hxxps://gianreyes[.]com/

Analysis

max time kernel
870s
max time network
740s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
16/03/2025, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gianreyes.com/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_965126155\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_965126155\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification\fi\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\wallet-webui-560.da6c8914bf5007e1044c.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1890453521\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_965126155\typosquatting_list.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_2075634486\shoppingfre.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-tokenized-card\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\wallet\wallet-checkout\merchant-site-info.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-hub\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\load-hub-i18n.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\wallet-webui-792.b1180305c186d50631a2.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\Wallet-BuyNow\wallet-buynow.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-mobile-hub\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-mobile-hub\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\wallet\wallet-checkout-eligible-sites.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\vendor.bundle.js.LICENSE.txt	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\fi\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-hub\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-mobile-hub\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-tokenized-card\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\wallet.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\bnpl_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\wallet\wallet-pre-stable.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1583078327\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_2075634486\edge_tracking_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification-shared\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\pl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-hub\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-mobile-hub\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-tokenized-card\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\Mini-Wallet\mini-wallet.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_2075634486\product_page.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\bnpl\bnpl.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\edge_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\wallet\wallet-checkout\checkoutdata.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\buynow_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-ec\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-shared-components\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\wallet-crypto.html	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866305581597873"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{D369E70C-762D-4F42-8119-35C1D581595A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 5804	2364	msedge.exe	79
PID 2364 wrote to memory of 5804	2364	msedge.exe	79
PID 2364 wrote to memory of 784	2364	msedge.exe	80
PID 2364 wrote to memory of 784	2364	msedge.exe	80
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 3060	2364	msedge.exe	81
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82
PID 2364 wrote to memory of 5200	2364	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gianreyes.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ffb2a8df208,0x7ffb2a8df214,0x7ffb2a8df220
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:11
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1992,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:13
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4676,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:14
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:14
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:14
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:14
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:14
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:14
  2⤵
  PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1104
    3⤵
    PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:14
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:14
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:14
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:14
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:14
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:14
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:14
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:14
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6300,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:14
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:14
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1028,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:14
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,10540195499681601756,10632861918264644670,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:14
  2⤵
  PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
509e630f2aea0919b6158790ecedff06

SHA1
ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

SHA256
067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

SHA512
1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
3b79c0eab11f207c8b5947baa5b0f1bc

SHA1
af4b2b57db57f92466ec595687d081ee2f0033cb

SHA256
b1df217d9380d53f30b86ff635db64bd423df34e074dbd67bce060a2b66741b1

SHA512
dd95fc289fab656eafab26702ba4fcd2c3a868e72bc96842d203ecca0204b5f7984ea7dabc8d54c500d972a4acfba45ed7bf08c613f320e9b98ff3c374e60451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
25f1d4de08abb08990cfd96db23f6b82

SHA1
a82cb21af0de4de1b2c5c16c837a0d522bf4610f

SHA256
2cdde397164a756405b3ce7fee07d9952c49400d7ec6b0990b9d0b92806f2c84

SHA512
d2acb9893a1271fc40a61cc760276612a3d50ce6742d3265c56226264ae05d70b85fbc85565d8e0dd0637b65b82c338260cd68285b7fbe24d13e37f7b2fe9315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
be2d0bc87402b571ceb759669dc3d7e0

SHA1
b47741429019b22c89ce44d7934758972130e60e

SHA256
6d20d3e3cb69a00bb18c438d5aa0422c4e1cb49aa00bef9a94f7d529740089d3

SHA512
55565c16ea26d3e25074ef796b2921a16ad83bbea6168b2d7d6afa5a2ee83c11175c0e7d2b955c66496727f91971ab5f92e221afe9f0d209fd5d2d0d8af4108a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
763c4b248c5f9c58bce2f0ee3752c7fc

SHA1
449d5ecc8846962f3c95787d11fac10a0df06e31

SHA256
a0987cfe64664dd61ca7df08375b2886df54491ad788c73d66a0615563e585f1

SHA512
e7a12972361e19d3246c9a854b7cf2a7ca01ebd3eb0c7104fb5b4fc13d59443370aa8793a320817ece10258533c7a25baa13ca1146634e7b3a57d751839a28af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cab46990e7a9961465465053b5109c9e

SHA1
746e1947eaa04bbee0f20b4a05704b53634a48e7

SHA256
25e0549b3825820018165cac521cedc0559036629f45bbc544c09bf805741a6e

SHA512
6d6ebc88576936338f7864c592e367abf442e6618e3428ee7cc03ddee990330a81b0204268779ede07af2ac0473028d9ef7fc8edfea25e4b8ad0271c03a8cc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
19aa362b547926086be9631bdb7f159b

SHA1
ae95b777c0ad1b848f48a1593bf97a7ce80a85d4

SHA256
86d37d2eca64b7f464dd2aef98a001930c6ea46ad98a9f0b39ed449fe800f8c8

SHA512
203f3adfbbe9cf2cceee0e2dcc04abf8b1588d3969fe0cc6b8719334ccd7d4bbe92b9c6089323f734255bdc77590c7b4cbb2d70d0e1af11b2e95bc397dd4535b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8dcad67c58c2cbe33d789d42f1da5729

SHA1
916da162b66fcf00ee3f885838be789f1f73bc3a

SHA256
4b8f3cb20b1e7d27d10ac3cf5f7d4d8b33d24200d30e0735df48bbde9dd9f45d

SHA512
d763283fd2714d1afb913e55b9a6c33020fd44a8121581acaaae2e7c0c7f5173c658f0f63617f0b01e4e5e7f0b3e1d174dc680d6253eee867dc369039d75537a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0c733ffdb835e1b1bd22f66bb16e8580

SHA1
757b2c457ac07b7a69ffff31d40cf434b0545f84

SHA256
931b4dd2d5d35a57bca943b1bdb0188483cc3fe371b4ba17700e2f18e483300e

SHA512
ab3eebf923349b7d26a16cc25fdd4900fb9b6ce1248852ce39b6260f8541ba57cd15258795e90db5a41aa232785aa8a5b8cbf8dd072c2d98aa14b6e99a6f0a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
8b56ff75988e41b09865c45c00f47abd

SHA1
c80159dfa1afafa1b6c8e1d2bded8316732c4465

SHA256
7f2c884841054c0cffb03a05cd0f828008b7c758a84238ed2f192f34da56b068

SHA512
825a85251b23332e5de03a46561eb54ebb1b735ff12b7f45060bfa9293c0d3f7168bedb1a8fb5eb2fa0a091e7c0b7696f5bc4fc8d01827635ac6f163015f6d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index

Filesize
1KB

MD5
8e170c84ebd030256c3874201cc40b90

SHA1
945f8f29e8febced6c57c29aafb5b76c8165f364

SHA256
a44cba1366a9dcf604384dba59c5bc856db6d1f8aa1e0dd1048a6c9ce3b4d8fc

SHA512
639a679825f7a8328fb1a1048d48e9bd40e94da47a0b82c5ae4e1253b79b0a4d08abc618946a399912884742ce82aee3fba3b50bdc1c3c62e0bf1823585cc7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index~RFe5bfc5e.TMP

Filesize
1KB

MD5
36dbf56c7994c882c6d9b0e4a74fa1a2

SHA1
837202d0f7f7264eb7037811e2dd63ffcf1df94a

SHA256
a225f1b95e1cfb3161408137fd5e42348b7ac58631ccddbb6ccfc572874ee4fa

SHA512
c1abb9116f63ed571bbe3c77726d80948842314174acee575b0ef61928292d1e074b622278bcf9651696c857973181ce5dba4e152973f374a432266081e329ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
23ab878843b0097f5f274e11fc6d4b21

SHA1
87eac54b6d262421835df954304fcf71ea168714

SHA256
7a97f63516dc7ff97eb981cffb63287809b103e668e5f9c36c990c9f3c0f5656

SHA512
e56007e3dbb31ffdda2c50ccf8fd4ec6df188d5ceff1075a71593cf60c638595ddc2c19b3b00c6db4481341a2155c8c7504214bd471464c566426207d05071ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
f4b2eec955d796c556f13b081d6e320a

SHA1
8e44edfd09866ac2d9f60a69b6e706f5bce816c9

SHA256
c6d290391ac12fd725c5e545a5ab32936408d0a4e3262e12e535bdc281c94cd7

SHA512
4bff24ff754d7238cae36449d0b2bd3ed182a5d4f1c64148aa201ccf906376cdf6ec0161aa426d3e49d9044ffd3a14664f1a053301633dcaa4a2b288afeeef6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
fe896348564f62e467298c18a606bc9f

SHA1
a277a08ca39de2a7005b02d0280c76e1377132f1

SHA256
33977811a2c84699c9b8261bed626a9fabd0831df7891fc721235aa8ab044284

SHA512
d513c6def27a2cb6d4d8dd135e6009c2bb86a9552d8a5ebfc0cb93ace59f16adf612642a78fc20dd281290b4c76e395c4626803db4083c0be75d5b12c1295fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
257c89f9f91f5a5988b06ed7708a9e98

SHA1
77b0288cace129476dd7261e73f0b9fe1f34dc46

SHA256
bb530cfbaab4fe6274207e1806ca8aa7ed248e710982942aa2043061cd9a64dd

SHA512
83d4560f0b18c010a754ba5003117f610df21e330064f609cb4d8f030eb913116020cc76d1824b78295a5d6363d31766e0d5cfcbda30d994d2a3e097c630d719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
0d193f2f2b733eb0042febbcd30a7d3d

SHA1
11dace2720d96e2fdf399af183a7a5bc149b7977

SHA256
5d0014e1699fc8adb9ecd7703bd98c76b5b770be26d4b2c4a88e9212a8540d3d

SHA512
a9e5a74eaa0d6e19b83c43bc420db64a1588b8c09b408219930d960e30d28e88ad0608b5b40fa96675e950c2c8d4d30b424ea77c8e8e4ce27c185423c9d64178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
d94afa960a97a87d32e427019893043b

SHA1
577ba259c79d0c17cef9e6d502c2285957145709

SHA256
af114d4e081e5d69a34aa028ca839cbe8f98324682d10ef341750eb62ba00072

SHA512
08f5afc87fab119e39ffa139261c449a0c41782a1f1f61a4dc9fefeb9ecc3855f7f546f6350b81129c0dfc884d3870abae71763327c6a8bbc18833be38e79e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

Filesize
631KB

MD5
c3ec8bf0a625c2583833a3340825f1cb

SHA1
582054710a312897117128ed59ddadc983525eb6

SHA256
7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f

SHA512
175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1583078327\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1890453521\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1890453521\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_1960447209\manifest.json

Filesize
121B

MD5
fde1edabd926edaf85bd8dcfd6d26f0d

SHA1
380c447a4df3871885c99d926edd1e689f247b99

SHA256
3bab6a96aa24d25d5f838199dff00837be00480f92a559d30a24f67334e02a2a

SHA512
acc5b7ee98a6652a74477d2a9b295ecdacfd0182b75931653d373fdb15c52d1d869bbe3a41e4a79db36ed91ed55c39c47526268b56b123e9b7f19479bbe8dc13

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_2075634486\manifest.json

Filesize
145B

MD5
0df2306638bd60162686e9c4bafbd505

SHA1
ef9e16bf867f7950d5a30172e1d34d38686b0e72

SHA256
fd7b554588c5e72506a0bfed89bc298911a5649b9f5168ad7c1804d1c75de42e

SHA512
73fca229097631104cf352061d62455b6c5520bf59777520165719d2368b0e77f3ce66f52873fec53ac60e35274bf397ba321bc62610f0b7b172a7c5c4975174

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2364_965126155\manifest.json

Filesize
118B

MD5
ffa5fcfeb00002903f6cf667e9fe6a3c

SHA1
ad765ea344c8cfd95a591da8259fe412e52d13b0

SHA256
dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217

SHA512
8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

Download Submit