hxxps://drive[.]google[.]com/drive/folders/1DlDbiImo31rbF-avQOZjlOlBSrCsvp0c

Analysis

max time kernel
172s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2025, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1DlDbiImo31rbF-avQOZjlOlBSrCsvp0c

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
22	drive.google.com
27	drive.google.com
214	drive.google.com
215	drive.google.com
244	drive.google.com
245	drive.google.com
7	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_79067368\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_79067368\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_724860391\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_724860391\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1419915781\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1419915781\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_724860391\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_3320_1121383233\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1350930401\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1419915781\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881537084914466"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{7DB69A21-6C42-490B-9EE4-3008F50516EF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 1616	3320	msedge.exe	85
PID 3320 wrote to memory of 1616	3320	msedge.exe	85
PID 3320 wrote to memory of 1192	3320	msedge.exe	86
PID 3320 wrote to memory of 1192	3320	msedge.exe	86
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 4592	3320	msedge.exe	87
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88
PID 3320 wrote to memory of 3044	3320	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1DlDbiImo31rbF-avQOZjlOlBSrCsvp0c
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x258,0x7ffe544df208,0x7ffe544df214,0x7ffe544df220
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3368,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3384,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4996,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5124,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5672,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6368,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5520,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3580,i,6030693182971511560,3431670082322740454,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3320_1419915781\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3320_2018294287\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3320_79067368\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3320_79067368\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18b8e326-9f8a-4581-96f8-ab8806aeb76b.tmp

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
69ebc2dbba7c00918c993262b30dcf80

SHA1
dfd4e2b11475757a2029b5d953b34e12843afeba

SHA256
a38f643961a67828c64d2d63ce71231ad0b624ad551ea03d74d597eb5d3bf86f

SHA512
18e43fd20367c14aa431307cabdb0f60f93483a2eb2dc5bc428f4604ff16ecbee4a7bee3d4927ea6e26afd48535e6f5a44fe6be45f9ad8735bc7733699c6e882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e80e.TMP

Filesize
3KB

MD5
8a73bac662a9ad075375b34acc41ed47

SHA1
aa36393a9f5205e77b6b585e022927bff8da4acf

SHA256
45f7f338becb34e5ca81bb2d793d938f66208dfe03e650f1141cad882aeba9af

SHA512
1bb6ff68bfd39f13a976f52673e33028a4b2cdbfb693bf746b46b92450ff36f0240b30626e900a1992f7f6d86da5be46104e43ac0a3b6d1d8d2d48f02c3d9887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
42790c5089b65fb591ca6751b0170f57

SHA1
b4af6be5007259ba5bbb02e90b3dbd25520541a0

SHA256
71ee4364e847ad5d0209c90f973080f72e73a5d81f4e7673d8aae032d08e0078

SHA512
30237e16e4f120cf0c5e3e4aee20a80d8580adfeb4a271c6c7592417dccad16d8635cde1c0aee6f5591db791b433480546606e79c543f369085f42e21460c29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fdc30d148f1f5eb2e89ec402f1a46bf6

SHA1
b7a395a439d1245528151058e96ebf3f258b3b3d

SHA256
226871ff11c9216647bc01aa504198a78509c8ba670a2947b28e2195e2510a9f

SHA512
d6ab796c4ac6a6c91a4ec26445d0d549fba72ce1acef0f78e799ba5bf71ca24e7e1fe820e1223897e125584b5fbba2535cbfce6de271fcaa5af002c54d5b99ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b6bab00f-036a-4355-99e5-605c6b765f9d.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f4246eb9138ec8b10e9c5461c43f2e8a

SHA1
1c6d433bc7a2b8874650689187f8b802d7c59588

SHA256
8731c1fb531040fd96809f6afe3078ec67ea3c9c20a2dd37be4527f3ed892356

SHA512
728d846e9e58530594f573685a592171f795cfeb9cc7914407bfd729cb3afffda4257078738ca8f328e55942fed9ad706ac182e9f22c1074025447789dd56f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f6d473fced1bf996cfce1cf4c2399c2d

SHA1
a70ba07741a7d3ce04475525a29eb397a5ab3d3d

SHA256
7e26f3e369934c6b59e352a2c753821f2f7bf7487c2acddf60425fb421d0f02d

SHA512
2cac0131570643fafaa8c1cf7d823c3da233cff166161af2562283df8e247f95a28a533dd38cc641ba31fde326757dec1a1f7c52c01208deebf8b4e59a84bb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
6a760bdf466a50b5430be8247e343c9b

SHA1
28b51599c37d077e55701f42c7d69d57fd1a3082

SHA256
c023cec6b86a44d77fe54d03444ea76852873203f8a114efa186136f11b52427

SHA512
2c766bed279f7adc2196157e72caf0d973f141c0fd06aa36b902a868ee5c456a0ddf70be3c7a94217d1d8ec97275647881cbcfc172590e6e151f5b2eba82b00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d238cde1b32847a7225304452c9f81f8

SHA1
88dec98ce3313a7f5a6f7e8cd855142c32f993d5

SHA256
9ee45bb8f76b5c9dba16571e4c165e589877282ff1cba85ad6981a9fffa93732

SHA512
c89b796a539c7896fe7f2b8412f6168ba029309e635d0a68d04fa79eb75f4923ae53a98d2d3ad8cf9f628e17b6256d8da33c3421248f4aef076b442271e32e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5724b915b4874662fb86f87ce0d61aef

SHA1
6fc33237c84484b848fcd05d928bd4b47128b8cb

SHA256
81778b99649be7915759b1e1ec9d7e62a6092b2237e44e09a42c4a3999e35058

SHA512
bca358a9273a537a7c0d4c0d7442df4d03156db0cdc85a12f47de08f75b23295d69b97a0b24afc517dd20b8e287406fd7dd63f0ee8f039fabcecdef3f53dc1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c256.TMP

Filesize
72B

MD5
eb6efd2202dd267a70f5ddb6982031e0

SHA1
d8f90623d1ddd1b302786f189a1b336a5fb2aeff

SHA256
d439e53b7588656767d9dfbeaeafae08d89dfbcd0318fd49b61ab9e7484d09ab

SHA512
91e5d76b853fb4df228825b52b748276864dc99f790a04051c0a4494d940be0405d4c4a36349c0586a3cf45fccf016365efa6e896bcb39843fc1e42cf7fc0724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
0f8ed37d3139bea1794f6776e4d5f3ac

SHA1
b3b56a1ff34dd1e7fbf7907e0a8f836ae84949b1

SHA256
039588c9b617fbcf998eab12b499bb21e5a78eb057a72ba1d59f38ecab7aecc2

SHA512
5796c941c72dc38aa9a5abf695ea3211812330529cc84913b6af964f0427ebe96039c3db6b87a649a9303f974de62bed52f9557a204d279ca536a24e2c837f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
e98e1810fe80e5668ec53532f9ebf455

SHA1
014e7bf26bbc559d779e9c5f65599ccf61fc3f2a

SHA256
44475153018ae717403fd47b24c5032753e0efd48fef688233d3f96ccf533032

SHA512
289271bdbaa80218507d66940e3c59625670df99b100cba88f1eb8ae3eeedcbda951bbd522b4b21900f3a3dbd886c2ec5c498dd05396f48f16b4329c11c1c8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
250f824fd39513934465c2dabdb8824c

SHA1
7d1d61970383d0870323c8033b3f6bca939ffc21

SHA256
d83c15de25d94b2abb3b7d0cf27f8efb550d1811758c8586044fef99dcac6a41

SHA512
f362737ce3119f29df327e9e6cb0128036e866e9487e2ca7a6aa327490a6836916019bb6456e31469536c81eef7aee062e1cb03ad03eb1b0b84ad48f2b8032a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4bf2adebb84fc71594421d77af8277e8

SHA1
1dd55f74cd3ad76811ade7f27919496b9944ae6d

SHA256
11715ebd563d2b3bb360355ccc967d9f868c1ce5ee23f7e505fb0e3ad2a6fae3

SHA512
4af27c6edcf894220e9011b2593d9999b736ba68792ca808f9d9acd1ac7b4b7760eb8267ba1fa60fc3f8f4c02900281a7b2d45da73b80a026c4a9cc6873f4a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
375718d20d56cedbb67f9d77026b7736

SHA1
30e270707e61fd1e34f6dafaddf2eacefb0dac34

SHA256
0ef42360f5d7ceef2a7eef113945f96716bfcdb3fe4363beb9b9292803c16a92

SHA512
32edcfb2687e5550f138ab175f92e0e42a5124c340e98dae6082bf9ab16af66005e85bd83e15c2ad6b87b926deb13209a3f2e64c9f92abda42b1549c47bf865e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
eb99f18327fe1770f550485de0403b2b

SHA1
53c48a3d462ee5249e82ddd06ad4284c93693501

SHA256
09a63d0fd9449c735edea06f11547d7e7e5f02a8bbc84cee2fa160cf47a686a5

SHA512
78548cfe7dacfec865597b38357d5185667a5b89e193500ba9bc58768e87dba58f0879c1affb9830a6ce3cace5400c892aadb5e547ba07bf4e2dc9076425c93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
23f474d1fe1121d596d8a5c4707c7ab3

SHA1
7fffc94de0df07364b58faa0331d74712e43be8f

SHA256
dff1694079a1d1478f76d550d20cfa7e0ade6c69c732dbe2cfd735a7f2a36c72

SHA512
e5ac26919937d86c551a6c93d39ae781d165d2742835e27efef1ab02d64a2398857617e480f75a0b22cf591aa7d1f34ade67967db447d1b147fce20cdb5b16aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
c6222346dc19a5a798529195c0ec42fb

SHA1
7f725f908b10b9dedee1b2a5c597e2393b29ef9e

SHA256
593ff90cb65b8e6dd475ac82fea2cd738a281486f2073ff7b9eb5330b8647045

SHA512
cc1091c8b57100242d0fe62dbe467669a5b85c16d37bb99720d4d3f7b812323ad6958618d14d84318fd0ae5bc38058fdb22e4d412695643b7cca91ac8bea6084

Download Submit