hxxps://drive[.]google[.]com/file/d/1fLmpdxo5ME01vkCUXomD7WgVl-a3C6db/view?usp=drive_link

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2025, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fLmpdxo5ME01vkCUXomD7WgVl-a3C6db/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
134	drive.google.com
155	drive.google.com
156	drive.google.com
5	drive.google.com
6	drive.google.com
10	drive.google.com
18	drive.google.com
133	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_863148197\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_403241289\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_788_601282315\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_1120127667\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133882115705554618"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{4C7B77D6-90B1-4789-8524-900A45EA81F7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 788 wrote to memory of 5748	788	msedge.exe	88
PID 788 wrote to memory of 5748	788	msedge.exe	88
PID 788 wrote to memory of 1544	788	msedge.exe	89
PID 788 wrote to memory of 1544	788	msedge.exe	89
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 3152	788	msedge.exe	91
PID 788 wrote to memory of 3152	788	msedge.exe	91
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 5900	788	msedge.exe	90
PID 788 wrote to memory of 3152	788	msedge.exe	91
PID 788 wrote to memory of 3152	788	msedge.exe	91
PID 788 wrote to memory of 3152	788	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1fLmpdxo5ME01vkCUXomD7WgVl-a3C6db/view?usp=drive_link
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7fffcdddf208,0x7fffcdddf214,0x7fffcdddf220
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2188,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4928,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4780,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6284,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2124,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5988,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,5395727071972346554,16611181944840144861,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping788_1206718117\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping788_345470653\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping788_403241289\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping788_403241289\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\04d51ec2-cb9c-4f38-8b3f-49a648fcd993.tmp

Filesize
40KB

MD5
a7d36afb9719cabccb27cb17821d6995

SHA1
31979ea65872d0ca1ab3d44da00bc6d28e320c94

SHA256
f6e6c17918bde9e9418cff9d7e9c7945ecdaf4cb5eecaa443326ca6256b7c56c

SHA512
8ea8b4761ecd4f95143c5758b3d52ef418358cc793755fcebd25cd4cc1e57a6f5f5ada27eab36e00f89242deff3a5e1e2cbd2e4fe22831258ed428f0e520fc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f35598a7790353d1482460b7a658a42f

SHA1
7885366d2d1a6b1c7dd61d2a3ae3be44b6f99212

SHA256
31a997b85c978cda6d6cf3b08be96f831c167d711505f22b4852dc96da18ef1c

SHA512
242f524a2a87c245ace6a81985442adc3511d1f6f699ffb424209d94bb8960ea2a0c34b75d74888f0f1b654a1bb0e9d02122d17df2c070bffcd948f090016270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4bb9dc1fc334512f606f3c1bdbe84fda

SHA1
9bab63ef0626c43627c9786117d75feb135f36f6

SHA256
fefbe1dbd678bf32a72d0f225bf3c5c2f55f23b957062ebd7c76d1dd4c36ffef

SHA512
94279f21c28b07b3a59f199583307a397d9871e65471743ea2888e4c41d277eda6541949a6210c6ad16fafb2e22b50d227fe5c2973e241be4e545ecf2bedd708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
dbf1363ce850e9d1a04fe1dd06d98f93

SHA1
10e2b056410ac59c8eafe0a20217fad275f437a2

SHA256
49b851a84a9fe7425455dd72d00c6fd8283bd2610dd232db76f7fab8f2b89f9d

SHA512
26993ce42f124cb6610683a20e2aaaad616db65addda0af001a8285cb83c21fb7090e9d1b866469b9675860a912fc1d896cea67a08635a1b62d720e98d7c3295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
20e299e0af3dd41629af1dea1ee86217

SHA1
051f3586a2087eb7490ed477613673030011bc6f

SHA256
c64101af6e0e40a57262ed07564df10466394493082e6aa2fb87cb26aabeed45

SHA512
f29338ea6992ef0ddf139022c1ec5dbe666ed419b1946cfa44bb27299a936ead211a801b4f716c9e203c3a0c97ef45f6c1e835f713301638db09f2e8641f0825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
5abb3d01d6bf456e04caf48f8a0fe338

SHA1
572a520e3c14944aafce41ddd6f8362e0c7449f5

SHA256
ee3c0bd7dc50fb8443cb2808f4b26a1ce654b7cfa584944dce000ddadda0316a

SHA512
5c3e2be73a6d488b9c469670666004686ed1d4693fe82b8bb5cea55046d35a5c4875496adb45acbd70905450c6b2bf997bac6b34f333022a327728b87078964f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c7c8eb9d1f3434357842ce3ba8be8578

SHA1
f26fc4dc8e26b27bf9571fdc369ff84ff866a34c

SHA256
4ba8cabc352c92adb7bac5039b8ee5e1dfced053d309096fc4104f3e444dc983

SHA512
cede3b9a46f448ca72fac34160f146277266980ff6c1dbaa9a846a09a258968379d72721ac23397ad1eb05ecbd3480d636b7406c88bf001a5c1e09f50fc483b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d021.TMP

Filesize
48B

MD5
44d8d8ab17e124b3109a062218d74a74

SHA1
af9ee436e9f952f7ada18e3154caf71265bfb1b2

SHA256
7725e16d9f55bda89db8249669c8dd4b20ab77abdabbf044083446bdae721680

SHA512
19145142a3edb8b50566311b8c4d626a7ca8b82c2306ee412e5026e8feff92931c90290ca765813ac3f1eba39f4e0718e6384eaf27f89ddde92250988d639de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
83161c28146b8790da5f50ab38c9275a

SHA1
7c3af22dcd4126e5ecd73f5f20476b9e096efec5

SHA256
14480f07e74bc2a73f788aee9376e83e27055ddbf7797a2b0b68dd5d8be47c22

SHA512
17bf06e1260cc7595d775715f772a34a038f44949c72d6ebb454e4edfb9ff9ec75d24575e196374e77976c26c581bc4c976411ae85585253123a62c637aebd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
f0653490362105a766810e30119d9a23

SHA1
ef7ab70d8d10de7edd7b9e4f83418244267f1d41

SHA256
a24a843583e0ea28373d910c2181b17e3954e139b3a21bc0a7cbabf82dc4ea8d

SHA512
848d3d2862599cb9cbf189458cb10d7ff58ec30c17643e029e06011c84fcc17918a915c5d79ca001f1aee51609142db5c1f60652d234c18c76bbabfdff2d34dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
822adc1a5391ece05c3e7bb629dc1877

SHA1
4f34905897965d01ea98aa5f6daf8c5512d12e35

SHA256
7e952ae33ae23de916d3c1fc8e5728eb5c4dac65f2a56690d315984891bab4da

SHA512
2a319115a53d93a3eb3657e563ddac2c43825cd5d51e9194f5710210ce88da03a506c45782a9bfc08b121f3a5ecddcaf2127f033cad876192eb77d097da05140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
77fded73003130128766adfd7489054c

SHA1
84cc01d4a87c1d49810573be7664162598b6f94b

SHA256
542cbac81d5f74d27a799492132fd5c99f09bab3bcf7ea58422a347d39641f16

SHA512
f5666b6cc4aa658b2190bcd118bdd6e48c6496a622998deb0bf36149931b1b584447b8faef531971770963f9daf27f5c55b67a5a7d07aedd216c8d4f6425de6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fcbd0c504765c4e051e9ad10fa86078a

SHA1
dea7f59d9e50f7feebe1b23c37437082b68663cb

SHA256
8afaee5cbbec3bb02bf28d0cb54375011d64d490582f88a3080e5998851b29ca

SHA512
8a83d35e0c7c0b02b10bc0041af459ebbf8317abeeb3e92511642fd388b15e06ac95e91f590817a56a70fff291136b0e313d00f789dc7a5c483396304132d981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
b7f4f8306a228986a67daa6896df6039

SHA1
2826de9eddd384af4c519c7c5d7313ca64353276

SHA256
0cd833a930e0ad2deb5f639e243f4ced8c5cf733bcd0c0f299f8e9ad429bb9f4

SHA512
f1298a26bf6873b9f509cd73837926bbf617f07ab8268a39290f81fe3f45e2d8e8079c0f797295c4cb1ae8ed0e83c450a3590019f1d3187cfd962226c58e51b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
01696f22addefe21d2d0ac1dfec6a9bb

SHA1
1422b1f7bc12371783dbdcf39fdfcbd72b017009

SHA256
daf000d1332c57a6a7e6c9d8c926c210430cffbb2f4cdfcf952851edcb76f298

SHA512
84c24cf076b93ffd088d10fa621b35abb952d85f4ea8e17149f196d0fecda20e00b4eb8ff744801a9c8c5e5b32a310017e803813c36c47a966b1e8ee9e32d1b2

Download Submit