a73bbf48da29b5b1a12c787d267c4b317ec267c7133f91557160bad766d28600

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_95c39c44a13641c7eda0a72e0f6c906d.html
Size

41KB
MD5

95c39c44a13641c7eda0a72e0f6c906d
SHA1

1c78a0260235eba55edbbf69cf7fe4f091f69892
SHA256

a73bbf48da29b5b1a12c787d267c4b317ec267c7133f91557160bad766d28600
SHA512

5b709e5d1d6e99cf5860342e57c4aaacece6b582c9ec1e27af61ab7363b7477e7846bf729829ab9f895ee0f10c852c212f1360646e65f9673ea37ac1d78ed2ae
SSDEEP

768:S5q3al8KwPUkmzUkosVUk2AIROUkGMmUkQVL0jb2XsOP1Wa:Sg3AaCQtys2X5P1Wa

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1687772272\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1827079781\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1827079781\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1687772272\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1827079781\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1729988993\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1729988993\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1729988993\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1827079781\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1190750645\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1190750645\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1687772272\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877857119447561"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{CF3698AD-B125-4744-9D57-B06D692A8FB7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5136	msedge.exe
5136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 3612	1964	msedge.exe	84
PID 1964 wrote to memory of 3612	1964	msedge.exe	84
PID 1964 wrote to memory of 4960	1964	msedge.exe	87
PID 1964 wrote to memory of 4960	1964	msedge.exe	87
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 5596	1964	msedge.exe	88
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89
PID 1964 wrote to memory of 4220	1964	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_95c39c44a13641c7eda0a72e0f6c906d.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2bc,0x7ff82ac6f208,0x7ff82ac6f214,0x7ff82ac6f220
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=1868,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4264,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3660,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3644,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=3676,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5712,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6504,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6704,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7044,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4428,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4260,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5156,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3408,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5084,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5296,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3388,i,11140285382461996232,4707335390996987333,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1190750645\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1687772272\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1729988993\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1964_1827079781\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1964_931228801\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
7ba0e1240fa041160176aae49bdf852d

SHA1
6a59f3bd74c7d95adbdfcc517640f0c1c38eddd3

SHA256
4ec7dbba5db34d797c8a627f0a824e8476a81a90159460a8a4a6cbaf9121e0df

SHA512
ac8f9c79d1561b4944b7a8b44d3fcbccd046608d54f0345a8542fe0bcdcb7f7c611878ff9bbf613d6188877bc35120788ed32c6207f1bddf6c181b811993d7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5a7e1750438748bd333b79a94ca69b2a

SHA1
94fd1be56969e269ce195ba29c3d464d356d6556

SHA256
6d7a64a318c25c643323d5cf1c0c80ccf2f2433e7d74b722fca90468f8f9b914

SHA512
842509c0f495ee24d152ab3f7867183d7cd64b01b5a9305405682abbbff3aa18a8ad7d97ee039393fdd1766fc17ad2df1caf711dc4db8dc7b9df608ffc0fdc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eec55fe349980566b1dbf1d409d28c3e

SHA1
654ce4b550defea0851f12e8ff81ae9298bb3f60

SHA256
2e81ea3d7ddfc0274f3955d5131143c481e63f2529514c5295873b393d508efe

SHA512
58e02658d08732b5f36e868331a483b5fde15475a6c5f704a19c97d920399c3f7d41a8fa163c66683bf403598f8f48f0cf9fa468f9783fcabd9136a55cec0059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
41e73c5e01ea9f65e0d9a0f3bd19569d

SHA1
46582b6abdfb407b1bca7251f200e1ce2b91f8c9

SHA256
8f7386ffa77783b9bca9731c371b8822f649c9223f941198c681af5128ed7f07

SHA512
306d3bb269cb0a3db03c8b16bb267c86bc704c09d31d8f80ffa75358fdf6dd41a40fe8d30b3a7002a8b9a5e66388f715b03d90f26f66759db16b752fa080cb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ba09.TMP

Filesize
3KB

MD5
375afc692ab199ed2ec4d29540d63fb5

SHA1
2ef144e06aef97482ad6abb0236773070fdd6c73

SHA256
7d804159cfb43c41039fc0e1ac42880a5bfbf484312824162271b22c02b86e16

SHA512
5954b3f2efe4323d03578214af0bc8b0dbc4e0f93206f54f49151f83fac4f90588c8b644a3b12c287d786d21a5989c16d83e1cd0a6d44db3830510c418c08916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c40217dcec8889806cc63b00298edc25

SHA1
00b623cbb01368ba250aa3a05119eef0fbfd2a24

SHA256
a5afd7337196750af1f73182ac26bb550aea33e4e85f95cbdd99ccb234e3c895

SHA512
ee39162b7511eb9e25ae9909efeee7d41b19b52f0043793a32c23f259b061bfc854522e711185f3f306d5b4f1b812c86f1a78a6599f7878d6e4725a4a04e2fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
cedd65bf2e70d673f622f7cc2f8c4dff

SHA1
d880a7ed4f6c41ec148118849b9bcc9cbb245e79

SHA256
949073a9b6fb9ec30ae26a0a43dea6d1abbce887c2e7f6aac1ee510378b7d80a

SHA512
f66e38b0883b66213945a8ac3b9880a53611494208001c0f777c688b820c86fbf052fd10b343a4797451f0cb2bb30eb4a6a7103c14d89b16f096244bcc13a95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9f5238ee2de0af6b794e724e31e655af

SHA1
864a46a760ed96f0a6929e610d60f2f569fd18a7

SHA256
2162cca43c3949552227a29f9f989526a0a71239b91622f76e4accc383e71ca6

SHA512
efc086eb9465788665a48438479adce6a23d34d342c27ffcf42d8c4d7ee5401b87b3aa172a7d270299989d938c9de684005ae4683295b754682ec0e3a0870c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1840ed49739fcd07c4bc3666fe400005

SHA1
3e4a829dce95dc4903c49807b762eeaceafd3842

SHA256
4b2a32a2ee173789c4627e7471a5dd64fb61a94579f9ae5308027117eee710c6

SHA512
b2d4ba369543333c42f408fdaffffac6bc8d226eb2f1fffe77cdbbeae75bd6a9c618f82b6c55466cc57f9c5b342029dd90b1dcf9c15bb776a03177f215d1ee13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
323824bc8c2aec8b1a17f3498a6b580f

SHA1
40194b6231c6497dccfab61096ef3f6e841e9c9b

SHA256
3f12559517f27d05a749a2b00720622fe519b76611f54cbb7a2be64b4574b31c

SHA512
4739276f8933f8e9f48635c006e46996265113333a796b28d62b0037a59abce47d49bb042e7343871b02006cacaf74b43d134f420c0d283a1767faebadc020a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\87e51c35-9e00-4669-9568-d7ab3b42c49f.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
27bcb3ffe927456cd74f4a897973d129

SHA1
cc93a0d13497911db789bdd0c06b0bf1a5c0ed3b

SHA256
8ccc8720e1d44c6ae3b24fef8c1406f9410a40e8f7cdc721ae3791ef03db52a2

SHA512
775a9ed2a0eb3fedf5d88723e1496cd5d6f3bdf5d97cfac97b156718e7077af976477f4e0bc6cd5b1ab0e1232fd4c2ccfa59ec28ffbee23951e68118b6df9ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
8e0eb5c366b757d2962d5dab5f6b9dcd

SHA1
af35ae67123da2e283dedc9675afe1fcad192df8

SHA256
7f02859b236b90373b794dfac678fb40f453cc9229a54161894a324a59a8a268

SHA512
dcba03e4a0a8a63eb12837dff79c01ae9b536f7721f52863911f9428d954e5861b57e397face5060c50ab7b9011001d33f8993bc242cf98bbf11b06f22c0e344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585464.TMP

Filesize
467B

MD5
202ddd9afdaa5cc796299d86af3ec40e

SHA1
98257ba88ce621345f01a67707f0b113cc1a0304

SHA256
1a66988f0cbd5f93b0a38ed7e0f483e5eece1497e0acb015ecc21c77eb05d93a

SHA512
b9faa773f9bdb08966b425c218f32339a5fc64e0dbe57869f9a978b4f948ff9c30bef0513cd2a40115f9f3059fe0f9db17ec37668d2cf40e9ed8fd0de16c8565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
79e482944ce8dff5f73394f845126d29

SHA1
e4241398d568bc69cbdfef99424f85f166a7ef28

SHA256
9aae70383d28350e6f7e713d8458781ae6ca821cd84d321eaa56e9ef8794aba2

SHA512
eb80f0c5aa067bf93b8aaccafb620571ac81983e10bcd6c3f7a30979000b0bd3a5d0b39f554079cf9b1208c64e43df83e8c7976c17a2044e4d8d40cc90cd9646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
9621d6a1fc1b7e17acc7da72d29ff3b5

SHA1
1069ed6abc604cddc8795fa41007980880589352

SHA256
7b0bd35bb88a3f010a2c3bbbbbb2c00df76e3229c2bbad101b1cbd0336703db1

SHA512
6aff0e12b9c6432f7047dafb276ea88441535a3ba26ac96cc55d8fffac05e9e8873cbdcc6eac238f5ee986595969baa22f9a1aa420c0f3f52a5ab74cce61e98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
9351718d0f9269cdc5b6982aa0355f6c

SHA1
4514ea872296636794451d43ff0e4ed7d6e1d041

SHA256
3e9f3bc0129ee5b8f634a457cc7f6446367d10a6339f86f1c0578c09046c6aed

SHA512
a882ffad6f1ed06916b4ecd6cac1a49ef1a6791665e996d7dae84d1f8257d4321f648f48a64d266664a7de12d26b906827cc895dffeba96f5783cd9465ec79e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
0d24ce6adeb34fcbdc6a8b6047c9d5bc

SHA1
8213cd8811c865e89a952645caabe9ff8accd493

SHA256
722fd37154042348bee4237f6199ecda751bbb3c1e5dcdf2c94857e7ed501f20

SHA512
39281c70889c37259a51218c2abe52eff1dc9e666a3e43ea83218fbe033a5a9e688bebf92eb449f05805477745f70e9041de5cacf7841d6370ac8b926229a3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b9cfc802d68c2affc0f6115afc6d22e7

SHA1
8951d1ceb1b7a14a019e8299c6354dd48646b1d1

SHA256
dd89d67238ff1442ee680ad701f6d247349ae9755b697995ed547d693523e2f9

SHA512
111ac9248bb74ee6fb6b17f03f163cf58032c81b7fd21590031fdcdb460436018d661dd13087fa94c3604017492bc06624d64b648d2a75e7386211e1158da498

Download Submit
C:\Users\Admin\AppData\Local\Temp\11b41214-4a4c-4909-baf1-7c9baa590175.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\12048bd5-45cd-4902-a874-a487871c351d.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1964_676644274\89493757-6261-4c07-b5a6-dec85d5a0188.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit