hxxps://drive[.]google[.]com/drive/u/4/folders/13oxmPavg0t05_vfYzf3gRptlyfIIS_DV

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2025, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/u/4/folders/13oxmPavg0t05_vfYzf3gRptlyfIIS_DV

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
9	drive.google.com
20	drive.google.com
23	drive.google.com
28	drive.google.com
221	drive.google.com
222	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_645606096\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1643235315\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_395505126\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_395505126\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_395505126\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5404_83208797\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1643235315\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1653497427\_locales\pa\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881033453559123"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{260EABE7-1CFE-4810-A854-DAE0FFF65937}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5404 wrote to memory of 4040	5404	msedge.exe	86
PID 5404 wrote to memory of 4040	5404	msedge.exe	86
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2420	5404	msedge.exe	88
PID 5404 wrote to memory of 2420	5404	msedge.exe	88
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2136	5404	msedge.exe	87
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89
PID 5404 wrote to memory of 2288	5404	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/u/4/folders/13oxmPavg0t05_vfYzf3gRptlyfIIS_DV
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffb5b3ff208,0x7ffb5b3ff214,0x7ffb5b3ff220
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2420,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3476,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5184,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3900,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5744,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1860,i,9068268364038973671,15260020099485885702,262144 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1093610932\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_645606096\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_645606096\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
24KB

MD5
c22ffa130868245aeadd35c00bb86558

SHA1
b802b30c3df2d4a8d198c204e146d8e2461a12c2

SHA256
4cdd79dd720fdb9762157661aa682df45e68d5bb8f6cfd74ab1bf2f8db68c8ab

SHA512
ae3c0dd8d553ca6a795ff8331c5b0fe7a5a0a855293af3514a6f1a1951701e22ee29498458860be959b3e8f41eb385ebe93bfa0d33d546c5fad3a91fa6a43aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1cf92eb68af9d7cf8294ee756a45a40d

SHA1
78212607d82b982dca41278af8d7730e327b3552

SHA256
e0d254b278d0fa52fbdf6351c0f8114e6756d7c4a0b525e79dfe5a2c59426a6e

SHA512
e159b641b8fac1aa759286ab8342cc7356b84afb77e6162ad8e9c6db34e63f9ecc0817bb10c5adf028fe23313bbe6914bab763896d94a542b8eba317c1e3f28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1a438608c8250418de447571356308b8

SHA1
bb045603812b9375c56a4e6dea0a8150045ed128

SHA256
b5772ca283945bae5e1f3d8622d3be499bb17a44d508fffeb44128c3522ca4eb

SHA512
6cba24c0349757ac17fe3cdf77242ee785745abaa3a46e316284f95de9a02b4ce13f0018d89ead16e45793b5038f5317f3867113c9578bb5d46ad9f3aa44d398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581335.TMP

Filesize
3KB

MD5
00a0f1c095e5206579ff635048dc02c8

SHA1
8820bcccc91f0a9c15b2936a2e9a7010f22e05fb

SHA256
3366a8f99bdc97ffdcede18788a1205ecb0a6c7109963fcb3c261e06c0829e01

SHA512
0206753f20946b358d59130ba359e2e7b311cd8950c989dc9e1960b8920b1ac2b1d4d477b76e5e2806b7fd23e2278a9d7de12894c9731815ddd349035d1e8e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3a64388c669227c1bedb981f133034a7

SHA1
735ae5406bbae7d2f3f679bdf5fa59f737f2ec00

SHA256
25383af88b4bc016e92292c38568cec0ba9e33b6a101ac1752eea2a1d1e9574e

SHA512
cb789f70adf105ae645bbd658b6be046219084331ee8246f15bce8aff45d16959676f5f876ef24535bffa51940060b653bc1e7e6d37bb9724ed832585186159d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\ac911b9f-e20f-406b-b5fc-e396e30d7b0f.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
611c6efe91aa4ba380e4d829c55ec63e

SHA1
ed4f9b3a82d952b692d29b96e28a8d90651b7cbb

SHA256
81cfa93034af3dad35e491f515be7be3d60ec1fc7a543c27981fb11353d14882

SHA512
05de9ba9767b84b73b3e535845c4db70f4edbb98e7e5535e77258c986f6d5b1b5b2bd2fac869254c755c1ae383d58674aa7727ac8100186aa6d861cb954c9497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
41d59a6dcfb89f4e6f6210990b5f2b61

SHA1
74f5728a593390cedd5cf16292d67d12317b40b1

SHA256
89781f9e479b525eb636aad7094a8d3f7ddc1acaab13e4af467edfff21effb46

SHA512
22624a189d2d9a78d441193d7a52cc5593e665f19b080be48b0c9a12033ae93a7245edb603e8fff0ce8e25f34e95e58779a3254b418479b0fdf33683baa71886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
830a93f58509c0bf5655430dd23093f4

SHA1
7a26a0f4d30c73ac752a889f21a415bab4c5f853

SHA256
3f3bd941b5d62c137a563a42b369f9f2b8d5526abdc33d669239e2b2d4f0e9f6

SHA512
6caab2a95cbf5b1fcd5ee5f2cfe43202a4a81b7478bf259f2e02c2d546debfa780a33482df77ddfad1a8ea08ddf6eb4640fba5168dd997903f7bdb22e223c22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
67f78c867df05e746c2d857650f51c40

SHA1
585ad468ce0d373ca82cb7cbabe5ca82c76a441c

SHA256
2abdac227935801a9a8c3682f6548ae9a8fea8c04f6598527b16234f44d8eaec

SHA512
60493fcc38a2ad6a306ac1c5ff01db1fd4954d91ab2158384a480a9155d2934c7750421f1c54225d2667de84956dccddc56538b23c2e7ab47aa4bc4585754244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ec7c5cd12237645cb3bc5395a0ff5905

SHA1
1a9a928251945d9b5258697e49e8382f0587185d

SHA256
eacd93fa8508527a1c21aa9280459ac9053bcfabfd5a5c7dd5b2c13bb9cb5ae6

SHA512
87692e3d73e5bc1885c3d767e67305e9a8bdffee9231029ec01ec5e2c16a45a3a48b39356b1b4c1bb063f4e653afc9ee7da055151328b6d4d888739dc9d830df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f0a9.TMP

Filesize
72B

MD5
086a4d2e1de571f033e6d718bdad6859

SHA1
3bcd84f24217a5c655dcb16a2f7f35f89bc1f3d5

SHA256
a7bbc8f40060e206909864b62d8ae267e1510509f2d4bb91ea3548510c0d0f82

SHA512
c20230398e86e3573d6e871543b9697a00bd659b40314ae8fd996da57e82cea27fe6173a04c87a1da45299ea3a920287bdd7318b72f42691502bb00aa43e6160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
c50951a0dfc8be20ffc085ef211b4506

SHA1
48a3ed557f4a2370168ad5e5ff603b796fee54e5

SHA256
46cb7b205149713b52eabc30483db441afef513a77ed2b1770b122982d132ad0

SHA512
304f7b3505ccc940ad03124f6e709f3ef32ff89bd81dba83c90012559c028100d7196004099e879ac65e6fda744953c47ee04537c21f108e61eebcf465fa2d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
2e7bf6178a0c88ac9755436d9dd1a55c

SHA1
2f37792ee1ee93c880b4dd57220906b7e458bd77

SHA256
1a1162c7868713bbcb86dbf024f03e5f14858f141d9c712f66b0a59fd2a34292

SHA512
4bf54288d5fc95d522478c8089fdd729f16e8dcf8c4368ae6ee0401ef2b31826a18b98713b6dd7dc62272ca41b49858943a27808899f56717db591f04e63cdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
c27bf51532455861777a96a2e7160af1

SHA1
fe579d68f9a0659b586b7193fed5ce3c532994e5

SHA256
32255ce1149538518c9b37764f678401356b854bf5ca3f5e13acac8560480d2e

SHA512
aae068034a4a7aa7021171913442f4302c7fecb89d068fcb12f2d7fa234c7ad9c58b11011546bfa1518098a184db4e28235d632bdf58318468e51d833d07d8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
cec2321bbb5777650e4c0285f60353f8

SHA1
1dbf337261cd910c5c84dfdcb4f0eec99429f02b

SHA256
3da6b0103a6e6782c6ce9ca592f49934dc5d7c80da7f9756f1721e32408e6b8e

SHA512
93071828c639255c11ab1fae8ff8f3f8e670e0f52db5a8b259ac1912d35c2a2bc54f6c0229e7bcb158dfe836d2f6dbdf1cbb574d262eee170632b2df29de02de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
29bfd4530ac46b52071f74be55f6cd0b

SHA1
5720262501482bc95452e85e21f343a395dc0784

SHA256
a4a9aa879efc32c72084f0f222f0cd824f67c51a9d64f21f7bbd59d6ba61a456

SHA512
9cd1be0837f199b22d2fdd183b7e1a9461617fe490876692a957e99d89c2733116208e67e00589ede9fe36d126c6513492bfb350862367868f561670d477f992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
08becc9a284905a567d2f1690a7f30f5

SHA1
daeb054528b150f8fd31d2f27222b8a86518b903

SHA256
bb944661844c7c4958b72f358c1b17c498a6aeffb7290e396b9e7f1bfe1977d0

SHA512
33807cda69faabd592deb9ea7b21ddcd4bc64c16477a25d79c40496f07bc5ca4d112115a7dc640a859c9e720e39587eab113dc8c10a7d6130558de4f88346289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
d6a93d969d06d5df8549c710cf03edea

SHA1
385a2ca24a6f358df4399a2976d080a29128f83c

SHA256
7852939eb6376af1698bf4338a658b47000cfca088f9b05c45447a0d5a17bf1c

SHA512
3474a2c397e65660a19387a6a33460222778c662f8f85842162443c0fabf5e7e5163917170ac8f503d0c5f44f64f956c5c96cab8601971e9d09c02f012e7f774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
07fecb95fded53fcfdb668dd2750ce32

SHA1
2890523f522cc6b843dec4aaee5ddcfddbab03df

SHA256
627b689a1ed597a7ac88c0e23613adf9ca647ef6ef01e775b2f4908304581eed

SHA512
8c97334c226df423873464e84d5cc9fbb025334c3cd1c3ba260363a50b44768c963494fa237303704903a67e0cda3bc964b1328fe5927b30b5e1d5b6b46d5c49

Download Submit