hxxps://github[.]com/topics/malware-samples

Resubmissions

09/04/2025, 18:17

250409-wxezyayn18 6

09/04/2025, 18:08

250409-wq725symz6 10

Analysis

max time kernel
72s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2025, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/topics/malware-samples

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
183	camo.githubusercontent.com
184	camo.githubusercontent.com
188	raw.githubusercontent.com
189	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5464_752976146\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5464_489366744\_locales\si\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133886962833191617"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{9E11D712-A52E-4B2C-A3C1-AE59ECA233FA}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{C9106CE8-3950-42E4-892A-5C1513EC803B}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5464	msedge.exe
5464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5464 wrote to memory of 5444	5464	msedge.exe	86
PID 5464 wrote to memory of 5444	5464	msedge.exe	86
PID 5464 wrote to memory of 3972	5464	msedge.exe	87
PID 5464 wrote to memory of 3972	5464	msedge.exe	87
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1860	5464	msedge.exe	88
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89
PID 5464 wrote to memory of 1240	5464	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/topics/malware-samples
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffdd993f208,0x7ffdd993f214,0x7ffdd993f220
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1932,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2544,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6052,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5180,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6200,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=3148,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6332,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6064,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5300,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6328,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6664,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6732,i,1685137556161489690,11197501055991379682,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffdd993f208,0x7ffdd993f214,0x7ffdd993f220
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2192,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2540,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,15259905337482281254,6581824035239888403,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:8
    3⤵
    PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cab6599b57666cebe37090b3c6267bf5

SHA1
c65e9f2c1da787ef24d2a17800e5b08c0ccbe7fc

SHA256
6a45929d97568084caee631e5199aef6878074541d5076d5a04c7539d3d4c033

SHA512
45b3d3440c9f7aae24ae9a2df8e33ef35d83fa02b546a044cd703fad89c84728a368d31e996a8f24ecc85a90da73863a5e1d03cef0e90927c3c1b16cba8c9577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
93892245eb68c4665782b4906365b3fc

SHA1
dc1cb9c43b613ca1a06be2c89867fe2e12f48227

SHA256
14548f89c6fc3a9344454cbcdc6dd2c76f62f42a91ffdebcf6e552b66cc487e1

SHA512
b73aea0717a0c6ab5e7e2f991aa731ea99eaefe69c90361d8440e66f3f8e99532e4cd3545a22929d199a6a0a0a3a31fdc889387b26a978c73559d6f95a4c793f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\785cc31a-49a8-43d3-b864-8ad8d6e7f18b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
821bbd9447a7591a5ee054f76c43bf69

SHA1
476a3c238274c27e0ddff688dbcd66df58f87f47

SHA256
31e806dbb58bf482a4ee1162513ae934e01ac9259865fdcaa7c07e3e8be1ead1

SHA512
eb8b63c1488f6632ea3e885fea7a573791e8984702cc06efac7b4871c4cdfa13814bc7ad534ca7c805cac55a15d00b55e51f50e5febbcc01083bdf6ebe985908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e829e13887566c7a492d03c6315eb6e1

SHA1
29ab51c89392cfe95c32dad2b7dd398d4576cf63

SHA256
b2ac0a056512c54625c11667122b98c2ae362bf0d99b799785753726e9117411

SHA512
a001c28d6e16f2e7d2d7e112ba0cb63656947810abfdccc3349f9d12146d2c783f1335dcc48311f07b25b25a5677b2ed590c91278e878155f3852170444f83d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c2da0339c819d42ffed05cd7555b749a

SHA1
9df106c591fcaffe644021319143d6bdcb81d145

SHA256
c1474b28e032b5ca80aa569556d9e318a27e11e8221e33a81605bd79fd6701a4

SHA512
50b5e91459c47ca131cf16e31a163831d09cd768ea49349dfa03a95bc12456e8a41f61579e0556fbe589f6f2694f9ea8a9c0b78f2585af10063bf6f0c1ec28c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
33112683e1eede061a991ba7ad33e3aa

SHA1
f1c7635457cd78ff5c48f6fb090d5a4dca176ca8

SHA256
79b7adaf91085597bf5ee8195f486d799c8e2b32a8fa5abd6331da43e016f6c4

SHA512
ab78bd32a1c44207b9480e44a12ea2febce81202860db82d998e8db65bc24f6b36c262f324d2c92ecae3a7306a6e1a6181017b6e81aed42736b0afb6239ddc00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
21KB

MD5
16a2448b3a37611fb6d1044ac76fcd47

SHA1
2642709b232cdaf291673f884a67ce8df27ea3a4

SHA256
6b9c7449df1ad2fd405916d57678c3e295dce6761773a56beb3126d019584fb5

SHA512
921dd26674a92ba3ada27c9b6a2a6b5f394385577da6ee479281c2fe7a3232d97b15f7c1481e3d1ee587a8459741cc738c8e51f3c58b15d61607f4fb4e0d0c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
38KB

MD5
32efc8cdbf664d39009891f28ae9a31f

SHA1
897e8c936c885b5fc66309545c446edca5fbc90d

SHA256
af1503390295503bdb6fd83b354817afcba20eec36322864f943476c5176861a

SHA512
d985288e681ac72080e8bf22d4d2c73e75fb9c5921582e5dd7a83ded9740fe8b18d164108e355a46f1bdfd41cf2dc85acbcc2fc53c95aa63b5ee26cfec0f83b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
37KB

MD5
e59c00b9f3a391be74c2869e89f03547

SHA1
14b8326bbb203e565cb1dd84b91fb3abaae7ff69

SHA256
845079aee322967b6704ac394efd85c6beafcefcbccc3e543903aa3ba659060b

SHA512
5af7b8188edf1084e44320d5515b1813c87a7141ec0637a8ff511f7d16ae95d12fe267251e40891d79d393e365334cc11027feb75041b32ff5379c11b0026f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
59KB

MD5
30cd5bc25246ae66601e206faf2f04b9

SHA1
e5e572425e0d942e8af66eed7791afeed1ff92d9

SHA256
ecf858b52679e83634670107524bf5722aa4c3ec08ac562a6d5f6e148f35c6d5

SHA512
ffeaa38a1ab18f84bd6113aa90afb0a30a0b804341d240d70cb5d18407d22fac240c92b91cddddc1c8f0a23748ef3c2064d6abe866f2a95aca6ba70e39497020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
45KB

MD5
86533cdd06c3d16f351ec1d57ec900fa

SHA1
ff57d6c994192edf678112b6e5e7a85b51983f0a

SHA256
9769ab83f184c908d5a6dab5fe16dcef7add900fee6af943f6326bc19e202b42

SHA512
d64944ca8b352ef25fefd8b7eb2879378b2717ade38073d5e013fe944f2e1acdd4bed1ad84f781edd723bd0a4b7643e67fb55a55844a50b917fbc4c6cfe69fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
109KB

MD5
23eba00af0c1710ff02802a789beba99

SHA1
351edc603e80546cf8a37203c1cb77c3d57451eb

SHA256
432881124e56ccba06e037256a20fb7c4a33dee20f31ebe389467b2fea418716

SHA512
0fb28131c2bfc124fa892c7f8af736aa6eb66bf1b9dc63cc5fcb7c7446c0a4c25df7be4aec3357202a69d8fb74cc0b08a856e5644089bdb371a239d86652c49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
55KB

MD5
97ab8bbc61f6935d686dcfee38bcf26d

SHA1
93bd63304c92dc10ea79a7a0096533d05cadcb25

SHA256
608b43d1bd4072d5144de9e836cf456677cc2fe65203cc344171f46db103d827

SHA512
01edbef8cd855e14ee09e23a7058888eca803754d79cb2bfe24b252f2c3855fe830ac7dba8c17d5532426ed3cfb5b3a925d2f9a5dfee6e1f712de07443fda092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
16KB

MD5
736b736d6414cf09150acd35210c095a

SHA1
598c3566ea244c07ba150a5fa5d8bee2fb3abf38

SHA256
0262fdf8364ccf2cdd1fe3f80d769f9e8a91f4a33a8528016c93174f1fecfbfa

SHA512
f6c0d317d481e7282adb39eb85a0fb7eb792cddba080a2a3fcaed89bd983163ff0e57793acebc958381cfa0da8b60b299e6b768c55b6a034131d29fd81ad20fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
16KB

MD5
38e077c12cfa3f256db8e464c3b8a907

SHA1
209dc53f13d1f408fabad1f247601cc610a64d09

SHA256
ce1f1111cd4197eff0126138ea25068bbfdb74d0e3b83ac52058c798369f5f75

SHA512
2f391ec464d4a81de3d23e8f6058116d94c976cd516eee36bb3a705c8f66e809d13b9f88ab36c72c49901044d0c7fbd34d11e356a3888a956b5308cd3811ff52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
158KB

MD5
a85f2754a98d47b084bda4d5b80d16cf

SHA1
785ba374d35ee68c12f7da524b2e21bf86d2a272

SHA256
f17170f603b0e07b71d279b17cee15212fcd7678b120cacc70e0ccee83ae4eca

SHA512
862705a71875d10fcdca8d59b69664bbe7a3d681b1bab1801c260fcaa222d45113d99ee39f08f095ac55d47031c9410f25667df27fcdbceef67b308cb1405a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
23KB

MD5
687d5ee4793de5b13bc7b8bdbd7652a3

SHA1
0ae7bf43ea433c214a387d2c5a87082c5b504e8d

SHA256
c02a6078fe322344c31146e51e3444bdbb2d3e2e2964e6e1e0b11f9f3253c427

SHA512
d998096ab278845599534915c9ea976df6b5308b51b805ce1a4d2c0d239a01c8f98e3df4eccabd83f8f32eeb4cfd33412b0d8dd89c4bb8226aeabc536af8f958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
58KB

MD5
c63f0db8fe5988fadcf755a7a951fcd5

SHA1
7af8489820601eb740fb64ad59ddbfd0230e129e

SHA256
ba9e51ca25ed0384cbe6c655fa1a99d3405db4c919d136889c05a6264ada6e96

SHA512
9d08fac44ee42e42d6e955119fd80c5c3a4f5e5facc263f93270c8b5974eba3e3e88988e4fc5eedcd2ad561ce283aef48dcfdcba3d68c061e0054dd61e6ea3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
91KB

MD5
6577503788fb0e18b5927e883f008c0e

SHA1
a0767a3aee97cb588396c274a972bfabbe50d439

SHA256
566c2fae79e69bd8ba1befcc42cf2b1908686884186a38c1045f8c91c4e15c95

SHA512
f38a6aa104420af116cd5a6a0953528bb0d9144e2ee66bd67724a819cd1c724c9633da92ff4a6a888d3fc0464c500d7d7c4907e7446feccceaf50bd50f1a5db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
24KB

MD5
6f3887d46860fc8b2589e920d39bda7d

SHA1
67fa96830259045c77152a43a2de008b7e03ed6d

SHA256
898c8f2f55c8ef10e8b2d83185d70ff01151c30f2dbb7e1e7e8074f96b553e86

SHA512
335f7467a3bb51d2c89fb97b62a72d007fbb2f18016b148dd1be15629ff9604419ba1b9ccbb69f5b51e03519da6f8d700792b78e5fad540ceb8d034f67f4012f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
64KB

MD5
3187ed9231565f28cdc6a3322e824a3d

SHA1
d11316f8b60375d65f64e55e89de0b03e55b6e4e

SHA256
bcfecd0a8413e8e74e3a5a9975ff32846853914c601b607364edcb690cf9924e

SHA512
df7bd3ceaa6ffd6b20f41776068dff88ec67933f2bd36d1e6f98f11f9442c2eee175cf5dea115245a23bf9ae29c3220ad3e8af65858975d7d72d41eee919d3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
22KB

MD5
5c1683920f0ca7483463523fb92eb6ab

SHA1
679173579d9c445501ce25aa11c07980e0b86fa1

SHA256
366bf06c7c450d212537b1c26c95f186cc6100972a367d0519f4dd4fa1978a1b

SHA512
0f9537fc971f0becb95b32edd831c69aec63034e8d150d5f38f3fc16b05e1b6a126495445894531d48eec4de6ad70f158a24b13af450299081107e1b4dbc3842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bff12cf37634e35e0f63d0d15f8c8797

SHA1
6cdfe6e98727e399d6bea98ad9a90253d5a85319

SHA256
789014ad7c6b2e977a10e4d50ad54200c86c21f379cebc5404e6ad03ef9072ae

SHA512
cdfdcc29fe1b0d6b768f696d0cb76aa57ac7cedfb3beac4970c3c8129e574736b4232d5a93e09c839078e0262d9ae03961f16859452cb9693edad94add552785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5856d5.TMP

Filesize
3KB

MD5
c6bbfe6427c6389dd99d0b84c7add679

SHA1
b425c14b28ebf6084e477eb31d2d70d184ba9872

SHA256
40395b6cef1652556837c93fdf6e0849ac1bc10b04865f197b3f88d33f2e596c

SHA512
1105c1b048a4e8b49f77d3be48345a1aa983ccf07b7cce1472dfdbb8ee2c8825a67ae179985e1b0c0060a4c5e48f184f5c1e9efb5c11ab7c2aa0141317b01cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f9e52ceae870dcccd6525b237cc2602f

SHA1
0d35fce682c0acf07c8311fa856ff774e5579e29

SHA256
202b34d66e538e37a31bc3b558b04117c76d987d24f73d1df71acec679579d98

SHA512
4ed014498d15bb25e654d6b001a26caadacf5b9b4ce542fddb5bca9dcfa240c2351d282801a76d4d30af11f9f7026b2c2326dfa20ac9e4048baab407dd26d5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
7e1d139d584c435a59cf738fbca2ff2b

SHA1
a3d12406805f79f55bd3d0a881b0ccd1ed201aaf

SHA256
bf06e76b315c6402c6e44f716f389ebf936c17e123eb16e27bbaa754d89fcfa6

SHA512
a34815d5066fa05ba268e8f74bbfd9f4f79b49a758687e255aa99d6d5a1391e5fce631821836c5c6f64a3ace4e344d54d118280885781af52eecb3397b799b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
2dde1bea1bf3c6810dd5b80454406d66

SHA1
1e30c13216bb220f8a60550b3b5ce35b9b196f2d

SHA256
bf46ca0cc0198dbb876173d6298a154fa1b51b7c8a1b787145f6d8c14aeb8878

SHA512
98ca150106ce1546bcc43256e4a81c9db263a60f43777e2c98f721e131478cf14890923d73edda389a30fb82fad84899f9f8a0f838a41c27c8d77956a4c1a372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bdd9b4420d3a21829b3d299177d15159

SHA1
d7e5898fc658b9e1a77a4a08d6020f5b17dd9773

SHA256
d87cb9e66f0e0392c78098b0367fde78f2393f4e86c89466120818226a7129d5

SHA512
5473f74a0de1045b965ddbf7890179ce44c5a84b8d04e8ce777852cc87b2f4ff1a56e883e7a3bda94d664c693b2a398b93e14fd13a72a6d4d087908fcc119759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cade4aeda8d63659e6579d14a978c86a

SHA1
dbbefecd19f399ffadf83b77f6ddc96bb3fc81b0

SHA256
a14b42242c3a6bb6142869198ede18f15cd0b926b24c24745c4142bfe185d650

SHA512
54e22c6bc1b8f1b8b422590bb946e16749274be89901381b3fd5db97e0e4a269a930953f20e3d0d35615c65b34a0f4899b5c17c9d716d5bb1c458b117607bf30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2037c74f4e50e792ecb4b638d1066b65

SHA1
54f176c1ad3d9bec7b9df92601385307959e1e07

SHA256
b2de97d8a92a8e2e2b858ebb4521a05d6d1233323917ae79d92fb449de96d391

SHA512
f7b9847f10e848ffa446839465f0d49390c0bbf90fbf1bb700ebe6f5fae06e3491869379de933f3ab84bcc7fe64e37f3888d889514ea6bc6b0a838994bbcf1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
c3c21285afd6e3c1447620e6b91706df

SHA1
8ba0a2d4e6c4fb4f302e6531173e4cd6c12e343c

SHA256
c8d0bfee642f79797ee3ea893bac9c036e98ee1a0a5e78a5bf9d2d28c037ed00

SHA512
72089c58312135b2ef27339b8a60a58b13827d6b5c7640a0b91f58f3bbe57c2ba431755d4d66c88f04fb7e7e3c6c6299e97c030cbe6203d2d41d2f204667bd00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
021567d70b5b31b107a71f2d97ce5f4e

SHA1
91d39518839bfdbf6a79fab94fc0cecd8238278a

SHA256
b496f1394e95df9dc749550a42423753b9cac1308206b90427d8c2cc6ba565f8

SHA512
27a81fb2682163632225c005a84d1fa8a5b0b8e59f68bd947b60ad27c45b9fe41d3ecc9184fc9c42bda74519df4ee094ab8b9a728e63421308a7a24ae5226055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b6f93e01c3326207cb1779d0e438c787

SHA1
8fe9db7b18d68e27d33fd021835f52e77f1efd45

SHA256
f30ed5562f307b669f00939587230a9bac8dc22a4ffdf9d4f890f66f75cc42ea

SHA512
47eae8ac83b24e3dfd412699e474c39dbe96943df78cb08415d313efa6940a4b023766bb5e0dc04982b5f13453e9f800c707e43cdb301e84933611ab73926bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
35a3693fb3f14888a0a24195d129269f

SHA1
4a63cbedd0d121aa40872de96b83f3c66d9c988e

SHA256
644a4536645f14e6331ced477ace380157c290cd6eecf91c2c26514c0b6ade5c

SHA512
a60d9eb290122181a833d216b7519c54e340990ae25e57cd5a4d7472eacbf62d0be0550a5e31917236c675277ff1328e898bbc38fd0e402e1b3a3f730377773b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
bc30bd882e8c7b38b00a83a20fe8a30f

SHA1
5e249b12a350b7bedeb9b61bc7a17fd79d6181d9

SHA256
5bc09a755a0e5e559f299cf13e79bfb7c939914dc0c6f737099a481fdb031d4c

SHA512
25fad90d25994b8a20fb3100257e5b4ef50015af01a14b1d3f78b84643ba5bd68bd8a9cdf4813268b702cbe5b4978f9246152aa308339c74890193f0ed4a548c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
1ea096b46b6ca3f663ddcb8e16d57ff7

SHA1
1f85b9c2def0c7b4ea238e498a9f4248a991b2f7

SHA256
66fe9a3f42ca2174501c2b6e6c66907e894e5957e448f481e5bf81dce175f9cf

SHA512
68ca50ffc691ccca15adf729dec43461aac645e025048845bfbcaf75e5182198107c3d133b290c9dd8093dea628d760e1c491c78928bd41388763730945e73d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
1529beceab6fa4d6f7f7ffeb3bca6069

SHA1
a0c7af4457727e1b5e57b5bd0d1b69a54a1d5b5f

SHA256
16b9a013cf7e3a695dcb322b849ce3dd5e6ab5be41e1ca2e517d01e2eb274f42

SHA512
24e85ba55c9420ab8ea02d936b051f7a920681de5781604097474ecb6b0503b1aaf4d47219504a3aa089cd04bd7758f20f2c02b870191b25e882d086dacc83de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
80e7a1e739bfbbe3dad04fb40acd5595

SHA1
99620d42b52ae43f3449a47bc703abc17426955d

SHA256
7663c6599fff5ce97b701078e28106e8061da976bf542bf7db72582e9a53773e

SHA512
b2d8135c59b305831d56e2ed98ae5625dfe746771c2ccbc0c5c687cb272c7a36e1b9ab2b212b9062e28fd6cf709c79a8b3e81e5a0d0cdcf7ac132a1fca0f5988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
90de69189e69643f13a7b0a82df4d3f1

SHA1
7e88cdfd92870a4472c0f38af38b52ea112b8b33

SHA256
e5754f7a9395c87f61b355a22b02a60efa45af07672641eb785c60de3479fed6

SHA512
16dd2a75e501b6116101436634569dacd29af2ae9a8d92516e5d45e35a5c962422cd50b92abb04eccefe8777af198d4c5b1ec43a839804fce7a21362ca7863ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ef1b5f86b79afb0edc4880bf2639e8a3

SHA1
d8caf67b8ccd9d8cfe02ad82b0f5ab466dae523e

SHA256
d0a675d99984f58755b1d542a12e16b1f8338ccdfae51d67cfd092dd6bcb981f

SHA512
3c7670feae3e991aed2236c9c31cec2e58fd871eeaebe595c175b2f16f9a97177aebc4990ac4367e9f2d35681d1b44df3086ecee312feeb301372f2b5a26630b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
79e913c6092eb335fc0662f53f93bda9

SHA1
9de74da77bd6c4beabd4c8a8980b7b48c449cb3b

SHA256
542740d5c9f4328b97958eaaabf759d27d90db9fe6a65f28531195cec4100898

SHA512
348060427996be0a6f6bc66e76804ed73498235fa712e2f54e5682c5b6e2aa1aeaa9536f0b820a1d825fe59a6cc0a612b90465b06655194fea0ee6f915937c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3d9a245dd1cd43047cd87095585e2752

SHA1
2bae5dadbbb29f17596ed9c9f62ae984219edc0e

SHA256
877abd62817561b51afd0bd26b11ada2c93f8777c0ba5db5b8a4e8d4cf19e8a9

SHA512
2f7aa0c80a5e60027d9a15cc396a2bd0829fa05cfd0f96df5ea3fac2c2d2ad14853c5e4e7e24fafeac791687f7a700d971f27867c35f420943fd240017eb3b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
561013f0342aeba2f4de7d673893a868

SHA1
721c572fdd744223fb60abe859246a66f055c6d1

SHA256
e919437afc15d693bd3977f05cf2b2ad694bcdf1afd0d061aaf40cbfda9d921d

SHA512
2c645d62a32d691a4e7c57ae63b7da31bdccddf7ab354e9afa99a20f624f9b4425927ebce58f33fa8e14c1962bc101fe0f723eec0add9e950e0aa28687ec7aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
b86b579fa1958014f6cc085028f9f486

SHA1
fe4e0322ad59f62b1fdded04db407ea6f653c697

SHA256
a8e61251436056548eca4a3cecbde034a0c9b8212cb5cd29a1a8ab997b11c3e2

SHA512
88ad81919d83c8c5b971c8e3bde5d7a592e8efc2f5b9b21a992447f7b7f96c8c261657bdcd23dcadafa26c48af804dc6c7f018bc1c0c4e66d43dcf6860064126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
db3742d5eec348b7f499b87c8a1456d4

SHA1
c5513f60eba0648f87f69becaca4f8860cfd2a21

SHA256
1239e50769513c1869a7afbcbf0e32d9ea98a89ac96ce6a503b91849197d097f

SHA512
3c9cd9ab0f8959a7971e2750476a7ce6742ee40bcb9ff5f8704325bc35f28fbf48f2f100e35955355eb4d3814756534d0f12b2cdbedd53a5541989843cae5792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1f97a3088f7abeef165064445cf253ce

SHA1
2ca4a88087fc48338b3d3b41ffd463acb21fc0d7

SHA256
97eb4d1521a396477af8a2b3c84b66afd84f788fffd68a4700ca86d996ecc52f

SHA512
7ff7dd429ab040f5786fd499e8dae4d289feb6fe57de0ac9de744b7a079fee0c9014a3b3b450b29826c44d9a4079e713481bbb9a8061330e5571e57aa93c9e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
6527323484f61138dab5d0a59fd995ce

SHA1
11e4b2a568118a445a7f7d3d9a046d6ac476cec2

SHA256
25eb97d93d78fe86f257745d9ee979a913dc8f7b3a7e8d7ef3121a21a7eee2b0

SHA512
a38bfcbbf187f3ea2c6685c6fb868bc9df774e5695f9561854b4e0f264cb186089096329ec1ec87e2faf09fb4a721ec1c8051669e80d2742900338e2056c4b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
d1b8cd6a9a371eecd03ae53363dd6a7e

SHA1
763562580c5721ecfefd46d1576da0d47c4c7556

SHA256
c2de8be02980200d768035e47bcdbc915f75bdaa44774f2bae667af0517f2056

SHA512
3ce37b7fafbbfa197549c95f20a2eab7ba66fe1600d460ed41abe9720c78aabd3cc076e0efaa0bdfeee5077c3ebf0bd75f81bb3822a32bf3097d664fbfec1503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8833ed8d3bc38540ffa22d71e8bcdcb2

SHA1
d228669ef3f9cbd36412b1ac8f15a7e3ba60430c

SHA256
b9bb5a61a0b6e182c1f4f3a6c19be6028b5946163b63c9f1377db9c31e5d11b9

SHA512
e101a1164a3031bda83eda76573c6ac8492f5ada958aece6c804398e57c7d204ef8550556efc6fe6ce1810b170eeb5d47986be381be0ff73e7b9b5b538e6175c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe586c23.TMP

Filesize
392B

MD5
266ad38da73727fc17d14106f0710b8e

SHA1
5e8eaffd255690ea4b7c2de98143043e5c8478d6

SHA256
91db17043b8d3ff2debf6479feb5e1d065bd2820e89ecd4a5226955fdeb2db85

SHA512
68450a5187aa5a32676b20a81fd86fc72b9504bbe385868f11878b60ec8f246670792ee08d31260676550e47427814395a855b9d20c86fa7ab263408f24bd513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
537db0a5dcf79562ceb5738444cc6e5d

SHA1
61a27baff3ec3beed07a9ed8d5809046eac0f618

SHA256
28dbdf9ea957d828cb8c72e91b3a13a737e3595b9fd565df0e345f44cc695f7c

SHA512
e9ef1b8345ac55b51241bd81500888437b77c5dd9f26b3ea6b9a3ceb788315288b55eb28f547f4d1d139811bfc35f0d3906b0a255d123064d4c58b263fcae737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
765f20702f1522500ba4c3794cad0455

SHA1
d4afd37cef092b10f300563f549c67eaaf8f3709

SHA256
1e306aab8fd850c9a9b76a67739a19fb56aae8f89da3293378c7ed37cbcc7d27

SHA512
f890d644af92d5e60d702ab2760b57d45df6a214e7f036646787cd53b0dc258249a858426e6c2fee6279201a788860d42186930bed8caea3dfdef09823ad6d43

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads