c12c3bbe7c585ec0131b8d99fada569b34037d820cc8ed1c739da903745e3dd3279011fba01c17fe919a6706dbc81

Download Submit
C:\Users\Admin\AppData\Local\Temp\4b6d9a89-702e-4011-ac58-13e534c26f92.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\e2b670fc-b753-4d04-9153-8b6ecbcfdb2d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2832_91511163\56f8459c-5e27-4074-8016-ff0ef6692793.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit