hxxps://drive[.]google[.]com/file/d/1bEJiXO1y0gfKXk8kzfdEKjTDDAqNSRnd/view?usp=sharing

Resubmissions

04/04/2025, 05:20

250404-f1rvxasrw8 6

04/04/2025, 05:17

250404-fy6laazzex 6

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2025, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bEJiXO1y0gfKXk8kzfdEKjTDDAqNSRnd/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
8	drive.google.com
12	drive.google.com
21	drive.google.com
29	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_949997187\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_949997187\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_329594739\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1730617681\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_329594739\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_329594739\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_3772_1859386672\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1983076994\_locales\pa\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133882176540441897"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{C2E95657-FEF0-4919-B837-EE6F6E99A160}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 5600	3772	msedge.exe	86
PID 3772 wrote to memory of 5600	3772	msedge.exe	86
PID 3772 wrote to memory of 5284	3772	msedge.exe	87
PID 3772 wrote to memory of 5284	3772	msedge.exe	87
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 388	3772	msedge.exe	88
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89
PID 3772 wrote to memory of 5768	3772	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1bEJiXO1y0gfKXk8kzfdEKjTDDAqNSRnd/view?usp=sharing
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x1a4,0x240,0x244,0x218,0x264,0x7ffd5952f208,0x7ffd5952f214,0x7ffd5952f220
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5060,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5016,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3500,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6140,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6792,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7016,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --init-isolate-as-foreground --pdf-shared-library --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7248,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --renderer-sub-type=pdf-renderer --pdf-renderer --pdf-shared-library --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags="--ms-user-locale= --jitless" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6788,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6876,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7508,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5976,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3472,i,4951307639469479631,1710205011994901262,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3772_1524437770\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3772_949997187\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\30bef17f-0b40-43d8-b3bc-5c33f5458cb6.tmp

Filesize
41KB

MD5
b89d08273c5f27bb9154b1582aa34d4b

SHA1
c2734a3e012366296d65e75bb673f1ba958a34dc

SHA256
3495bca1ce69cd8f0466ce1618f3a96051b1344108e62a73d2322ea41b0b272e

SHA512
a5c1d74b1dc34a9857a27b3c14f4b6aeb3fba75a259927a8eb3bb6fd54a04edb793afbce2db6099805ef4076541032ca9a3c3635b80bf91d97c5dab9eac477a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
690119a220932ba31b62d1b4cf9aed7d

SHA1
c6a12bcc7b49d256856489c2cbc4dc18fdaadb37

SHA256
8ac56467be274e7a8bcaa741aba783d72e8d9abb2589122d0a49ea967f09b5cd

SHA512
6fedcddf13c17d0d2db20f0cff3927f08d941a2ce586845e190afbdec2f68bc44e93f61eb0bd135d9fa3f6eeb71d1ceec707766104ab0a666c7d0c9d84fe7c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e000.TMP

Filesize
3KB

MD5
1ace600d228253d88c4872442cca9d7a

SHA1
cfcfd919ce1a2e809cfeb5585629812c76abe230

SHA256
a2a01f7b9b4a61a0dcb5814308ce3a06a243708d2c2dd90e60d990338b9427bb

SHA512
5483f82bdceec5e62ec5941cf3a6002ca758add9d9143e14fb6604d495a39c5f0ea1ff608931e41de0aca4693ea2dbe07ec4a3c12e798bd0cc3612dafc0acde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
42364b9bf6206465d3dde4f5a9fc83d5

SHA1
654497ed6fd1cab59bddcb6ba84606918938a650

SHA256
d75fa9a1aabf2b76bbc6bf8e2ebc082234a35601ef5f36e32b0be2ff3311be29

SHA512
0e09a966485900cc558869c49825a9a9c9f3c64d829b0ef7a57ab66c7244d7003cc831c7cf55da33c6f25f61fdb7706d03e6d84373524c470f4aa3dcdb2961c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
556b4fe49220adebf78d7488bfa79c33

SHA1
063a6fd12dcc4d0924ac9fd00c519dab334040c1

SHA256
4cf7c0d4b5e1eca47996a5e67c9fbb311b4ca620f3205db8027fe65b90e9a1d5

SHA512
4fcae881cb528aee6ed2c7b404a98528d3b6039b29a4994f7dbb9e95e8ce6f3ac9069faae7272e3606951519ee37e98ad74b1a6f79c5e308d37a13c42f346c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7be86d826fb0a19194fdb664b4eb93e5

SHA1
36ed746c933e62443ae3dbf1fe65083e54300b02

SHA256
326220a7ed0ad96fa1f7e9f0b7e4879e1283e311fbc9f69971d29339145eaaea

SHA512
57bbdb94d6cafa6510bf4c282508b64fe9918b3f85b1c8eb11e9394e1d9cc0a71d6a55c1ffa355e3dd906329b89148613dcec25888a157f2bf521a3fe12aca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
a24b613a6adb7415dbac6d580392bda8

SHA1
6f011fa17587f0bd9fe5d107535d80534f04c555

SHA256
87dea5a2fbbb8b0d586b41eae77722ad7330a3834730dfc8db5fbed5b7977625

SHA512
ceb0362ade30c3219e98ee06eb13ab5381a227a842cc223e7ddde5b7204c7ea65273daa2fb142823513ce7d92553e44cee0c830530f4081abe392c19a539f79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a7a301f5cbb5272ab513676be275ede6

SHA1
503673e0c3f27ac63c86d92295ad8d0c9c4f1da5

SHA256
79fe48c569e11e788d1251d90be30597a27f263a429567a13aa9c267668e3d60

SHA512
d7e432ae18149a7fb4828a024e960a41a62eb779d62f5a34078fd2f9fb329b0a8bc02d1a34c466471ec30d5238318edc2cafe35eb7b9d831939ca3e6601dd790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
97f56008a69843a33b2559f824aeb2d5

SHA1
eb76b08f2f9829a26d02391b0b6bed3e79f49d1b

SHA256
30bdab815c1ea776cca2a8543a59d90cfeb5f665fdfc2bc85abd3fe9d4785305

SHA512
845743e5a8b8e65c5c391e0ed2d865b1b987ff5ccfade3b2453f62fdaab801e399a59899ebf08dc598db3d77736fba53782c7543f379aabb4114d85cb6477048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a7e8.TMP

Filesize
72B

MD5
6e32ecbb5602ab9ba529f1d869a7dbde

SHA1
11a2e97c02e2c539b8927420bf946b55b53ef542

SHA256
c8b21c4a72fb31f630a1491205c1b97c3e26ada9f364f4dfc7feadf12bacaffc

SHA512
04e66cc7cb800574a1ea348005ddb4abebc0ec5a79c13db6e41efeac5f68b5382a9e3172a352711d09250cca19ba2cd6a6c157968e76132bb9bf2273bcf7fea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3ef531964c0c8ac21a39945968c1a873

SHA1
ae2b8d603fb2541da1fa73aab0e54947abedd61a

SHA256
32557771f9f1e70b12a88c60bef2be7c7c7dcdad9c7aaf78f89b986688199072

SHA512
7b8b0d4113e272619f46cdae509e7240efa9d80a3014af30b017e2cd4ea1d843a87b0babb0359e693291e561f40e00d7f70af9e22c46acac6c424b9aa6e43914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
c3eaff2b629d56d975b17e9bb70bc0f6

SHA1
0f959b11d979352b58edfc62551ff1c3f0c3b9a2

SHA256
ca54528a0cf6c1919892cf6a7f6b56c94bb7a94b288cf29f6ce5ffea603bfee0

SHA512
3efc69c27afd02cab6805572e85536af627a8b9850e40862780457cf8f8ed36581ef191c0dd91dfa31ba55b1412a8e94f01c09b335ec649906e1e498bb3e6133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
94f8375c390a40eb084d49021e909a2c

SHA1
63ffab6f5acc11d3bb4e2daead60e2d94fac81ed

SHA256
80a7c3046bd56c88378596d492a814e0b393a6663ba2553ea87de96e2940e5a2

SHA512
132a7243398bc77b89adaed3402af460b8e336bb12fbb937d0e4549d844728ddd22ba7315b0a71d359afec658a64fc7567d7cac1dfc3936ec6a740d5edb2c573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
d6b705832e1933f8cb434b294121d8ac

SHA1
c977ad1a6010f5f207ce6426975571cf9b1ba6d1

SHA256
ad492346c380d0ab1823643eb2f55d6d077519e3e2a98eab98efa97471da0662

SHA512
d6e8ba01488d6bee6178348874739f9a985cf99a3eae1d2d10c553691f4d756672551710a40abbc9b6ee5b2f10f1654a6a3a3f61694f709229e65a541f933fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
4d4bb9df73a130d8d69e58d9b2970e55

SHA1
50079a912b4cea5e0f4f1f6c0adc853466ce99cc

SHA256
1e9fe539d4f883c3525a5e25b6585c582120f5e758a5e062f03e4ac5bd8d8b3c

SHA512
11092d49fc70a20d3ba22f63dde75be310af5c2309b117b9c32d666c87e4dcf8344a0ac6d35428e45be62920971b021c9d3c75131d9d73afc2cc90d986d9b7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
beb288c9a35b3cc7e7971681040de73e

SHA1
02a87c819cc846db5c163a639f07da30895e096e

SHA256
828626827ce0a4292ecd18d9f904ee45ee3e83e0a994b183e78935c2932d6865

SHA512
37d33645346ef1ed28ea202b7e9f9d2192ecf2ea1fc5e476619872c7981b1939d2ae4894b552ef314da3f8954624e2931d4283ff5300dcc9bc4b4703cfb054d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fd5fb8cd212dbde473f802aa2c03dd08

SHA1
f6c01b65133a8bf19ba20cc993a23dfae6509095

SHA256
3da474eb5633d21fb859937df0723dfd0f3cdd153d4c9085febbb7e632170d31

SHA512
c338a12acfee9b4ffc7333a2290dbb0f0f893b840fb371a91aa69adaf9623aa065ad8e2dc0526140da4126e23632b1e8d2a92400da858bd7e9a0e32630b417c6

Download Submit
C:\Users\Admin\Downloads\Push me!.pdf.crdownload

Filesize
156KB

MD5
808eaa31ca768f64b67d1e5719a22f27

SHA1
0ed09f600e36f401968e00efb7891e4d66bb9c4e

SHA256
b5de7fd9ace81260405bf594d4ece2edce398fde5719a5455241931863826ace

SHA512
74b0dd68026175621c993cfddfbfc05248ac82aefa7524efed715b90a5c62b4aecf555ae0bc189f3a950d249d4bd64df7feedda9666b0c6c6bdd163f6cf99970

Download Submit