8486e545258f5e36b31cac5d4270a6ea522fa884ab2344ce52d7d4abe900fe57

Analysis

max time kernel
135s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_97114b0f4be0414dfa2f89752f8f84d9.html
Size

81KB
MD5

97114b0f4be0414dfa2f89752f8f84d9
SHA1

6ce05337bf7ebd5c45a6546e86ae8fd0373e79e0
SHA256

8486e545258f5e36b31cac5d4270a6ea522fa884ab2344ce52d7d4abe900fe57
SHA512

e695d2c5c84e2218193b6d878960cb6786b54183077a5ce263e50f89601de468e0afc8410969c5c23077e620404da8fff89f96b2d6028df486ea7b0c75a93330
SSDEEP

1536:BCICkXpBKr/xe8YjOo6424YhPeRsKkpVJodVh34w8BiQBlkVsWnDDk1PtgAnoFe1:BVCkXpBGpe8YjOo6424YhPeRsKkpVJoq

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_7482156\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5984_181340575\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_7482156\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_7482156\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_2046979393\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_336593308\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\_metadata\verified_contents.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877915643549052"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{8DB98146-0DDD-4013-8A6F-492665F72677}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5984 wrote to memory of 5412	5984	msedge.exe	86
PID 5984 wrote to memory of 5412	5984	msedge.exe	86
PID 5984 wrote to memory of 552	5984	msedge.exe	87
PID 5984 wrote to memory of 552	5984	msedge.exe	87
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 2344	5984	msedge.exe	88
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89
PID 5984 wrote to memory of 5928	5984	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97114b0f4be0414dfa2f89752f8f84d9.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ffa9750f208,0x7ffa9750f214,0x7ffa9750f220
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5176,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5436,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4312,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6128,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,5294954396668693964,9238436954770066327,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5984_1213952741\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5984_2046979393\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5984_2046979393\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5984_351207381\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5984_7482156\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
997a14db3e3950710336809c61469d07

SHA1
3375fd428df5126e2374d17186fa5227e5770be7

SHA256
64b774f85bdbae75d40c0cac0384edecd023afc736db3f717498c4ea38dd913c

SHA512
a9b2aa1572320510d9b548b5388a724a9478af0ebc179a3b3c14f3c0aa97ca1be7a6113a1399cc39e72f46940257844103ed1a0634a7026f40e96d6a583bae8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58118f.TMP

Filesize
3KB

MD5
e14b5ddd4c96a52b7ecabbc0c53871f4

SHA1
bf28a97664bd402b46eadd989feeedea7e4ebd23

SHA256
d666dc7bfbaeebf618881edf6cc1210bf01c6796cafb69082f56a954052c2c27

SHA512
a3d1774d017960d830c9c07e6e540ae59fccc1357dc471f04ddbef70e837bc2308650ae1195fa6945c5fb90f5b82e6fbc7f52fe0a51637a1761f6698b54ee376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b5b58b3eea37ec5ce8e2beb2f6443755

SHA1
d900b9166c6ff2ca2caf069060acc816d0ac64cc

SHA256
b36d9ec4497d6bc9aab0279c414da6d2bb417c813ff74f4aed8a98da40b52440

SHA512
cc3af8401838ea16c63caee63e29fd61606426ccae7636571d19ceb2154af02d31402ed2d6cf7d48f49f59a104f4e90fbc72cb683f6336e3f877275f2c4e6755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
852167b23006ac34c21b8453064ee993

SHA1
116c67007b4164c15217cff8a3d55e39410dba15

SHA256
aa089a434d1543c127b41cd6874415781870fb790692101975c9832eacc19cc8

SHA512
62a04c2469bec4c92fafdf2017a0fc95ea7a7e6f9b576d7473c6ea7ddf49e877fe7377df24133a3c97cd8ba661fe831d9e49fd7eeef0689a93c868676f049664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6e2f38a5f42d2fd0c4981bd3ac1f3570

SHA1
10da22c836dd710eaea890049bd5a7e7a0c5af95

SHA256
fe360e92569da9c29c193fb1b9bc3d2dd982fc3a3908ac48c9d05a15f109a7ad

SHA512
61188dcbdc442ba376087d52adebf9d490d679ad86794799ff9dcf2890dc90436ce108f88eeecfc212a2b7cfea179181fa6be699f2293c2c1f0ba1eb707e590c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
cd9f2093f795383c2d92a7cc3bd5d29a

SHA1
81e3a3e9cbdfed4ac7557ff7c50f7e46ecff2907

SHA256
c47867c213fadf02f8ea859d421ed54c67207bf217ae9a42bf5bc4cec8acb577

SHA512
b18545792d879590e45a4ffb073dfe3fed06b68419446b9577cf99eee7dec658fb8844e71f485187a02184b3f00769f8cd27afd8850c9863b64f755906ee4b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
4d9d8818d021b606c6cafec5b42320f7

SHA1
395e1bf43c985e15702d90976d50d2e7d9188ce4

SHA256
44725b88536231db1af5f428b3a94e8e0396ae82bfc13669fe6ced261ebbd2ce

SHA512
1d25d2b4c898055dd1735a6151dedf57bf43341394972e6b3262379a6c78fb94b39c58d58eab4f73f4f4f159b68a645a0124616aaf7713c1175f6522223b4ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
381829610e44137516f84332280e346b

SHA1
d42266e16b981e2f925240a56aa4a1d3fae1a7d1

SHA256
eec516bce90fded80ff24b2ffc49b424fe04073d16042e5af23a95470be06ea1

SHA512
d393b6fe81cb520fec17873f3241fa513036fcaafc5f58c273e361abfdda9e50df0ff09c5c7cc188b4e2fa441f7a542f2f1272487470b9d476a65a8dd85052f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
5589b8924a0f1fb82ccc833cecd0c2c0

SHA1
d013c5c22e86e7aa050ce020d3114b897754780e

SHA256
c7acad192d7a9588035597f8da7d76a963823623a8e2b009a3c1fd0b395992a7

SHA512
d88098d2d6aaaba67e28761024808e4c092f6d63a149dfcad9f30bca662bca4c95915274d5116cbb64bd9227e93277929e53a7adf026fa7be61abbc1dc88f07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
312047dbbaa8661fc8501acf2811a15e

SHA1
7d0d376f7793822783979b9502660797e018f613

SHA256
4f0a727ee5477bc2d06bcff0dba6ecd04c65de23ec8a289e9e3020742d03e362

SHA512
7dc622a0534c33ddda2673e0b84a05b458e79a7e8934805c1c5c32f84df261564ad3651dedd5c87b6a0bc0415ac99575c52832c4a493d08774b845626eac2bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
e53b2f0885b1457ce78b4ab6528a0fba

SHA1
4b5f54b2f81955617d84df382006287dc71c8588

SHA256
07ba470bea530dd59cffa01c19564e9348deaa2c9d60a4f6b8f55c8e43d2fa14

SHA512
2c3d7d1036990110540c50c166c113663c4e74ac54b202a23023011b23cb3c233d78241dffd8ee8bfb918e0d1b83ae88face231d3c8ef26cb92e5dc902ed2108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d6bd5ad847ae44cfb2b45ede5f12295f

SHA1
97d8394cbbfd8f53dad37989264103dfc69d80e7

SHA256
bc91a96edb1426f09bebf361bb2b865a5e4b6a575cd4ecdc76acec4c66fbbb96

SHA512
a386675025bcaf18f4ec32598e1cce1e11f406faa108144a8d4fe711b230e6ad899cea52e68d77cdcc547df4d2995de8f40a0be2fb905973322878fd1843bc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
787f9f70893e90aeae96d9eec7018198

SHA1
64f6219bbffc5e7151283f13c75bf9874d4e5afb

SHA256
7fa7cc27efc1e58b57729bc97460a76f8f87f22702607098367369f98bada71d

SHA512
9d76fb9ddfaecb5fbe0cd7d5513c459c2e66c6d2b9154ba38668535872b0dbaeaca9541450da56f0ef25a8f7056fd5e2d6ba2306bb9213f05f957d97365ab5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
37e46b759815367fe615c7a3b2a1145e

SHA1
58d948bb5bb93d18ae3a94ae03a5a6ba21b58af7

SHA256
444b6a62c2898be164325e2233047d19da0d146fe17dbdb1e8f326ae380984c0

SHA512
6ede6888bcfcb3b74ec34ea3dd0d9f76dee45beffcc29b121017ac8e23b60eec65c8729850e0a921c701c529cbd4072047811059842a430426bcf314dabb615b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
262e18606f7425440ca7089fb847db10

SHA1
6de45385366dc0edf33f80204406e47c7749b7e3

SHA256
f48eee8458cd99e24317ebe25310ec40c0ee3079a8eac3a49c9a0e3e41c9c82d

SHA512
c04709f85d9a1ca88af9b9f7ae0fec21c50cad306109fcd29a18b344f1e93cb5ab03e285546ff66c85de41199662ead5b576a4930ead513c0c1e92053c29118d

Download Submit