hxxps://ipfs[.]io/ipfs/bafybeifup5cqm2l2vu6daluwavd5rgagxikcdqumuwevl3duw2gga2my7a/index[.]shtml#wilson[.]hu@melbourne[.]vic[.]gov[.]au

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ipfs.io/ipfs/bafybeifup5cqm2l2vu6daluwavd5rgagxikcdqumuwevl3duw2gga2my7a/index.shtml#[email protected]

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1562064456\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1562064456\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_222283060\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_222283060\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_4848_189341599\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_222283060\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_222283060\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1491316825\_locales\zh_HK\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890843010450584"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{CA74672A-D6B5-47F6-BAA1-D411F0958F6F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3092	4848	msedge.exe	87
PID 4848 wrote to memory of 3092	4848	msedge.exe	87
PID 4848 wrote to memory of 4216	4848	msedge.exe	88
PID 4848 wrote to memory of 4216	4848	msedge.exe	88
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 2560	4848	msedge.exe	89
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90
PID 4848 wrote to memory of 4284	4848	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ipfs.io/ipfs/bafybeifup5cqm2l2vu6daluwavd5rgagxikcdqumuwevl3duw2gga2my7a/index.shtml#[email protected]
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffb7dfef208,0x7ffb7dfef214,0x7ffb7dfef220
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2100,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1368,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5068,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4300,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5940,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6332,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6352,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6740,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6960,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5836,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3444,i,2035948119487957208,3242263389962513811,262144 --variations-seed-version --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3328

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1207513307\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1214572706\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1562064456\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_1562064456\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_222283060\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0e5f34374d8f0c92b96f15718d4b4bc7

SHA1
9c0bd9193e800bcd0d332267e410a8136773d422

SHA256
e72353a6497a812fffee7cff6309843e0077db556f83fd5f84c21fb6d1c2fc2d

SHA512
d8c437a6dc151e9970d077055caf306b36d3b9a75056b6eb63fce61bab0c32cc6ede6bc5fc935d36c3b42ac2ae88bbeab9ea9413c9f0d06333bc9c4548858328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9683e1c127fe139d506c4fc81ecf8127

SHA1
9a59cf7f9e11dc5b5c1c26f3ca504933ce74b97e

SHA256
7e4265d47365eeaf0972e3b6f820fcebb66e191c6845edd38c2b3149a57053bf

SHA512
9c2bece7912b362fe9dfac9bd82a5f13114f7733bc5ad456ca6844a55cdf2492e691f6a522b1f4471c340d4f40c9b25d3436fe11ab1c96279d2825a78544da1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cbbc.TMP

Filesize
3KB

MD5
979901bfb003d7afce63703581af234f

SHA1
e23bfd21a090bd937fd4d2c156b4ea4e9c615f89

SHA256
aa31ebd8dfb9ff93a6f35847f4d08b9bdc6f39e24c4007ec806066a123e5fdad

SHA512
517e7ba5cb5baae54f9daf3d87502ac70c7893ff76e33a15f15a384f234313b71881e321949e16588c3afad15944ec9d6b6867756578673e34fceaf518c515c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e9a5ab92b6fef12e7a28e0f844c537c0

SHA1
43f3eb6958dc87683b06dd8f71d121c40ecea80b

SHA256
77461cfc4f4cfe15b94b75e2aa1b0bafb6aa002c0a058b7ecca5be946948e7a5

SHA512
ec2d7d076297fc66e9384fcd4d8749eab71be0a6f7f1ce6de2381be5bf2808eb2771255b2596e6977b0e670e13eeb962935e943f91633f777a80a39879769e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6690bfc04492a973d71e82867ec986ae

SHA1
a76feb667ceb2b762c5cc1f29f655626c7608bf7

SHA256
396cf121fce57b280db8e16c646a5e7a5e3ff7d1363c0ec8a2ba3f3377f386d3

SHA512
3942fe8143621f054a78f417e89aaa839c9b19061a17302ea6863f0d68515df662f37404a54fc5e4a34ed8e6cc3154c1f3c707a9c61bce03c29a14c3caeecff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
4b447b66158a3a9c933a0ce68ae4d0fe

SHA1
fa5c224f1db02ebad3d698e0d1bde799f21ca017

SHA256
27b35055cb3ba16febd9a8e993b8826180c44613ba6d5c5bec131a3d3ec76dc2

SHA512
bb2753c880c27658aee13830f2e92b4263318214945cd76a2ad3e1909208b57574dfff9c5e4686b7cdbea8bc1b12581761f9c5c210a0fecb10e3984de3f39d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b44517d769c731faa08c3af99bb180cd

SHA1
2335b000b5a53e7b96f820b2fff07a6659127f7f

SHA256
35231d720b7233207afdd5a2ef36c9447c0dd791a3068386adf8b67525ed3555

SHA512
4929b918cb605dd308b21ef8a4a42b3d334445f84dced9ac3799b7df57653eb3f85ae98a9bac4a7c9c66e0c20bd2d6294c11e61d82a82af3305e424e88ead624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a0fda371dcd4a9801e0ad9b1dc47da11

SHA1
15c6a84378c1739f375e4ca291456dd6655cfe33

SHA256
038623f1b7d43027a808f88aca209a73e914c05f549cac9c6c8ebdddcc6801c5

SHA512
b393acb8eec0050692590106fb5515874495286586a7e3c2625f824725a6c455dc449fe641a4bf29ed7de9f0c075319afb3d1ab09548eec46aed4ead145192f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
576d7650162043793a5155542192d1cc

SHA1
449f01706df67b0d45ecd65b0ba899899c3365da

SHA256
e5e4058aca56ad2da65e95553796cf8dc5d4bb99ccd804f8e6f29fbe21dbc7f5

SHA512
074faa3a401ac49ca1f410254ae10219a06887c2ec21f096f8f2a3cbd7fe8b5318f82c1442b1b221ac88a49f4186d94c1938157e0d4e7d08b26e1c3fbae885a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
317be5a4fb3a4308d8809db770db2a93

SHA1
56755c233dd2a3e19721d2d47278f995450c71f3

SHA256
fd650b11c766836520ebed5fe4dbdab99d6ed71b59ade1b3f3a0d70f07224d96

SHA512
de185c0a3cecb96db751caad9a5d8992e0e6954a1702a8f969f1f0fc9e4b11db3cf3a9f8164805bc518bebbd618d464c91a6e7a815905d683118b107a252ffec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
da5f3c600b6f38a261563bdadcc6f006

SHA1
c69278c8f4b4753bfca78a697db3f860b404d460

SHA256
6097b7df555036504206ebf1b7edb0b9a50e90d7296a0548e12b2fc69870b895

SHA512
e009714312fc7296d6af52feb43420074d69d449d2b5979ed5e75f14bcbd70908a6e43f549b6cf4ea74834f73d7b55ab7e0e2ec1e3938cf076630145d233ae4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
6f1a836485ad1030376843fe62e18a90

SHA1
7565c39ba9e54dc1e8f42dc09c1359930809f81d

SHA256
d037fe09b9a3169e189d272ed4f15b6046ae4a1c6ece811d0ff8452cba963b91

SHA512
e05adcb6c8e08ddf68a44032616196467b7e67f0dffc1921a6d060aefb5a90981a740c50164c6db7484a56c6d7620d3ba62ce3501a398af496c14114dedebafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
96e5d495ae01b693fe4465e620ebb8cf

SHA1
d85dbbd11c82a3a4becbe240f100279b4b69db1f

SHA256
395c8ee60a6d41e15c80ed42feb7c287c87783b3871d89e99c07569dc6f19a4e

SHA512
e602850203401ffd4fa49c86f4707d42465987b2a8dd3841bff01bc6c4615f2becd0838f0aef355f12bce29fc3d357261f6251850d7b228731052764c20b0806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fafae539864b2456b19470c1a2756a57

SHA1
e250fe336638666b01681da354340d12cb543ece

SHA256
0b2b4b375e8372965ed8400d60e9f10980fb14a518db7399664e11e19a4e831b

SHA512
62b151c91e232ef0131223785f1dc0ee54643483df95d4fef9223fe0c6cb705f149084bb0f66869bc6b160566525598f4e308e9a7e4a85aeb2118df219cf9199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d2619e53d682868a1f47deb41d89b22b

SHA1
0a5403409446104439597c394a4b500eb2856deb

SHA256
bcfd919cc3589b5a3cdd19acba3dc14ae374d9f680688063a38bbe21886be2bf

SHA512
df0ea2f7961499197df564cefa12ffca7dc1048b88c627a227f9eeb23fa69826f03ed56623f1700990d87c2804771e3f05cacccea06f738c7773c8e865a7d9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
842e4bb0d446d627035cd5ce07fb5b83

SHA1
e6841ec9883e4672618e2da322b152713f7dc47f

SHA256
6cb9bbac01ce1c7f4013158858ff6592859c4eeabfea2075721948279c3dfd2a

SHA512
eb8a4af6c56e7f5ffda4d404587d8550208fe6553c0fe378309d5ac4bb164fca55cf5cadc7d450f153323e44a020fc89dba58c3747e7ce6c882e5a800e60c7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
77e6cf57e3139743e8e4e473860ec682

SHA1
a814dba29b4b1ea370848719cdae8eafe71af668

SHA256
7edfd4c7501438250336dc8525a6f3d22e27fd7312dd37418fd9339ebf2e87cb

SHA512
92646178870695849cb9e41e08320438c0b41c6f42a08e253ec7f0a5952aa005970c9e3e8f810518044a332330bc474563a14f27d182a7ec5884b4a7c785c42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2f27d0db83f388c9fb25493139050f92

SHA1
399a2f08b999eed661d78de27a78d10d6db91cc6

SHA256
fec4d498eec2ec58f3ebf12b765accb807ff7582e534644d514ea6a98646c91f

SHA512
29d228f5a9dbeeb87fd84e426ef3691471e57a34eb5804ae276bef95fbc8c3ce7e77ba72974abee9fe78f9c41b276517070e24873a7b72b373ea5179aecf08be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe59015e.TMP

Filesize
392B

MD5
774f00ca770b6cb0eb066f5ee3b5ca84

SHA1
55ef721be9b38bc9a67d8ae9253c9a9fa56e91a0

SHA256
5975316464e720e32a3d380f1725423b361256c64fccc60bc17fd45f759026cc

SHA512
d05b25281a1c70bdfd249fefcbb7ad03d2798eeb563d1cae309d3cebce5afbb3dc2c2751e13c8197d0743b5fb553a65485636e039fdda722ba6ba8a7759bb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9aab5c6bad251031f3529612328942ad

SHA1
c2d03a350716b7699030a44a7e84345217d347ef

SHA256
994bad6f44775dc26b537931c30e46785996d6637cd508ed4080bb050323b759

SHA512
028a23559935b80beb10987916fa6c7fe86742456dd35cf49ec49489f3c161dd1389a02113a0c280eac1e2b409fda0dc19c043139b7c84929766944286d4e6da

Download Submit