1f36489597245b95ded1eee79b402952bd2969ebe70bed73eff8285470fe6a45

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_97e4cca90a9e2b1d82ea0732f0d5a8ce.html
Size

58KB
MD5

97e4cca90a9e2b1d82ea0732f0d5a8ce
SHA1

1fccebaf7a23387c11b57ec73fa797bae66db227
SHA256

1f36489597245b95ded1eee79b402952bd2969ebe70bed73eff8285470fe6a45
SHA512

058a62ad1b03b67bceafcdf6e81a49000a7301921980fae56d4297edeebbf5fba306ff45f75807bc2ee91f2ba19f3d74f40f7cea9a2b0f6e2b62ad6539a9108a
SSDEEP

1536:xTCzer2TSqmiWd4eEZ1/WKKd62NDm6SiP1w2rGQswdXc13N:czerUmiMKKd62NDm6SiBM19

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_1167750569\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_903198248\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_71084445\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_903198248\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_3800_609942191\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_606943280\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_1167750569\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_71084445\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_606943280\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_606943280\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_1167750569\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_903198248\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3800_243084209\_locales\lo\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877931546444826"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{0F5C6857-8990-4AC8-B5D7-D56DF299A92F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 5228	3800	msedge.exe	86
PID 3800 wrote to memory of 5228	3800	msedge.exe	86
PID 3800 wrote to memory of 1700	3800	msedge.exe	87
PID 3800 wrote to memory of 1700	3800	msedge.exe	87
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 976	3800	msedge.exe	88
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89
PID 3800 wrote to memory of 2532	3800	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97e4cca90a9e2b1d82ea0732f0d5a8ce.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x28c,0x7ff91964f208,0x7ff91964f214,0x7ff91964f220
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2304,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2408,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3488,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4796,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5276,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5444,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5596,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5768,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5800,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5820,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5736,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6392,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7108,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7576,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7868,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7712 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7868,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7712 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8044,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8056,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=8096 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7928,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7964,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2088,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7924,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6804,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6556,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,3806117618439412421,260504740400203278,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
  2⤵
  PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3800_1167750569\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3800_1167750569\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3800_606943280\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3800_71084445\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3800_71084445\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bf041af63cefdb9a992c68d260bee4f8

SHA1
c4e35cce0ea2e122a1af3e4c5ef9a15dd6bca3da

SHA256
1ac73c5e35e27d61b295d449d25bba6a84846a8421964901979c6afa98843d79

SHA512
eca4da1bccb150168aa5fb2dfd22385772dcbe36d4fc4c3ac4650812f1ef29a30b06f3cea5e83051ee889d477dfa0530d09d3de5e0ded454b17dc295ff203814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3fca3197a9965b59a8154332a8433d10

SHA1
d4f7b19b4de36e902f763d91a73fad6da49245c8

SHA256
9cd33519780a009ecd3258b90d3bfa922f7a9d3291fd633d095f1000399d0f18

SHA512
4c75d5a6920d9ad4ac415fae0d1133b64573b73365d606bccb5acb9357947618d97ff08a170603a61625442f9884d678a07de7d93e0e800db1d9b7bb5ac52420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581d47.TMP

Filesize
2KB

MD5
d5d2056ae788f465d46c0f4fc6b60b2c

SHA1
a22474394d110dedaf4149df0ee9a137aab1ef9c

SHA256
3fafc0646dce71012f488754d422da6b321a51b70e757137a2f1ca14ce985744

SHA512
351b6650873672d8ec3c9807b6fbe0e5201493ab948860f7f123a26009e9f44fb388989cb82e55e3022fe41c7a8275edf0db3e016f198addd83e80d426851c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1801a4f8680edd111be557776f97b4f8

SHA1
a149d11edc6ef54f50ca865ebfbc2d4e348fb2af

SHA256
3db83c2b0a72324eb9f01c14357aa5900de1977805d4151d1d1b5e1a91605d45

SHA512
0efc05958225e7888869af0794372b8b093bdc4163d983c26c49463df8f132bdebd62af1652853d2d0bd23e51922087d4199a7f8411d5bb00688ef4bc518efcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
a4b4d2ac07dbfaee64c3281f09f8638c

SHA1
7960553d752cffcd79a6f1615c6c6748b37afec7

SHA256
d2165e4b9000a0e47653734528d6c4548d4e4e04950f754dca5dad80df381947

SHA512
0b044a0a9b707824602ef756960f6f1419598fdbb34e6fad70ea1f380a7d9907ee0ffce276b49e28d76bdd00eef9c414a731556f03c88afec844283112e96928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
70d066defcf5457249baafe5e72c26c8

SHA1
efa6bb628f7a48155b6c9fc70e0ffbdd92c0a8c8

SHA256
fbdbdd897a999bfaf3ca2417b47fe0f20d98171e93e44b14524f6097caf6f515

SHA512
8be1c4dc0fb700dd22283f2823294b1f9e80eaab130ff98e81d183cf6c3c468e4511614089e9568a83b8aa7fd9987692ec55c41e3c611ce4adb0cfc0866d0396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7fbdeb16c45cc66b8265501c42d06f09

SHA1
f1580fca5298a683c42d67534fa70b4ef73644a9

SHA256
02618634120c1c82b7bc31aade768b5660febf8fb19fe530e770aafde51ce94d

SHA512
ce5b77ea77ae784a7688c48a058aab168df39145cd3024c3a0d0c44d13edec4d8e7db5cabb40b6cbc2184e54df7f51385e602c16f4755ef7f8724023f85a4f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
631d90f7ab4eda02974b67e10ac4ff30

SHA1
f47f62380936b5bf84ba74b2f26ee3ae7b1af1da

SHA256
4dc7b94fc952f8219e2d94f5b01e0bfd1e6a8f926145adb129165d8cd66f4bae

SHA512
ee66f4c06289ae9e7789f99b594f81a60ba306d1ee0cd0482e8f474843dffed7dffe8b073992978e3112a089240271680905e0861bb5b8e1059c33a359364554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
07318e59617d166f984377d415642bb2

SHA1
6922ca556af0708d058dab3da650693c4b03e365

SHA256
87eee7cfafaa92c1c661c069914a4fce4bbc45147e75ffcd505e82e7598ed10e

SHA512
0427cc971783139b9a82eb547151acd1d827f0f78aa4e32e683e2c799ea44ba06c0a659fe12e85a191cb56254f8485bc38e80a252a27e522e871d296963c36b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
5e0d5648dba0ec2e3ebea6c518cbbfb2

SHA1
bb1fde5875cd9527d6753e7272278a73b99a628e

SHA256
80dde8f40ae16b0335fb156d09bc29f993b612ce7e0032aa898c6b6765d91983

SHA512
5d7ee00decf0c6e2a640bd39a8c880f36d500e9b851a539db78734690535e908be5e4e79b3a93e27742602716945ee9f6cacca0649e21ac2835157254209025a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
b2f126e431b4f5a49e0a351e4250a5b5

SHA1
48038a93905801b056707cd8566c11ebbb8cfea1

SHA256
33ab3447b326d306e7f6caa462826aa818cf3af9d6526051c47414344066cb64

SHA512
b0af4fa696d2af181551f58e38f611523c1fbf6fbd60e0c4273981053714efa32a81e855d98242380083d886d0bcd12ba36a68aa317272423b2338d602eb6240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
6b83c7013cb4d5245aed6afa4b9f1087

SHA1
6c528a8daa6da5cf09425c44942986f76a88df8d

SHA256
7f992c88a3dd12272174056a3d7e83ff46c4a14f670ea7465b44e7edbf99c760

SHA512
077a0e9fb77a57917d1c979c8f756319486bee90f4a56103c99a41c26c7aed43ca57301612f545d22dbdb5686e8cab9dfe6798d8957f7adc873c5b2fe2bf91a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e63a1f36fa38a8061a162fdd07a47db5

SHA1
577f89f164f2028be61db9600dd46b1e4c55618f

SHA256
cc68677bbdc32725871e38324a6237ccf3a7c6655b6346c0bdd3c87508fa20cd

SHA512
ecfcfb09a5b387e7aa717f74747a891e4bb46ab2d1ce03b1ce98f445b787e1afcf0e92ce326f31f5f95335a7ee628b1c3ac78c8ca12dccac3a8b783dad50982a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
4bb73fc45aa33573fe91d785f170a904

SHA1
c33e5ecdf56cb14fba9ae437149f01ea850d67e3

SHA256
550e0867f4aa45883ca347b0c03ab8fed22360328f135a20aa09f91ac118c47c

SHA512
13d3ad5cb709dfac853e9dec078332028560a3dad7dce3d1bfee1772cef70127724c4488df8430f10212affed1a9a6f9a49ed915cf8361d2ac38f47e9f1044ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f288d25bbcbbf67a609b50271ccad438

SHA1
4146c9d3c3a6040d160282087f1791b925913d5c

SHA256
ce75509fd931815dade1a29b49b29749f064cd4e0c38f1e93fa6ce305b467984

SHA512
061bac19488142fd29d547a0d766221a81ae896449796518f92e2df1ae59489cd196bff6c5c651dc3a539c35e824d7adb52057a6cf22de2bebd054eb61bdf812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fb5fb697c676958d067eedd6210bdf29

SHA1
f2f206b457e41b7eb00207a967e2f6e02a5205a5

SHA256
64d887ed9fa6dc10e0f8ccb6e0749145594f3ed3b5a8e54817ab55cec12f0f05

SHA512
c0e6c2ac90683cbb4abd38ec38ee12d8e6fe0a6ee3eddbef82da6f564c9f61ff8d51f5470d91253c3a4579b90df452dc10d4df5e6c02137b7983156161e98a19

Download Submit