5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2025, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe
Size

43KB
MD5

a7c044faa843b4ddc7332e8682b8908b
SHA1

32570c7a0a1401e0c81d1d212d62c910e3813619
SHA256

5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e
SHA512

1a0b855ce193b9e9d07a4e7f3e7eaac34e12388908907ca6f36d150565acad977130af0b5781a9cbd4de9c7fd7f759f3e1dc0db02d583320d897d4cfa0854913
SSDEEP

384:UZy+Hl9n1iDcsyEqt3ptKwQsElGhOEazcIij+ZsNO3PlpJKkkjh/TzF7pWnPmgra:i99nU4pEqt5tKhohuuXQ/oiC+L

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_983844571\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_983844571\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_983844571\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_1961141543\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_1961141543\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_378922606\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2836_918423181\_locales\pt_BR\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133883088556631034"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{60D6D0E3-EDDA-4D44-A0B0-E3C485038DB7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2836	4600	5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe	99
PID 4600 wrote to memory of 2836	4600	5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe	99
PID 2836 wrote to memory of 3956	2836	msedge.exe	100
PID 2836 wrote to memory of 3956	2836	msedge.exe	100
PID 2836 wrote to memory of 6136	2836	msedge.exe	101
PID 2836 wrote to memory of 6136	2836	msedge.exe	101
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 5492	2836	msedge.exe	102
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104
PID 2836 wrote to memory of 3512	2836	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe
"C:\Users\Admin\AppData\Local\Temp\5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ffe95bff208,0x7ffe95bff214,0x7ffe95bff220
    3⤵
    PID:3956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:3
    3⤵
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2332,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:2
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2456,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=2956 /prefetch:8
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
    3⤵
    PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4904,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4300,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:8
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3668,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
    3⤵
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8
    3⤵
    PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6344,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
    3⤵
    PID:3188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5552,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:1
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5016,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:8
    3⤵
    PID:1028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
    3⤵
    PID:700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
    3⤵
    PID:1856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6540,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3772,i,9294375065699627977,1632073622865598938,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:8
    3⤵
    PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5bb25fc64fa856142f6f86cd069dda1698badd8a1a9c69bdfa06ec7770de239e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2836_1420660183\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2836_1420660183\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2836_378922606\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2836_378922606\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2836_983844571\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
78a826a886bf8bc2f8b45797f48125f8

SHA1
dd9a47834c902ac314ae42f3ae3a530921f04ed3

SHA256
1a6645c4af357a7ed89c0fd1b6aa5814893020fb83b83e794f99b1ed074a48cb

SHA512
849c9f29aa7a3b7eff3d56aaaa14277b4b3b23de3110dd413e1de9e5aa75e8c2234261f077caacadb9636df44a790ceed2b4e4f018ea6666c07a31cf74dedb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58219c.TMP

Filesize
3KB

MD5
59012458d67fe3781f4cd5f2cbb740b0

SHA1
11efe45fb7a41ad94953276056436727c001de52

SHA256
d9ba08e931a9a7163e9906094978c002e91d23e1f00a6d2cefc885c01fb4fee6

SHA512
a93c4ce10db29f53d8a23c312fe4300a1d2dc220c6841a786d37460bbd9c67b3d775bb63bbdba35f0c3480eb914b72dea28d6c833b9e6269d646156cacd90081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
82971a81310343a900329fcf4507d6bd

SHA1
55e7f98ab1040afff94572c675599ba09c42534e

SHA256
5e3e43f225ae932a38bc38bff152f5f124fed7ed80bd1004b7d88d31db0d7f90

SHA512
20ec0408a0f79f86ed8571feb17ce286c317c9328847b808b4fe4543922b43c4aaecff109c7d632db35474a14c3450f6a80b73ef97e3331a55e459ed2c4b850a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
81af15de4bd63bd0b23dd90e5a0943a3

SHA1
63037d115b473ad634913a12e9237a2d6b92318f

SHA256
3eaba35b6801cb9fbec968cc3a6b1bcec2dad31f5304f2593a54f4f4b30c0e88

SHA512
355a3c809ced6ea306b6586894414de265e33f57a7a905949f08fde23787fbdebce9105cf3d60c7c2334a372c60f794c4e7552f7f7a710d4503d34b179fd42e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
304d0efe946b898d8d623c18424fb85e

SHA1
043d2a0b91ddc79b5cd5033ca0fc4eeb4ff67817

SHA256
e259baadaac39f724c91e5f5840f4c9c6ab061f1c9854e413dab530b90a85fdc

SHA512
adc25c59c312e22c04d501c361b5c11ea8c83f67f6794ac40a0b9d56cc2cf584a90c90cb6deee4a53d7bd7e06cb0862be9e65d6e57f95d27948f374d20165616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
26c77a34aea1f4f4778dc06e8c757970

SHA1
26e04b8ddda8e843c3471329b96fea4a448edcfc

SHA256
aff2cacb537499d039583af28a2326b3e512a400717be399c48ed9daebc30a4e

SHA512
641eeca75c9b0efb7caf7e4bf27974ac9389dbf34fd8c47ce3d613aa85f80fcf8026d857d98b36aa00533904cb53c9a859463ab93a11e4b347489c335c08895f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
8f3e50c08558b1fb9e74635515df778b

SHA1
5041f588340dd3a1f3e4f03393b99dbc24c34da7

SHA256
5afa8d4cd1fa97a08d57af68ea0f2043280b4a3a134faa6b5454196573f62d90

SHA512
71fc0971348676fac4491f3b7812b9644868e086b1f6d738873570fa4487ad41d26777326535079b083d9d9242a76fd1f1bd8f8d4b00edadcea61b2b22d52b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
41adf7576cb910fafc499866d81e8a62

SHA1
b9c444f6014a2bb2842aa9d9bc93787f4630f6d6

SHA256
3bc7b2b4ab9129cabd0d063f23a805da739e893c1ee5ba9e60afb10125f5c495

SHA512
964da9d10026011701b17c9178bb327d5dc875cbfc2ddc28b43ba599ecbcc3ddf7ce27ad5cf8b529f4279d94a9b0a19b4a0096fd821e2d805e7ff277b21469c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
52c384ec28027242ce544e98a5bff513

SHA1
b47efc0e753b2cd86eef13e3a6bda8e3a431b595

SHA256
e6f0e2962628c40456624f3062e4b1f50b7ac2235ea85c46d47f08d2f8aaabf3

SHA512
7356540b5ba4c9be0838d364a02ae016245634efd052e55bd4b7720bab36772b21d448fb309befab188d01a93c59d06bb3ca93ccaeca58fceca9afedc9155d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
894B

MD5
9e8a43d13f5740441dff231399cbc1cb

SHA1
e4fc1cbf87464faef723403ad057c02ac0a0d293

SHA256
2162b74afcd8455952d87837109749ac0f47664c6d11d3e1d4d19c03a340d585

SHA512
f2d94b8230135be1627dd377fae2b08657f2c0b420f39e2b51a98f408a05b7c941a0d1d5c2bed19568561e82dbe64d1d061e72e0d7daa34990ffc46f9b0e5781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\c78adcb5-83fc-4b15-88b6-f69e829abfde.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f7817ce91656d4abd75cba16cc6f8181

SHA1
85dadedfc93a2275c4029b47a2852debe652cbc2

SHA256
c9c0fac568d27611319e96c3eec0342d81302d0550005eed749219f1c0ab82d3

SHA512
1678345491df9e8b7ecca2244c0120b03b11a5973861e9fb6e087b023d153b351ed6a72916ac0dc1b4388f8af8b356fa54432c2daad5d06d5288156cf2153f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
dc3c9d1051742cc093dc5b3ceed20a9a

SHA1
fe3525076a15a50012ff5287fe8d1d486b042127

SHA256
652f6c39e3ebd7f7f5a025fd5b04c3c37a7002622aaa27ee103eb7f1ec12551f

SHA512
342417e82e7688cc4de0d7ba84217ed0295d025fc1e41f351ba2ba51faa66041749ec34c1f8a79fa65cc24fb7f2571c05b414af052435cf3c8061dbdb5cbcc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
3981bb0ec370e3ca910e622d2f844b4e

SHA1
ddaf206091452e56fb094f2e9539e3f6ecec6e21

SHA256
95630e06c0f8bc849e0b851b7bd641c75228e3adcd1837cd8cb2f634265c7cca

SHA512
4c857ac273496fe597cc47b6171432263b0a177ff774157372250809c7d68dc9ed1de032857d7bc8915e9d7f9a7516262de312237c05dc41add07a9ad8f15579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
5cff049a661967432149c17e97030042

SHA1
198a85391015f95056e7832298663b03949e9dda

SHA256
c0630cb8d8d1bf6f6237a2f51adb4f71b2ae137c455370398ab618b3ed8673bf

SHA512
8edc277748845f104c7b7b7d9622c1ea7a5feb5807a53df24ec6e3099474f9aa0d03e1f061b221520fe8535e8be4b850832995436839d6dd6bf5a3401762c01f

Download Submit