hxxps://steamcommunity[.]com/id/SeannnVanamannn/

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/id/SeannnVanamannn/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
144	964	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1505383730\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1505383730\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1896_433394941\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_18305541\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_18305541\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1652197347\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1505383730\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1660290097\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1652197347\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_18305541\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1652197347\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1829153249\_locales\ca\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879255757945352"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{81EA2B39-5688-42A2-B5E7-42A69D114D26}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 6084	1896	msedge.exe	86
PID 1896 wrote to memory of 6084	1896	msedge.exe	86
PID 1896 wrote to memory of 964	1896	msedge.exe	87
PID 1896 wrote to memory of 964	1896	msedge.exe	87
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 6004	1896	msedge.exe	88
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89
PID 1896 wrote to memory of 5452	1896	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity.com/id/SeannnVanamannn/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x25c,0x7ffe8119f208,0x7ffe8119f214,0x7ffe8119f220
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2292,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2584,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4260,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4256,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5044,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3852,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5996,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,13176601202011177206,2637900314004430998,262144 --variations-seed-version --mojo-platform-channel-handle=1724 /prefetch:8
  2⤵
  PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1652197347\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1652197347\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1660290097\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1896_1660290097\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1896_18305541\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f0a351fa23d271f0d6fa5bc8dbf46ea8

SHA1
475d3249b316981cc3f807094967b995fa3f91af

SHA256
23ea1eb695f1c50eb947c172e315f04c96d412898c596773c71cd0e2d8bb5842

SHA512
d1864e1a3e3c1bdb3985a33abae0e12db2528c3fd80038ad7cad151622914e8e2fb6fdd63b8206c804203f16e4d987bf1d91d4a61c29f1f3e8ef47c9b23c193b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8d45307be743b983b7d959a21e5802ca

SHA1
0ba29f7245a6614f284f9e85e7fbf0c7d7648fbb

SHA256
e63d1b18f0fbdd4666192c83523d1d4b464434c911ea0e5a1fc8146c012edc1d

SHA512
8a047df9a4c815e675ff03d7875873f0c28f3fa8cb44d9fc486b3ca8f487d2aeb441d8993177823fa74d398b4f844e3d6b77c9b9fe6a65f323013d0d59642e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ba746460e3da24262a3305d03c7f7e8b

SHA1
3765f91c69202d83d316b5d092d84555407ed98c

SHA256
b6c1e97f7f48c791570b0ae5623401c6047d34252089342bc28c4240d072410c

SHA512
349d6f17c737ee668fe356560b60983fea45efade2449d194000be204acb144741e0871327fa988cfca000c69647bc2c7257c6eed6e5a56eaa392785bb612c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b12f.TMP

Filesize
3KB

MD5
6c2a87549828925ee5c1b3faf16cb938

SHA1
4451aa60738ca036f93dd51a5982d24868d651ee

SHA256
6758e0e37d61b41f04eccb3e5fca1d9b5e5c95df6545434330da7647927684ef

SHA512
1fc60319543d9d50e83982e812715d933e2ff644a17ffc8599bf22f7d550d28522440fc7ebb2ac1660e9e4f30d5cb81cc60f47224c42bf1eea4d8b84da28be7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
253e6e139330022501f89f6671148f16

SHA1
97b69ce244447b5b8348aa9e4279dc5b05b03707

SHA256
008f3c66c62966d6f977592a346fb20bb99f228f38ce149489c2658ff3236a22

SHA512
3b5ee25d768aecf16689e7d5d476e1ee52c0ddbb250a875db84870191d6990404084bf6199b3cc5c263c5eab99f5f82ae4dcde235b68f4c20f4ba1f57039642d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\de817a33-ad28-48ee-8225-04616be9b8a3.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7c22e08371d0c21f577e7d353dad02d2

SHA1
b3704bf61a6947ab9edfdc649fdd539fad9f8afe

SHA256
5bfd229bcec168ddbe97567e716f476819991cef00348a97cb85d27b2dde3ba6

SHA512
131b434495cfb7d038ba19566011d3f9d9fd6e7c1a144fcc491441fc33b71d132825cb3da51e6ac49cea8eac6b0998458623b5d04850fadd98b25f36026ea38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8d3ca4f849c9f7b4857e130d6ebc6914

SHA1
3bbcc0fec6f7f92cd8a6d1e50efaa0604246aa69

SHA256
ad08e3a31560edfd7d873cd13dfbbbf053f7e437d59db4624e28e11ff5f80e43

SHA512
20b51101d5d44c7c500eabe62526c56b2ab07c8ea3f63ace15305fc7390dbb4a933bec596aa2a5502c46f632e03f1662eda30610c3711d64a0d02d438a9fb4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
e73509661c7df9951f866d14bbdac460

SHA1
745a3831bef2e7efa5b2e444edb6b8248828825a

SHA256
af481a88e9022ffbfb905051f5383f78fedfbe020ecc41b30ed5e1783c48bd8d

SHA512
fb8f02eaceaf5f5a19c7b06c1277aae6639583c7169b6a5f99654d412982a8dc89f90825c5040af60c633547188e0335635d8a03e34d1557085c9dc43f01194e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9e800f4883883199169796b1adf738ca

SHA1
4796fa214bac5aaccb3aef6d536ac984c53af6ef

SHA256
4752318c57dc813d61bb550afc896c78df77676b9f0f11dc05fe5308f2d144f1

SHA512
b6f63a2ee5339c8f4f2eb93089356a8b36d08292cccde92391438eef21c0b75799de9c53923a24636f592692962608117b5da78c60ef8165cbf9b73c311d89d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
b3d5a06301a2975eefdaf3a2fd2a5252

SHA1
86c19087feb32953d11af601573df2ce18c00d47

SHA256
7b592c778fb4fd928c7578ca8f98ac3d9b0fdd077bec3bcd9253ba94695bc691

SHA512
31345eec36da158241f4fb4d81edeaad79c43909c3cbb585b695eb3af2b9d21f202115e4b1bbeb4f02c13284808163429966ee5f6bc66c17e90353b70f01cffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
65c5252b1e7726a6569e56d3ae122d21

SHA1
5a1c14577279c97e13de91c806f457a45d3b95ba

SHA256
6a05e7fc96449c9ef185bbd69fa1d28b5e5d3bdd6f014465b837b6dd1041892c

SHA512
23503f9cdddddac3c7f50c34cb761c4b64780770bef1a69f5d4f05b58ebb3e76b22825fb28eddcbfd1661bbd763ce8621cd56e2ddaa4826e1d8c8a0c37f94613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
3dcd0e9e6d41abd83ccb7fdc4872eea8

SHA1
6f96e986b5329835e7deb2f9162f90c0b7a8058d

SHA256
95154ab1dd901cb4bb9bcaf2a647474d100cb572df5dddeeb9580fefb9ca9238

SHA512
06aacc778414ef6955739a9f48318470d26459c4c2240df998998185950a2c37aec982efd9322b669f17c3bf26115d8ad470a5d9f5670a112077d577e25c7e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
86379279c84ef14180164ad539124044

SHA1
74bd7299636b2b13b38a8fdae592c05804c63dee

SHA256
d0677b72dd06f0f678bd7fbce82c6103956ae47a09ddc5dbaa2542b378afee74

SHA512
e754e84bb8bbc26b964757a76b365b0473b9d458c5cd6d586b031e746b38c13a043b8037b795f9e2beee16779d36944522970da70f1feb19a2e1ca301c633d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
90bd9e9cfb4475a80b4d4c83433bda6c

SHA1
86fbc0bfb17ad1a9db38b0888671eaebb8d2b18f

SHA256
12703d598b061c73c07e6379a1cee4989fb6d874a86f6c86de99017c208b5369

SHA512
125c0bb6d46757a503b66b1f25890cfba4ee43bafcc594963ec066b7709e64126eaf10874672cb549a9fc72b47a33d744bef5b0afb86f7abce83d9162f9b7e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9af2d726764630e110872fcabe8ff784

SHA1
1a6ce16456289b76cc06889f8500977b4bff8598

SHA256
44aa73783325e8bf19aff634da4a8425f662b02e1e339333640690aa29ee890d

SHA512
ad278d7d85468d945e6452be647a2cbe57dd2e57765c90c929fbc295f70b6b1344a1574ea1963bfd71f294fd5ef6fc332f8879c3264467a492af0874ebe42375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
144ddc90a2284e90c62aaa59d0a0f4d0

SHA1
e73db728bf0a6527f1b5c5732c9d48ea099e7aed

SHA256
771036cc905abdd0e69cf9a703a5b9648bd51cbcf9ed86386c570a6bb6d60498

SHA512
9e73585c49bc042c7df9546f3be40ec9c8e4692ede695f5a0f597d1eaf02eb421574d0c23e7ade61dad79e6bb9fbe4dbf1da6c52d5fbae9b6260df2e4eb1c1c0

Download Submit