d7b00d7a6152372ed10eebd5cd93f55b15440c697e1e287738dbebb3a30d7449

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9566da3e67cdcbe67eb9519db6212059.html
Size

76KB
MD5

9566da3e67cdcbe67eb9519db6212059
SHA1

8c04e7a1728781cfc8dea0a2e16202ebc9dea598
SHA256

d7b00d7a6152372ed10eebd5cd93f55b15440c697e1e287738dbebb3a30d7449
SHA512

3a2e1d323fec0fa83703f940f361cbe32d6f2cdb779c5e8b201c0f306d5905ab433f08c461fab931a992f03d606d9cc0f474bb9d1603d6d4bbe17227045fd0a1
SSDEEP

1536:F2GwPg5whiCkZ4P47MFi4o/Lzqe33QLOSMTCq9QN22LbO9ntgV+Ld2:IbgscXHQLOSaQI2/O9ntVd2

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_753720761\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_753720761\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1132677127\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1132677127\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1132677127\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_753720761\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_753720761\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5408_278836481\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5408_60758016\_locales\sw\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877853295282160"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{590101A1-BA53-46BB-8015-66F6783FF254}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5408 wrote to memory of 1620	5408	msedge.exe	86
PID 5408 wrote to memory of 1620	5408	msedge.exe	86
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 4408	5408	msedge.exe	87
PID 5408 wrote to memory of 4408	5408	msedge.exe	87
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 6084	5408	msedge.exe	88
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89
PID 5408 wrote to memory of 2996	5408	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9566da3e67cdcbe67eb9519db6212059.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff84851f208,0x7ff84851f214,0x7ff84851f220
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5180,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5144,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2856,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6392,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3680,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6660,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3248,i,13621683626611351037,3971392323287773129,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8
  2⤵
  PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1132677127\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1132677127\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1887921284\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1887921284\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5408_1909561732\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5408_753720761\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
15bbc5e1af7eae3c342d5e8db13dfb54

SHA1
2e92939176691d6743d7d228c0312f1f0c225282

SHA256
4e8077be0caef5cc180d4695212deac8279ebfc816a77cb66ee7134dfcdf5978

SHA512
48898a80fe62bd00ce60ae9e4ccac2f9f144ba38bf75e48d496ae78854759a87905a17addf5fc35c3186cbbe691facefe4cc05a41ca1fd0518cec991b8a6283e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581325.TMP

Filesize
3KB

MD5
a1d8a112c67a9d124fea260149c4c8f3

SHA1
5cf9855b0f28658d98e14e55c7a97f18f576f8b2

SHA256
94ef17fd9a1f6a61af642eb20b1fc0cd28042c43dfbaf29b6c93355b20e31281

SHA512
55755c568cee5ac303ff5ccc78397d3a549122ccf04a80adf4a36041b490c54e270edc3c313a986324b7191496a2a502828d7ebd910e43963867ede6b6753e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f3a1a9c31b31db3bd607b1d7e0e7d4e8

SHA1
6d0ef849a8e716b0bf47788e272ee4e28558847a

SHA256
633df5258905923a8592db938422152dde19f00af26ea278caa657eead0c5047

SHA512
ab5bdae93e7b6f1df7a8d9829d27923c1ec840a53ef0d3f85c3e485bfb5087c82f46c554f76bfb2f192aa5e13144f73c853c9a0a05ffc85f769ceee3251267f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
04dbe64288a2506c896d2502b5f8ecbe

SHA1
af1c0cae5a8c2e84efd519e391cc44e7cd78c32e

SHA256
b418fed186598c6480eb1b101a0c6c83164cdef735abf6220e2f674b2fc6ab73

SHA512
393582ded21e4cdacf615df867491dae61152d96e355a6b498bd090d80ad2b314a721801040ee736b6d4e64177d62a21070b3bbe8196b6910d7f2982a8acdcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8d370bc2582429365d240b48fa305f81

SHA1
c0b23cf6c6303fc80c15cfbc9304982d8df197bc

SHA256
19c603a4344bea8e43eea2f67f70e90dc1dea8a6409091a3c38d9cca888a963c

SHA512
a98bb7bbf8a8587c2d11e2048d098384642659ec27851c839583a0415df129a520d835d629b733cbdf1afc76b31ca7bf053bfb8cd266021f5039c942ac67e8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
fac86680f6b104836e85234ec8af0494

SHA1
d3c66e654906c351526efb4dc6653241ea4cf61c

SHA256
9f8fa2c61733222f98231e42b31d195d1500ae735bb1a04e1b7fe6c3e9facc45

SHA512
708cbb0d27d612a7a976559b1010751aaed7408ec3c2a1d55554f0fcd2727430d64140744c902bde6584ee3b37747e7ef5c695c9ae63ef8759a8918df119b394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2a65732fc6ced778bde6542027900f67

SHA1
7bac5afb0799a75fd7bc853a69a5c2a6345c255d

SHA256
dee32f1d731c58a8af2bbd1e46455bfda6c30ae8d8dad1e1b252f68cd96ee216

SHA512
312683898111f275b6b7f3c18158e412272358e8f1a4a51cbdf16e3eabfa47f1c50bb138875c4bf3f8b9f8bf9a8e19c3404680cdf94070688aefb424e53e88cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
b907ecf67df08e9a3b5b68b3ed4c3892

SHA1
3974bc4d98a8d748e6f42d03012e857be87bc85a

SHA256
ec9908aa614d788536d22450a1f7f347dbde7edad60a78e62d91550e9f0e7ae0

SHA512
9bbfebebd3daac62c5a21a4ee63044eed496f23f3a249261958ec2befc996ba788a8060e87bd7b71a1e55a88f0939ed9244d598a48807491f5d313b749a76f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e0ca348730e3b7254503a93358d77732

SHA1
47c2725d970c54b6f5031a9fb45e4bb325047201

SHA256
54235c46b657d44ca98ad831a50e09cc7f7c5119defd20f2597896983724edfe

SHA512
6a84f7f88d7fb0abbca66f7ba71f2104adc7f3a43ece615f24fc13d86575fdf48377304d24570e6c46824773def67e9aa1637171ebed8ad9a04c9fad3cf0e6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
6fac65ed0c3a6d1963159eccae498212

SHA1
519841dcf73d5500b145ee13a6d66d6ea43c4390

SHA256
357151f03c2c6f6b64955d76ca8a302c1f43c983627c742815412da5abef2ee0

SHA512
ff1a0c2d81864467724a3e088daf767b7b94b30d2fe2e86be30f0e4ef0ab5e0fe8e4302d53ad3a7656450c3405afff5b717b1364241b94fe08333c7333d331cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
26ec0a817131f1ff473f14fcdfdd05d2

SHA1
58a58955d1bb93815115ccac1d1f718f53783466

SHA256
6682e8cf98b6c6242fe31f8cc10c06bdb9e115b13e86174b2f43427dabe48e8a

SHA512
9962d49504d602f12ee801d1842feb74d685a754014f7ca961ab83519c0b793c553789903e3e48bd803de260d5447f3bf4fbf141b0acd8b7f8e2d26c347dd224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
89f894bbcea984aaf63e432b8b59a0d8

SHA1
df9a5cb916559b694bb67c4640895caad16f0cff

SHA256
6e90da6992a5d9200c8fa2e677b13eb9dfb8a05a0d97963a98c5b444f2790fad

SHA512
8f79b40be12ab892b1b24a441065b9e1d290de3eef864e44568dda3262a9dff9d87448a317995477407190ac2fbf543bd46459a26984146e1ba7c48e56ff29dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fbf6895c0b37cd0bf912115b864b16b5

SHA1
93a693468e29c328f80471439e10965b9109c67d

SHA256
fd7713b5534e10a28ca72492ce1d3071447c85ffd2e6b6cb0bdd5637ebd8cb57

SHA512
dbe03bac28b6fdcbd03ce7be0b8dacec8c7e3b9c72b54ba24b4554fdc1b5517c244ef34f6ba3b890029dc0148ce05f7178be47e8b184f661481186d07f0389ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
abf03bc31f39b2f2714326406506c0ca

SHA1
b7b52796ae8cd13051f4357d581d5bcd47d383c9

SHA256
eca621d7c42d8ad3f208bbca5e2da7f3d646878a65cf57d604db9998da90c99b

SHA512
78df841749a3a4efb899370a8ff9ead668a017460f96e2cdbd0834661c08cc1c9699c00042b7cc1183c6bcfa0ad0ac1a692a445b3f3d7e8f425650d3a5aba636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
eb02a6927c72529b08651b302108ecc5

SHA1
808b7fab41d2535aa1a724377279d99fe756d287

SHA256
40f9b74cfcd78f9e950f50a2006047d265bc6b73c35546b81f08a3d69b89de8b

SHA512
77d91bfb9591ba52ee308f9d4579ce44a7dd4638c9a43e09b78afdffe6fcfaa89000ea5dfbd023910dcbacd9ac1304252653e73cc686bc8528876545eb6710fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3edfc663569f50c52686c876a30ee091

SHA1
60c7f9ab8b6a9c6861aa884a381788dac6747633

SHA256
b771527a4ecd7c5022fcc9ed2e5d1e934082d25d847c3cd0ea06db6b3606dfa8

SHA512
2057ebd0e9948869f36b4133b09b6f67f2487b301652405161eb4e6130f35a951dc44fd728a635fe4a0a4b401ebaa6c2dafd39a4f35170b5d6362fbd8f8f4ef4

Download Submit