hxxps://communitychartcreate[.]com/sharedfiles/filedetails/id=22958644/

Resubmissions

14/04/2025, 16:08

250414-tlkpya1my7 10

14/04/2025, 16:07

250414-tkszxs1mt6 10

Analysis

max time kernel
107s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://communitychartcreate.com/sharedfiles/filedetails/id=22958644/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3152_1708736566\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3152_1708736566\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3152_825292393\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3152_825292393\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3152_1708736566\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891205298004311"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3833542908-3750648139-3436651901-1000\{60AA952B-602D-4C3F-9B04-32EF0D5FA8BB}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3833542908-3750648139-3436651901-1000\{69CF7F42-4827-4B7D-9B56-5402C002E560}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 2496	3152	msedge.exe	84
PID 3152 wrote to memory of 2496	3152	msedge.exe	84
PID 3152 wrote to memory of 2180	3152	msedge.exe	85
PID 3152 wrote to memory of 2180	3152	msedge.exe	85
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 4156	3152	msedge.exe	86
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87
PID 3152 wrote to memory of 2236	3152	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://communitychartcreate.com/sharedfiles/filedetails/id=22958644/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ff9875ef208,0x7ff9875ef214,0x7ff9875ef220
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2332,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4248,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4420,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6580,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7080,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7148,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7000,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7336,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6860,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7324,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7596,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=7676 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3744,i,7472894100210320590,16515374711933327379,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:5332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x26c,0x7ff9875ef208,0x7ff9875ef214,0x7ff9875ef220
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1912,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2516,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:8
    3⤵
    PID:2144
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4392,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:3912
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4392,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:1556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4472,i,6025841167138768598,7094339141116992587,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:8
    3⤵
    PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3152_825292393\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
6e82345aefe362b4c5071e7df6c07407

SHA1
44176a6b5c2722280699b8cc9a174d168fd4c161

SHA256
ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a

SHA512
20c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
35a8855382e65b362b420242c3987908

SHA1
837c18c78935092ff66c9bdd0bd8ca1ab09ed1bb

SHA256
668034b8f37ea4cf58d1bdc5d657707e7d7a8535df8dc484e4834db43c3edaa3

SHA512
8338b0239747d68346ec946c78facdfc04069d1451ed99d05c553c2a388fd9d8e2d8ed5eb3c86ee830a4ad4d15a363105831c7726d298d3ac2d97b877e098253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
16d866444174f56021f3b8a32126a79f

SHA1
487ecf8312a06dc849d90418de2cbf7e42d8dee6

SHA256
4f6b9aa5ccb03e16a99c1bc90d963e5e105f812ece646764e00b0ee593d56c8c

SHA512
83251093985709749995d32ae849764f26352048d270e9246ffa1e1fa56eb647df327a5557a068b7e99b8a690a75e4381eea59ee2851c52d1d428d28fe9a8c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0722bdc07c7e0af9e20da5d491d811c1

SHA1
17a074413aa7ce1bfdc3ba6f6bad547ae3546541

SHA256
23623472219b27f1ed929c76d51f9d76d90ad02c4bf8d37d4da9404d61dfe2ff

SHA512
7fd5b8edcec6191f45b5ef076782154a40a0321cf47d434376ce483c622d6f3d5fa3b24288646b28b340c757e4348da7cb410ed70629b16f8f3397c0f5491dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d9785e91e611c063a66ed926a2b4e8df

SHA1
a26cc634c8e2faa4079541779b2cbccbbfbfb7c1

SHA256
8d86adb417adc05b1a8d52677af389732a1379ae4ea5d922a935c7a9855eeba8

SHA512
505a6a04c5b5f560fc70a91bc9d9519197209c55380c608421291ac0a241b99d48e6bae3e8d254964078ce9da085c1725fa1343171c8ede338a9de1f03fcf242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
60fe601be4dd9c33fdc8d147070c8723

SHA1
cdca0bb30a052db05c03455176ee9942821ddb18

SHA256
a6817224e9bc69a606eb109b1ab23cdc1e5f65e62c4927cca6fa370384cc5822

SHA512
8cb6e56d314ae6d4da74775f894e428f6e774421a349617ec53ab468092e4bda6c60b2508edd94a775d5b725f526d893d11593b61932ed809edd96da37c473c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
45c5fa13b20ecae324c584895611eabb

SHA1
9214129de3ac428e5e9806922138fc293e19f890

SHA256
9ab83ca17780ac4682f9ca4b19278aaa5936a5b14661a1b6e2e9e99de03883d0

SHA512
ac402859e44e63aaabb5945ce96067f968a5be7e11572676ecfc4dc92fbd9cc5f7e25bf5f66ee6bca69ab56d342c8a4ffb06f4e3b963fa9e072b0e190890101d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3b3d8106573c211d342b41554dcf5380

SHA1
82d1b349ec446f8f10334fa517c9dbefc6589410

SHA256
9b28f1462af626035db6f3001c6ea3da1c70f67a1bbc1f3b49aa8e0fc8a27cc1

SHA512
ff91b119bb3df712ee03dc40b1da2d8a6c6aae22f8002a46954a3b7807b2878d9fcced6137d9b8b62243a2a2742ea031b4674d2867cd077fa12caa46946b2fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
e041f1a97ce5dd9072d942926f5ebf2e

SHA1
46be98ea0c9fed00b02f3361545c744a365d922c

SHA256
4557fbf6467a01fba5b53fa8b843d04dea2c019f9a5fc4c9eb1db5b83b0b6488

SHA512
9afa717d7b60905866f20c73a44f677fdb43fd737a5d2340d38a8a361735bbd85d703d3c0dc0369dd2e467bd5c59f77bc46affb667f85128cc33d0aae0680cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
37KB

MD5
69da7fd51c6f3ec332873543ba1a282e

SHA1
b40191557ea4417ef122096e2b030cc65f0d0257

SHA256
300e962413f8345541869a9e3c6c31b14862a504babf1ae4cbfea6f4024ade97

SHA512
b699908bc5a92cbd2c4dca11732e054750a4d03c01256b307e2b1c1a73ef91316b46b4120f3d5e2cbaa012b2d330a30473f021e3f3e2055fc897810816dac913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
28KB

MD5
9cc5b98cab7972442c813266a471104f

SHA1
39e5313b07c6e396d7b7c20e7ede81304aab7f25

SHA256
ee551ec43471d0756315e43fb3bb4703406298d888d5dbf138af5cb14f0686ee

SHA512
8d098e2f1f53a88491353e02b1c145a0a4a4dbd63bfbc0800911c854885c962661a3b48d4cea81cacc1e318f0f709f0768d55d12fa9df96bc8005e553cddfe5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
24KB

MD5
23a836afbf2db424eb00fd06a0d82312

SHA1
57639df09fba7c1dfa02723ee4d64e8e979fb8fa

SHA256
38f2c23a3645bfe9ef28656201e01b35581591ea4206fb8eced93dd1f1916ad1

SHA512
0ec6c75c4510b1518ecfebd07976c3c9eba9b4f97ede39f8b07706301a9bef3895b42858e8824190aa49161fa283b0bd01f2dd25fee90183ee79305ebdff2b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
32KB

MD5
c519f26cfec9e3c175a844ec3b7186fd

SHA1
df6b5b4a7286f7d6e576944bb975b1ca73e1ea4f

SHA256
dc32cb37e8421bbee8369d2c15cfbc7aab2e912d99f45136e4e3e3381f5ff151

SHA512
9248dfd7857446e604406c9ffad348d70d9115d5b8b5b07f6217f2fd92e7620fbfa9557842080f33600fbbea48bc5333e84d0217fc08ba4ee7cb89b980a8e585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
37KB

MD5
713aabf4754676ec94f3efa102761036

SHA1
8d7b260e726a33b1c0f47472f7c4e92c07321bf3

SHA256
02d33af8bb52791cba23ef30c0bfbb79b44b83d615a64ccb61fbde7ed941b0fa

SHA512
743afb3f56ede28afd0dd98357dee19015508ea259d9b634f0943aa77bf8855d9776eb5944b3d33ac386b3053876b57e832c29a4cafce5d7b01c1c52361e6691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
1.1MB

MD5
807a5460d30e16e7c9107c0af06028df

SHA1
986ef5a3abfb597cc7b735ffed674880391ae1e6

SHA256
d8462a27cb76142742323863988263f4b0f1330c1683eca9d70d2eacc057ca65

SHA512
f25c0fbdf4261708fdddbc7cc92ee6dd74362a9912afcc4c6b4992576efbbb68a7d579ef63ac820ffe8f8fc138cbeba6d0f1cb9a340ea82da93e6c15342fb6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
194KB

MD5
1a252a0001bc489f837238c1a2ffb73a

SHA1
6432d6a84c26877887bd0e340ed88aa1461e980b

SHA256
0469ca9acef22053122710d2c2f5b19c24a8d3626a66ae03e2636dd04362d924

SHA512
7f541eb6ab122df5c3dd85e4169c910445db78a6945cf5ba7209f20c9006089c09a79232f4074b41aa8dff7850afbcda459a3cc5bd4e535277b0d18286052fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
101KB

MD5
345b52492ca3775da0299164a7c061d6

SHA1
265779fa639931aea24e00bca103324c42a584b3

SHA256
b36a9a64a563effc57093edec887bc832365733c9795c255a060465954438efd

SHA512
3e0a65cf744746a3066a94d62151ce015a709a4fd53f52190bc7f41eec83783d6a5c04feccaf5d2e97302024a8241a02ac79268e838f999c2ce9be89fb8e024c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
43KB

MD5
6a7c16d68ce213a14105f2d2791a6d47

SHA1
9761ed6979950c100d56a7dca64a0e618cfe43a4

SHA256
75c2fabb64be9902ea7e96b5a1958fe8e3e5951f05e9c09c4d512d637e9a0ee8

SHA512
4444b514084b0f5cb8eb0e738850ba4ecc1b63d91978fda8e832b8a91412b155230769f7f0fab68e909add2571c4190247f13d378b7332bd90408e25eda02f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
170KB

MD5
53f52e05be4af4cdf5074314890ea05c

SHA1
01c4699dc3a1f953f82e7b58c8f1f99323c007e9

SHA256
9bd991b4260abd4a10ca062532165ab969afc90d4c65608d735cdd53aa5c69cc

SHA512
a01c42156d5b0aac486dc897a0289d9081cedb50c2727ebb6c4b0abc090d55e33c3093c982090a55a6c8d571ab66bebc844b6e694b90b8f983ad74159d093b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
16KB

MD5
a0c8a8aab912f0b1ac58e901a6125ec3

SHA1
a494471f1da8faf9559f810ea176ac8e90166474

SHA256
cf3d2d2b4e4dbcdc94fc623cb112e36429721579809486315a687dacb41c5b8c

SHA512
15eb98fc4eef1e0418225cbaca7eab1508514a5e8dd95b96314e9e5122e569550cfc65b2eab6fb8dac6fc8edfd90df4e2826edf53db96ce0d3ceed6653ba8aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
19KB

MD5
35f660fa9ff79a5fec98f722e149bd3a

SHA1
ca12da2f4ade701299a25b22389a2ffc86ec18e7

SHA256
732df9abfc7c09813e56dc1d1f033468a14c5aa37ac6da8b9934c664a5ec6f78

SHA512
b4f7840028308a83dd5b7a4641476d384cad58d1fe18cd44cb57b45dc224e94322244e43e74dcef458855ea29ab967e9fa66bbf983a4c0fca1ef9617c27c31a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8fe78066d15a130723b6c5beb699ffc3

SHA1
4804ab348ad8ef8d3aa72d47d9d7c607cdd7e6f8

SHA256
2889ce120f5bb5752b1420e0e80d2b3519f2f7ee46cd94878781199a61418b61

SHA512
8ed53e0b3056b94e827ea6b942d49b9414cb27b09950811a81501a6fd097301a9cdb74811a590b205e28c39fee807237f19200161f35c06779eef28db15492c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e109.TMP

Filesize
3KB

MD5
3a41dda54f34d1ac1dbeb66b6d1eb09d

SHA1
cceaf05c34efafda2bce3a31ecb2242478d8399c

SHA256
9dc8f4c9e69f62a66d7295ce750560607c4a0b672fa7b96d58a81bcf82d539f0

SHA512
0b48ed0f7ab752052b88098bf1b0ad7b288cca65e010eb6f77cc71ce43b7bb75bba10537bb4e844bfbda412b3a6ec7a8be2e5cf95d5a3ec777ed0a89ff7c3a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
6c777e58cfe6fe4995687590fc6d271e

SHA1
0d759e6eaa2dfc8e1c2307eb2d16c9341be83eec

SHA256
056e13705055128aaf1844be8837d4e19810bab49a76756b78b5f4bb5fc05dee

SHA512
cf236412e42c9eaa1b91c5a439c85c91919326620d9168a6404c05d5caa84b41cc88bf932e360a99856f03322d923a86ab98891e3b74004de188899e3d034784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\_metadata\verified_contents.json

Filesize
2KB

MD5
c7182c4ef7a2cd6a57e48d44bfd4af9b

SHA1
2e1e4746da948d83baf4bcebee618784f8ab209c

SHA256
6f64306515428487987fabde07ddf1646f64ad4e3dc4841e982d40ad91459822

SHA512
d8af16336b66e4f264eda4ea68de4c1763a9c9b99635184d9ece67a9ed69a09bc1088bed254b3d2a8877ba3218e043065d1e4a06c20f18b58d312d93fb84bc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\filelist.txt

Filesize
134B

MD5
3bf6b4eae5af15288bf0d79702f9cb78

SHA1
b8a052dc4973757ae865661ea0300dea1d27f3b6

SHA256
543c0e50c16159439d3dfb3f1151bc64e2f5b60a0e3824c5f93c4c5c14dd945b

SHA512
25e2502ad314635035f303aa1f0f195c28af91d0b51280e5a4c9310aae65aad857073137196f41a9a2fd7ef96e54ce9b329c448d5acf87b10134168ee7652c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\manifest.json

Filesize
658B

MD5
2cf796650e5ad5bfb6c4a421d81734be

SHA1
79298d3cdd584b290d825d6fff4b857012e71992

SHA256
fea905b763b26db02673c6ab14f422b21eff64de59351f0818b501dd4e7f9430

SHA512
1ee7604bd7293d6296cf1368ed0dadaad7359f4d00be75e7730a9704b2205438a06ba7361554437b3e6ef352482011a90500769ff713949716c24355ee742e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\third_party\babylon\LICENSE.md

Filesize
9KB

MD5
e57b8dbca804bf4a2db759fa1a70b3cc

SHA1
8acc131b3698964249b08a0178f7c8c467337048

SHA256
4135d3051e1bfdccf0440f6d8867a6dc1e39587694995479c3e29826e53aff63

SHA512
d2ca91851daeadedcda21ecee4cf7c9244cf21a15709e472014ba6a332a374cba80acd165b2650ce2c3994c7d0156376c22db00fe0c47833e0fca466bcb8c627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\third_party\babylon\babylon.js

Filesize
1.2MB

MD5
e1adfd8f62854c2d9ce65f13268c1ac1

SHA1
d564ea1d59305bbec12995ee43f1c28838e82519

SHA256
b5a426a0769b378e196ab2698c14a326d86ab2443010e16e4ac3cdde06371e6d

SHA512
ffdf74b8bba179c7d5d6d49205b8aebfc7b27395852d05f1ae5de5c23b5dfbd87776f2046fad20b652a7663dacf90da0336a802985bad14ba3591bbfd9ca4caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\third_party\typescript\LICENSE.txt

Filesize
9KB

MD5
f632dfdde0adc0da86f701c6f2df38af

SHA1
5a7612b4d9977a7e79f60e88df556b09a90df828

SHA256
43692cfafa6a5c09136cfa0138b9c78efeb56ee6b9174553dbf704b888771f6a

SHA512
87722a2d675028d18ea276dcf18c24e891a0bad5f85f7387702310976d2fb8e1d0687321b0844b6c47947e6fbb489fe08bd1ffbe9772955ac7191ba4e274c8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh\113.0.1765.0_0\third_party\typescript\typescript.js

Filesize
10.4MB

MD5
d931cf27eb964f239e5bec661810abf5

SHA1
1616508213014fa7cdb50e691cf737169019c6ed

SHA256
986134e07f34257fd85c084441c825d7d8951705a0b8c76b0d7c5499536cc959

SHA512
9c2bae1025c1c9579e5e7ba8119e11bc298bbf968aaaaea94f12b8a96155f63bcdbce60deb1445c484aeef3fcfdf96156fc804c2867726617e7b772440989fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
908e2765bfde18fa4ae5ed9819d82e9a

SHA1
3b4638a062075ed11e96a639807f9146495c0f86

SHA256
803354dd78d720021f7e46e6d7ae3aa41bae2b2d0dffe4beef47107721c191e3

SHA512
31bd51f8524843e0a82dcc5c702625f8920df07af39b0230949af82c4a8517f6d3bbacecd29fb3f0d299a2dc12a2395d98c2b1c769a2c2836f067bc31111166c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
5f3ed751b4217e68ec4121f680bd3ae8

SHA1
6b976573a63cfd2698714090aa5d61671cd89b98

SHA256
1e39383a797c88b24501a36358f11cd4ebada30d6c23b944fe31a56ae60cd600

SHA512
929a2e982b8bef3144cf40cb838c572da01027610cbe8c7e2cd0c2f8b7ed9e154965224d42d0f4218e0f17af8dfc674b8eb10fe1ac35583b3fe92579cbd8134f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
65b15c3f65fb689ea763bcd8f8bceb82

SHA1
f9d585dd82e67097c93e0834fe62d9a6974b6edc

SHA256
6034c993950e1acbfb4be673e337b530ace9c5fd27548d9d76cf276f9f5bee6c

SHA512
f1fa47dc4698152b0a96918e40c7a88c8af9e82d08cd41a772258a61d7a4a75717be93db2a1cdfaac4668dad55d5c5177e7db448acc40fd2d0f7da53c89c711f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7bc934c648c856dd6cd27ffcb585f167

SHA1
7ccdf5b4ece01e6d7731b444341e5ad54ecf039e

SHA256
7d68ccd97e583301cdbc41b6d2fa8a6e15a62e76f959677912bbb7df11023d82

SHA512
03bd2b2b7529ac235e2a53bdaf453ca38b6e16e7041b08dcc4f1bc66aff3bc0649e71d8731d6d1700f5302c7a3619407d6e2ea566a0efa0bb4141e09d67d7b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
3394a9302babbd234e6cdf923433f96d

SHA1
87d9a0be4c1a59fcb3c924bdd93fac45b12f3dbc

SHA256
9643645da4cc8a68d59a75650610cd011f37fca802afcebebb7a047bd1a6491e

SHA512
b46cc4545bc6c8b15ce8b720cd45e042361f71f93db1ab99c0ca2d65fbe6e7a10e698fa092f6e9bdfa5a789cde9caeff729859ee95da9137afa64cf3db2d09b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
f40bfb9197b9d1128f21d230e49e969e

SHA1
e6b57e051a3e207abd79e1adecc1424985304a66

SHA256
01ae60d722c8eaf03d79c3ad23c375c947f75b5195c6aaa13caa5e6fb410c771

SHA512
f5b9f24f1565cbf3329607b9fd18a7ecf7ef73f406f0b9f2f023be076368578d207530e227318d720af60448b2adff6f3ef89e1e068a4e605678c622527d6530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
936e2148cba5a55776e5ce174103136f

SHA1
9a2c9b963dcf86cd9ad3d8203e144c83bde18635

SHA256
98a0c05306ab17f2bf0d3d6f2271a7d9c24659e1c490bbd99caad6bf88fa7b4d

SHA512
1de03c6e2dfd283d6a193af96dc1e04694788c886c3a424369ba53e0c8f179d4dd2fe0c1f5c259d5506413425d383b035457bdd7b7ae50c3577ab2a4ef398e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
dd678dc5ccddb742d930a098a77c468c

SHA1
09c4ca1505338b37c2196cf01b270a40b971a359

SHA256
19601dfc9aba4bc0064b381a84941c1f78eced32f748255806e1bbf354551a2c

SHA512
6055dc86e38e02e218fb483169e6346ef671ff3bfe325bd29e86a5e149e05669f79a05b719325378eb344a0a8ca4e392c9d51022643634e3857fd6aec38d76a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
ef1abb947fb97180508c0c0c6ceb25e3

SHA1
73365e2f4f065f1e4b4ef6e73dfe61dbaabdf21c

SHA256
daa0d21a4202722ce2c842fc12336c30e10c8879e1d99e3335858ccbfe83f0a3

SHA512
96d0eff3d8508a93b9b9e8d248f79959d80eb0724989c6bcead450bbbda7e5fdfa0cf98e265af888fe49a353a1c05e4dc91bb92643c540db992f234a4d37af1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
4e017cfd942eeb83bb70b86fb895a7ba

SHA1
ff526fa2c666dc6e3f119c76672079e076ad079d

SHA256
08732c50f8bc1f81d09951b53f0f7ef253fc7d719974a916e6c5ef56b80ea290

SHA512
0aa68e4db06e6198c8e14175bd2b2e20b0174ccbf7cacbcedf9a30bf481526f960f35c4ecc8a48c49528c491626255f28e15b214bf38a46ce257b8c6975045ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
959d3ccc89d2e5e6cb85b8d2030b3a40

SHA1
663949fffb73629638ed40123e527d06b3e5afc8

SHA256
865824639894ded100b002546f58e512dc4d1e0f11b44a1ed8e358b95ccadd97

SHA512
44c54a89ecf878c511445a160b13cb02af28a1312bb12b25bcb1043b240410f0ce4561f5133e721fa4a4b78199d4968d273cae2caca8965e308a90281cf37103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
e6a234277b546b19d2e82986a24d342b

SHA1
0f911fc15dd5b256d6ab825d5c54ed5b0f7cb1d0

SHA256
43bfd8165e580ee1b1410976f7442f039a2d57e1610ec88e5fc2a922a66cb971

SHA512
54f356bfcb366488d732d42ba905c2187a99024782e62876eeb98733191153e9426526c42f4ae4e547f5833bcc31cd7d3891834f9d996d9a3ca8cac040a2072b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
262ce7b89745762b16bf9ef39d4ae3b8

SHA1
873fcd32d6b7fe0fc51227181dfb9038ac0595fe

SHA256
225ea01a16be9c819f43c07172ff6b6c5ed21985e6bfe1f8b2bd7a8c9230f80f

SHA512
d9012f233bfbc371f477544873383015e34092774b518205a4797d486102ca1dcbf36687b67c3402921f9ec7a6918b41b306e383f8a558ae89c0d75197aa7272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
8d2afa729d45a4ed9cef1b964cae2e02

SHA1
f064af0ede5be79e9ca813eadfae79000c266f87

SHA256
b35ca2607337ec095f840434da2aa087b5cf3631f7e47c972f9710cf65e57c74

SHA512
73dabb418031dafabec4fd46dc6a1bd0a28405d3c06c25535d6b9cd390aafa960547a864880dbc3e83061601fdc50d2690fec0fde4a6908a66980ffd97d3e513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync App Settings\kfbdpdaobnofkbopebjglnaadopfikhh\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7a4461ffcfe8ca76e43f60bf94ebf042

SHA1
0d26f14ab96977c1d9c8086e8fa723d82138d89d

SHA256
66feba3fc888af9a619b38cfd3da99c9f9de8b2ca2799c58cfc951e3dca96421

SHA512
d647fa94b6053dfc197c58d2e89f0e6dcc9c6d4056aea7eccb854f34108e147b1bd00f324e88ab89595ddd9990a77d8a36058713c738c31a148efd35d766839e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
7104e7479e4c70815d4849674551f799

SHA1
78576f796a71394f4f20edb72fae6b746228ef57

SHA256
354a7703a2a6a40f00f1e4df804e1016131e5106f07c5e192fc837924e077ebf

SHA512
b027007da3afef2737d05bc77f0703de473c731d44c9a27f8425f00acebbbe401b88fbec7685415d1cc3ef90152180b8fcf2ef4556b3cdae5c907d9ecfcf4bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Extension Settings\kfbdpdaobnofkbopebjglnaadopfikhh\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
f9a9f15bc7ab844d84b8d482fe1ff97c

SHA1
35b43b0c1725ff2d88a34094cd03d8af5e7ccab8

SHA256
6c1b5ef6b5783c3e7e4bfd2dcdae000b3cc03161cacc5e657ec35daae38cb304

SHA512
b3f7c349b464c6f9fca0135ac1e19443c02985681adc542233ffac030e168cd806ac9f5bb082392524ed44b01123b4b1c63b9ac46765926565f32e6688ae8daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
8d137a55f35176747cfa1c1179334e0f

SHA1
94c09e429f8ed045eb80d89e948405310edc0ed1

SHA256
60bf1d97819526840905d261db8cbb719eff542820932698e3506081b3d63c81

SHA512
4badbc4900b8de667a76e127b2cd125891434817d624913ea1c3f7182f4aca19cae11dc9f28faacc509c07a0c67fac2a550500dfc63bdd9d590a38daec3c350e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585148.TMP

Filesize
467B

MD5
3ddce4c44094395fbf3617f5fe497975

SHA1
eee3431a80fa7e3c92d6a30d48f8f9ee463fa8e9

SHA256
48c1893764349de7d0a909bfee067491e31f34e8818d90bee1ee31bf3b5e396b

SHA512
4f66c220b456a05aca68a5d1b55eac5aa17c7c97bc169edeb25f1a576572cc5af661b257020052c26d0f275eb3ca2364f768690d7a42100d4c031a65c556923e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
4ffe84249fde3c3eae2df64c7054c8c2

SHA1
75a2451affe0d1d5e1b16a52929dd83a006e9eda

SHA256
e57d2ec9f10de4b92eb476ae08c40f9d082a68da68092306fc19e009091c1ee5

SHA512
53c13a281374ab0f6a77e632165554186da63d4d1c1cc2b1a0bf493fe9e06f97715f1b3403bb856a3a6a9a272c836b03109a196d437696a71167124d3322c708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe585436.TMP

Filesize
3KB

MD5
47430e0e9ad4838b6b88191b7966810f

SHA1
8933b4ce19e396751f93687305d3d378c48e2e0f

SHA256
98c1f419b9efe0d2a9f4350442d90916bd07593d9ecde4706030d1502cfb90d2

SHA512
e3a4e44240a11ce2173acfe66f6b52bdae8fc9c97dfdca441700ab47b5c73a46b71405da95a2cc08c34507fddf4349923c33da57da244e45b5019b9898e6b65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a22a65e025dc63dcd9da3b953b1ddc18

SHA1
896e6daf0dd7ac76d63c49cea6408a7c53ae08c1

SHA256
eb6de15d40da5fa2beb0c3c355852ad0d1801228ab6d608455f6fe6c688a3628

SHA512
2ee66012eeabbb7f1a6222017e31faa9bc949254b045799bbee3d538f0925394599130d768e7232e05de61c1742b953e7f3b39db0f82eab58dcbe0e2dd82a835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
2dc50717e03bc2759c2c4515f279ee89

SHA1
b12ff99231f50072e370f7377c8312e1e860813f

SHA256
077efcdcc62c50f6ca40fbd097569eab2f41cce397398fbc1ba2a0c087edb0bb

SHA512
cb1ad7820df20cbabf7521a1112e0382dd7fc823e3568e3c10f87c0c2947cef436a643bd5c0a2a0a7b8db33c781cfb27470a21a683f5af3b38d878cd7051d804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
55f24ebb61ed21631f947608b2d17c24

SHA1
5093c68283cb2fa5243561e48592c2cbb5492eff

SHA256
f961340570ed5c3c5c11544661d5dff09fb69dd19f5de5e2a05d1b6e76157a05

SHA512
bcdb90edc6409371557454399b0cc47a6addebb3e723b33185f942ed05656fadcb6bb7211761ec1caa9fbf8400d61e1b8b46ae22095e20a2a960543f92eff5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
47b33f151bd95d59da4b293002fdd16b

SHA1
83c0a7588a2fcf43caf5f2b74f79fb6ed3c7e4aa

SHA256
ebe5db5fef43ca7d4c6186c0411f006020dbab8e0caa2bf3e2c9bace07920d1b

SHA512
2b41ba3ee51adc2ed8b7a2c4a25e7dc1f1c8446892baaf8ad49841546401f919bd257e9afde4f364a19b5d2774db0ea6882cb1a1165c14287acac1ff9a6c816b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
1890c83a4bbf22ec4f703c6cf05970d3

SHA1
dc79d464a4a411d5f233644b4cbcc97ad33f674f

SHA256
f7fec86541dc8bb895bc1d550221059b6130935c611548d797bc9bb394414cd3

SHA512
fe49fb97912604c9cbcbbceab61158f61631c61ce9a9667de0c5f83970d3a8720958406c10588e6607c87826602f9cc7cfbb6661db96f96e1a08c45f393ce09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
587d1b74d985c718512927b4fef70160

SHA1
4295d9a6d3afd014227114e137c47a7ab83c17be

SHA256
7cc5bcbff4721ecbd05ee6a96e2d8a89b3b0f9904adda31ddb433d049420272f

SHA512
c799ea9d97285da26d23d0017b9c69b1475430127a2a59996c33c1c9aa94745d64060b7901a6dccb837f4c474abe368e30676877098f53798fc14956e6f93cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
82e87e1eff80f882d77266acf256835d

SHA1
44959d2965647ed52396614cd7078abf6b204055

SHA256
feb2e6a9c61b07b126731f81c7621f0c22dbb00ac4e8155cc1f8a1e4e158baaf

SHA512
ad1282ff6708327ec83f8412a30d64c251c989f508e6c7d7f63749093a8dc0c79912e0a9758a792c3fe7723438d771aedc2d411f2bb8bbf763e07ebd68afb65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
73b29e316ce91330d108d476aa9ebce6

SHA1
42e8ee408cde4b8f21308e4be96688fecbb64e94

SHA256
f6123f4ed6e680c7c4da3db35e1cfb861da281e2f5012cf0ba760532bd2e7fef

SHA512
6d70789b510d7ae09b80ef25d816c3634aa70afd1b83a1eea41a3b73eb0a061a55703271e7254009490303570f0c329d298c244418ad06770147fb5aefceab48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2ba3d6e04c2df44d8d41ece081c38b22

SHA1
1b825ea9feaa4212f22b0920e32fdbd5b785fe5b

SHA256
13221aee0a1b7678322bef8b47d9cdc43751561ae7c9cba63ff06a1db15e8708

SHA512
2b87d03d44c05357e642b81de824bca1b9994b9b255cc5b97c6ebeecb02f9af3a9f0acaa51bd8fd17862787aea584c97db7f247161d47ba39a25fe98546973fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3545b3c5-537c-4f4c-a078-0f806f465555.tmp

Filesize
2.1MB

MD5
4cd67032e35fa92f5182df10df289906

SHA1
9210bfc66bd808ffcd7c6443e160dc8d6754c416

SHA256
efdad7555293ec2d14399c2c2fc9d07228de1f6e3746b27da621b76fe5ceea07

SHA512
f3d83f6e77e4568d2dae539c95acf0a886926a001b4d80f0ea602387530fc333f688ac031b3057e1c2b0375426cf47ae33315f7da9ffaec601102be0bb7221cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\52ed49ae-fe0a-47ea-9083-ab26030be84f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\5ba8775a-bd98-4f71-8e94-6928c468e605.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3152_1662344270\daf8823d-73fc-47a9-a2e4-53399f2963b4.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads