hxxps://shorturl[.]asia/nUSf4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.asia/nUSf4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5324	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-DE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1280872627\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1569365513\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1778871942\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1778871942\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1628867559\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Filtering Rules-AA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1569365513\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-ZH	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1280872627\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1628867559\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-IT	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1280872627\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866254377559460"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{092687AA-F33F-4B5B-B751-CAF2919272CC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5324 wrote to memory of 2840	5324	msedge.exe	85
PID 5324 wrote to memory of 2840	5324	msedge.exe	85
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5640	5324	msedge.exe	87
PID 5324 wrote to memory of 5640	5324	msedge.exe	87
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5352	5324	msedge.exe	86
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90
PID 5324 wrote to memory of 5488	5324	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shorturl.asia/nUSf4
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffeeeeef208,0x7ffeeeeef214,0x7ffeeeeef220
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1848,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4688,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5144,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3604,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5148,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6580,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5276,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6852,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6756,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7100,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7692,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7588,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6840,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=7608 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,5668493312625638956,4795192148137542563,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1029083255\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1280872627\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1280872627\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1569365513\manifest.json

Filesize
118B

MD5
ffa5fcfeb00002903f6cf667e9fe6a3c

SHA1
ad765ea344c8cfd95a591da8259fe412e52d13b0

SHA256
dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217

SHA512
8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1628867559\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1778871942\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1889290249\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3cf2f362b7c5da9e2b1338ec2f0307b1

SHA1
42e97c0015e9b6caaf4520f1368c68e41aa31f24

SHA256
f3905d8b9fdda8832f2bcd4046d0619a35ca8d144b123e435aadc4b9cfb09002

SHA512
0a35d0dc45bc80ca71e95394397f2e3cf06532ad0e954b1cf6ddbfdcd445aabe658573f6faa115a503c5fbd8fe4147e0c21a4f560aa64789d8316b7bdef21724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
bf6b6b18a91f5ccfb3f59c72e85eeca4

SHA1
51ae4f3ab9cc22c88668b8dadc5ad0dccbcbcdec

SHA256
797bf2f253a70435c74b1df3ec77b8116fb720dc315e64a6ddffbdbb5c660228

SHA512
be5e3989060a0d2cd08a8cbdc78e8318c8f6216c286381511dea6255c09e626396b898385a0b380b2f1bbdb6486856c87d7d0c8144ca302ec18c19c6d95d49d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b69e.TMP

Filesize
3KB

MD5
72d508ec8fb202e96b5049394313696e

SHA1
e8bae7d6460bb7ca9c7be6200c82b144b7db53cd

SHA256
cccbaa05b830680440c10b0e9f259ff5ddc914cc624fdae7075bc8dc8b7877a0

SHA512
c999639ddfafa5b0058d8d0efb4e865d7410c660152f16f5db858e00f9bb01ec03d49ed0233bc348bb423c077e4425dded6bdf7e42734838d53ec91bc6a49c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
cbd1842fe27c3c1a0b70464651ee5d9a

SHA1
05df9f0cd8cc623193c36e2e7554729f2265c8d7

SHA256
9beaf67fb787dc30a3d3b6f601969f43fd2e3cffcb6916657def404a093bc23a

SHA512
2ef5ee924e83fdd482d31ceb1a6e59d3fd08a13466d351b210e1193109f2b5e6cce40133bbb3075d677f28614829e950db3ca1cbc19d6594f622e4ec97c97c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
f8cf5447a8f9ff2edf6279349aab6ba8

SHA1
b95bf83489cfe999790d371f9948451287f1ce0e

SHA256
c91c4f59b7984b14003690551db90e721fed79cb9df292064f1f3a3507b43675

SHA512
186ad2c41ce44787b21e3529d2f6a1c32ba9feab7d7fda435b4137b7be90c63779f4378c46f65ebe288db393096b0f2c3e08e751b145dee67e1436d00bd70b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
01f3235863cb3f601cc3bae618fbe8cc

SHA1
8da8ff8e115eb1b5ef0571f9760e1bcebb8cdde1

SHA256
a0db2917f2f62fe4459a44251ffb0225f918e51bc90e6b58aa73aa8fb6618e47

SHA512
15c469b835c658569a0a89d83c6daf43501e6e85e4f0cc531f6fe299dc5145782be388f1633d49e2306686c2a05af430d40ceada9928243ff5ad5f3d207659a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
45748c4a0ce0172e3a47fbf10239ef8e

SHA1
a665e825259622692f9d8e0c3f50fdc9baea68cf

SHA256
a5e3a650986970579e10fd861a187479e7151746e96500bd9a6518bf29fe1e7a

SHA512
4e49d2599a87d164c9a764c5d1786df0b2e07fe751f575aeb583d699a74decf684b036289e1628ff48c6ae0a87672d76b8d035e877e5cb6442fff0ff79110c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
73780e540d27e9f30c947aaaccaf333a

SHA1
6ead085aa9b5f605237425105e795cadc9bbd568

SHA256
b019e5dca16b403aee9860563d5a758bbe48570231af4322e1b20afa6cdd1ed4

SHA512
5163f02059898e5b57cf02744cb9d7caf3ce3188ea80833d4a105670c60be03ef8346543a82b0d4cc32e788923208ddda622e33abecaa2c1be1c54641c7f7651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
35b71b9f2751d2cda865b1f335b1bc66

SHA1
a2d72c6cf3f209bb8dddbf5e1f5e3e61d5c166f7

SHA256
f2508087c5962899ade6e33a15086bb81ad659ff0a630d1315d8f1b5762f0479

SHA512
3b1dfb354b30f7052bd54903bd188e68323555e760a86646c8f6648da203e0393d7dabf9c5e22f22d63d4d3ae03a3e3ee06b2fd0019475a1f9efd4d73d88118b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c97cf85807a5f01e50953718e918a486

SHA1
7cf240097d06eb4e2331ccee1136793387cf4a63

SHA256
15243a8ff1b1d69ef9dd88e6598f7a46ae7b5648d412acdde9a6372066d24a82

SHA512
59b038b17dbb1b434af5b061abcb423e816a380bd3eb2655f2e99b51dde3030c78980444cc40d27c978d2961ba5cd6f3aabcbeaf2960061d608b3695387c6c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
5d6421cbccf2dcd9db5ad294389179c8

SHA1
2dd8c0365373ebff668e2d66115af21fb4109bbe

SHA256
f0b39fee58cf7ae0d3e95306d706a6ceb67977431ae99c43d63f982662ff48d9

SHA512
c334cd82d476d6852e71ee7ca52e9079224c4c158672cc3283ac73e0cb71c64b0d609eaca3352183741bfbbdb66d6dd2fb1dcee1a457997f95008f2ca4f443d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe592dfc.TMP

Filesize
2KB

MD5
b800f65a92db035436106687a858f944

SHA1
8799166793ed9503adc52d4c50c59e8403cb57dd

SHA256
87012555b7cc9d05b0a06dcae1fa910154e2c53d0d2edc5ba54c81bbab6f9e38

SHA512
fbc37521ba6e54edbe1132b460fd6e3a58888162610a07baf2870268f77b843cb022b0c85f071eae33937c90731254151e835b05ad587f038f98bb58117437ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ba11b39c-b4ef-40e3-afd4-91e5a8a614df\index-dir\the-real-index

Filesize
96B

MD5
7ee2af1d39a23c879a164e1805b68689

SHA1
e24377bb240d1ae7772f21234dff8f62205198a6

SHA256
8c53b6e49b4dea6615416a14cd8b30beb0955b0cd8e4a8d1ec249d47dccf40d1

SHA512
ff1c1f123639cae764bfd6962916c30fe2cfb12a400131d51cf96bbca1a5fc26314c8a9362a42b0005c5ba2aabff818cb7c12195811df4935ff8a18f4fe4ed2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ba11b39c-b4ef-40e3-afd4-91e5a8a614df\index-dir\the-real-index~RFe593261.TMP

Filesize
48B

MD5
6c3a7c1b0cc18ca2ec7881e2a4d218dd

SHA1
67d3486d44d492924e10dbc270d29a063ca51877

SHA256
0e4b329400c55b68045477994cf0804d384ec8dddc1d43a0317a36ed770eea8b

SHA512
b29a1259523fe13562acb2584d1af9d1ca688eab3e7c897e0a3f4bad736e32cce7d343a5254af11a94425300717bf884ab6b149bda10ec4bfa773a4f0b96f0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\170ce29fd1bcbf73_0

Filesize
57KB

MD5
5686f0ab5554fcea208f843d92650a81

SHA1
66b77094b1731e22cbe25f0790672059320c729d

SHA256
09933f6d09b3191d3e94610ad888a709fa40a31581bb55672130f83f85ccbc32

SHA512
bb9d83efb60d27e4eca6c59b24711f2c2bc697b76f29866191571dc2c2d692eea133bcc5612f3a0eb01ac0543f5414cc396a86f7e160df6822f798ba93f5e00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
ee542297068c653795cfc92eeb535e9b

SHA1
7ee463ac7abfe2a43c0d1d4a8eff15eed2cfd803

SHA256
d52516af147509d51d3bf4a5ee31adcd81f01f9774ee79873932a74e99126508

SHA512
fc2c03d5469ba7212ea277e413f7d0de6efbdadd2698d1c7b2e1a7d2cd275e90842ff0e69fc97f45113312c5008a84dde75f358219186f53cb23f13a3940c46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
330489f8db621e3f0a8d81a55129e00b

SHA1
5503254a0e9af5a8d2e22a8c447d6474d6678f11

SHA256
d09f6008de4ddb89980d7727b29d442181363cc8b6cfabd4f7f21f9ed99f315a

SHA512
590c10712cddb7ecad37ae166f277795863a6235b796d0fe155b4e735a3c1417a83622a739e4604af56c4cf23087d92618f6c1bb573d1c8d447b79bfa63514df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
3e89884ad4714fe0e2edca68c2c7779f

SHA1
929c65b2653c49abb57d82d48cdd2285a475c025

SHA256
46895c9a59f7e0169fbd17d76d79b83a6e50c587877a2c9082b70ecd8e5205ac

SHA512
fd867a67bfbe28e4979659dea0f3c8feaf567e3683016e05904c4e937adabd06c6df6fd1a6bfa7e7cebda46b72d90a33b92c8ee0c0e566833ca4d9dead3e2078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ed96e82891f59c6c44ee0c94fe6c10ee

SHA1
7c45e0e4ed0a892dc364801e9342030c3ba5b24b

SHA256
3347b88374f68ab5089570372243d5618f110f459bd2d04af64995379c1fe0fe

SHA512
89862b236de06a36cf72f0238cd4c0bed4defc6cdfc7b1d516b2244802df64eae93262775344808543109f7963baad20b22afebd304b7e27ac8855cf6cde249b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
59774d21b80942e33a2e7ace1c277608

SHA1
4974e753e38cb9ea99294f08c4c8a61a58152b7a

SHA256
39f15157e966feb89a5c47aee5cea342842a12a50f4e7858c8d75d1d81f2ca6f

SHA512
19dd4a69263202e33bb5352ca0990bc36d43f2bfb50a214f038284d9534aa1dfbc3103db63ede36a34ad70e92a30a40c24ae8a20e2eb007a8c12ae57967a5dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57af89.TMP

Filesize
72B

MD5
066d65244ebe868212595bd320bcc5e0

SHA1
cbc23a45057e6ff0c2a6c8623f2b232fff9543cf

SHA256
663d82b351a01a88a627f3c2729102c66ba7dcc9c6c6047b594c173fd4981d50

SHA512
79e5eab01e83d54224a5ff77610ea603cc0452ed8187ab88b5788ff98f44be0bdabec78cce228759f23bafe2c5808f43b41480ac1b03faa7745cecfb735c168b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
27bd1402e627457908fd23f2a9cee865

SHA1
cf728b2db9dacbffa7fd9de4dc869d7a2d89f7f7

SHA256
e80f1107743c45a0e433f5df39bc954d9ae2b0a4bbf545b763d2c88b78948bc3

SHA512
7dfd990bc5867df9422febc50bc592c5327cb2372d2996d9d8764f95a530a7198d3646afdac965db695237024fb691fda87c901a5ffdbae473bda59c6e336685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
9820ecf97f29faa71d860b7ce1696109

SHA1
d6ca4630fa42715781c80a2d1d8f72fcada0cf50

SHA256
0c1dfd67e7e716d82afd62dbf7981a3fd6a1a285cd67fbce083ec990055d7a16

SHA512
0d1bb335d4158d46f43f2f07dd63ec9b56ba633a6c73da3ac9da1ae0e573e8183730db1cac104674b085f72e9e189ae42931e01b7b15de41e9e751a0e42916a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
460b8afcf517d43d2860b3fec39c476b

SHA1
d98e6501a7b67b0027f13e96643ef517194d5bf9

SHA256
80edea1abfd23ac644dda1fd1cb9c08f4e03acceceee4b9cb8633669a3d79601

SHA512
c9fef41807a3f512624f464ad87d86320b96095025c36268d87de4cb138429c0d67c1555701d95a73c7c53eb81e4d6ba83a7e1c15ba70497d05ba3bca564def8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
cb2fe49e86951da6e5a7d6573f8d2a3a

SHA1
8b714aa536703abe44049022a144e7463a418093

SHA256
ba9936cfe7f06063474ca4a6ff3f9793132f6186957cbc6fb70a6f0960f1529c

SHA512
0c3e470ddd6b3402a32427429e87467953d9f1286fb03b7dbfbe9c42a60e9540c55af050c77c10c9c8ed20a412fdb91dc758518263c5956413a53f9528184921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
55d857141f5c9ee57564c0f1d77a43ba

SHA1
5adb1bce21996c7330c67e7395851aa3839d87aa

SHA256
fb551fe51d84578e4630f68b827b06b83904e3f10d390c0de04f51bc1ec51f3f

SHA512
ff4b4ebbd27288a0cb8d6709035d367441e22749da67ef31829036e8f38bfb4e5737efccf90c6bbea4e4a7854834683ba8b5425973f05f640748651003208435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
30e70f1eede29085ca24acf8eb51129f

SHA1
336657e8cdc0bdbb4ec86b5a92e53e1837ac0c82

SHA256
39a40865522752cca158b0ec6b323457d2a24a7b1a5fc93b6cbbaf54d02dacf5

SHA512
c0b70ff0e6d9b597b2dc9d18e22317058a0bd7db52e2d38438edd8a949ef09f6771a4ed2ca63e53f2d53d4334ad2414813ff7bb4a772c90208e80cc8d6ca1137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4e5a23dabb4d901dea8cfa8b7fbc1568

SHA1
856bad598b442a99394a4b4bba8be0b667daa16c

SHA256
013ed1b43f4c17d22ea21707656b8138ef966ce150e391ed3512e2340d9bb19c

SHA512
010d642d5db0045cdac26225f6baba39d2bc00d37ee8808046fea5e820ba1990810f97aef147161ddbf2d47005f8255c0a5908992171b536d73d8e6bd5fdd160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe587edf.TMP

Filesize
392B

MD5
f448654abf3e2cc794bbba2996f8d574

SHA1
f35438a2650631981bc4bae7c0e9275f48ab776a

SHA256
a9056b9874510d9da132d86135d37547bf0ed5adbef1de964071b7354a06e410

SHA512
b4bb68d3041280b97d9ead5a885935a7a4246e39d0b48dc306f60b541b9e4cb4f1bf05359870288723288df9f245fb82c4fc6567aac96bd58dea9ca6ea52ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

Filesize
631KB

MD5
c3ec8bf0a625c2583833a3340825f1cb

SHA1
582054710a312897117128ed59ddadc983525eb6

SHA256
7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f

SHA512
175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ca6c4174-d9c3-4092-990e-485b9babfd18.tmp

Filesize
54KB

MD5
64c3153d2c495bbfbc79912bfe1be1c7

SHA1
b06d28a80cfea284b40ed759121b350c23fe672a

SHA256
25acfc27241a3ae4e5d23f5ae0371bc96ec18c5c9b0618c11a40f77aa9fcfdeb

SHA512
1e073a9bc1d75fc0c61ea14b6f57672294f47a829ad8de06e908989da2fe1349ab8f273451d089d1f7429091ac08f0ab50dfaa800e9470a86885d08b9b7b2dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
53413b0478c1b04a3022954c2acffdb0

SHA1
22f47793dbec197c93797701cff9e8ae7e5977bf

SHA256
f30adb581cfa2cbe60f80d312a9afafa61d3d19b52cf6653fb0c4b7daf0979b0

SHA512
9e8357b172d31035d26ae5fec953a3fcfbb14ef6bc37ce9b97ad06a830cfff2820b5eec02fe5dc958e8b9fee319d7e19f8234111ba5e8dc5ec9f882f24e5b957

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit