b56e537748f6b1c35ab9a4ef5e45191be683b0feb81114555dd9cc5f3ecfd532

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

8.7MB
MD5

bd0ced1bc275f592b03bafac4b301a93
SHA1

68776b7d9139588c71fbc51fe15243c9835acb67
SHA256

ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b
SHA512

5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa
SSDEEP

24576:KPQQ/6MP6P5d1n+wRcXe1Lmfpm6k626D6b6+eGnkywBIpv:Cy8OeG8k

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_1206393700\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_509570042\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-hub\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-hub\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\wallet\wallet-eligibile-aad-users.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\wallet\wallet-checkout-eligible-sites.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\wallet-webui-101.079f5d74a18127cd9d6a.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-mobile-hub\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-mobile-hub\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-ec\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Wallet-Checkout\load-ec-i18n.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_2091815925\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-hub\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-notification\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-ec\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-ec\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-tokenized-card\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Tokenized-Card\tokenized-card.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_509570042\product_page.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\edge_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\wallet\super_coupon.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\wallet_donation_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-notification-shared\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\th\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\wallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-mobile-hub\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_509570042\auto_open_controller.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-notification-shared\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-tokenized-card\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\vendor.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\wallet\wallet-pre-stable.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-ec\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-hub\pl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\wallet\wallet-checkout\checkoutdata.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867575579332789"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{7BF5CE64-8FDF-470F-88AC-DEABA56B47B8}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5592	msedge.exe
5592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1660	1380	msedge.exe	88
PID 1380 wrote to memory of 1660	1380	msedge.exe	88
PID 1380 wrote to memory of 5292	1380	msedge.exe	89
PID 1380 wrote to memory of 5292	1380	msedge.exe	89
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 4396	1380	msedge.exe	90
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91
PID 1380 wrote to memory of 404	1380	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffc4597f208,0x7ffc4597f214,0x7ffc4597f220
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2484,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3508,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5988,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5012,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6052,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5760,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,6652960945862610669,12554641552075727851,262144 --variations-seed-version --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1380_1206393700\manifest.json

Filesize
118B

MD5
acb8ebb43624ece8dd7964092455d2b7

SHA1
7c61f04b419f927f98120afa18d8553513e2a0f6

SHA256
55b2b1fd2a563b240179fde6335370f5e22068ada77b5dc5af50bbc379c72953

SHA512
8e6c135aa19d6d21b32c6e9c0727ccf3df7e8dfcaf49e3f0ce55af9b53748188949746d69d17cdafd9d77511b1550d970289912a33b3d9c4daed8837762d91c3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_1965696592\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_2091815925\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_2091815925\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_509570042\manifest.json

Filesize
145B

MD5
0df2306638bd60162686e9c4bafbd505

SHA1
ef9e16bf867f7950d5a30172e1d34d38686b0e72

SHA256
fd7b554588c5e72506a0bfed89bc298911a5649b9f5168ad7c1804d1c75de42e

SHA512
73fca229097631104cf352061d62455b6c5520bf59777520165719d2368b0e77f3ce66f52873fec53ac60e35274bf397ba321bc62610f0b7b172a7c5c4975174

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_594836451\manifest.json

Filesize
121B

MD5
fde1edabd926edaf85bd8dcfd6d26f0d

SHA1
380c447a4df3871885c99d926edd1e689f247b99

SHA256
3bab6a96aa24d25d5f838199dff00837be00480f92a559d30a24f67334e02a2a

SHA512
acc5b7ee98a6652a74477d2a9b295ecdacfd0182b75931653d373fdb15c52d1d869bbe3a41e4a79db36ed91ed55c39c47526268b56b123e9b7f19479bbe8dc13

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1380_94159405\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5e1fe061fa6c337e991902d25727ab23

SHA1
7e970ba110a5ebf0f0165ffd2f4bf8d9d105179a

SHA256
38028d945c04dcd9148745498230bd44b694758b7af84459860b7caed26f9df2

SHA512
0576e7c376a296ad463115feb0632030442b4f290b24d45a5d8ea022da247043210f7e90f43628894d301311bcda1557f64cde1ccf3ea7dc606893089846b0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8a807f22eec4bd167f826bab441d44ba

SHA1
0b05e719a29146d7a32d5d675c5fa251976ff66d

SHA256
7ff33302fbe6f1ece91798ce6866198880eb4b85960713fe2f3f3e2545a46d5c

SHA512
a358ab7c49fbc0396578dbeb5fa46e083f1f68d4cd53020fbcaebdd1bac2bfa4d50efc9f4eeab2af8f2d3aec2d58d3c407093f77fa4560f62ac7df41f55cc0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
59c949e4617ea7ef466b6d1f24b8756f

SHA1
2d0fa139ad0533a615054b02a93dd4c7b7e1ed0f

SHA256
d2f21dca1944b1835eacb04e9f11887d94201a59d6290d18769a164f3ed687a4

SHA512
0cec087cbe51e51c7c5b83b46fb8a034b43ce825f4cc72f57bdad5667b8f8d64a3f0d93cbe9cd93798f9a92e1fa6d139fbca9cddd5908bc3d8632804c046d796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
31b97df3a178cea224252568baec7583

SHA1
d75938c935b1e3435d5746d8b7a5ace56d1e1409

SHA256
c734c5c488e68948c0b77bf878f4895eae07776a76263acac0cc1f03ed3cc5d8

SHA512
7a423e17083fac7b8c1102d3026a6607e0b58a69dc1cdd1c5ff435278b0d1c7281e438c4ef0548c96fce1ba20bf95ae11fa743483f1b726f2cf27f0b0705d6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
980f18482e4b0e35b6d0ce67b0345cc0

SHA1
8bef87117db34e7b41cfdc3d92185b7c68f3c45f

SHA256
0b9e3b0eaf5cd8fe4a11dcfa65fc0d04639d2321ec81ef6326a7c0187b76ed86

SHA512
c3159b4c7b8582c629d21aeb51552fd17e1ed3bfb1fedb178f2079a0092d5e67680390a2d469cf7fe8c8808538a5716d0399888951460c67f73ff3ca61388200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
5ca8112bb590da642d5e204df4753e6e

SHA1
ea6b794e049220ef78c29055436749a7f38c4667

SHA256
e2d55a6446df346d0f647132fb7feb1389d016f0f99c7fa89ca2e444e2d5dd4d

SHA512
e00d270917a9f2ee8a4b8562bebedfc38f81cdd1d855da59aeffa29251085af3358b7e50b16ee7bcabec594397bc218307d563e07ceac31865076839179f6af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
224741a0cdc61c1059229c42010d29a7

SHA1
b1eab0e0276adc1e7111141d14c2253cfce5c07d

SHA256
d851801d685176e23f0c010fb373903e796d84b3f96f44b67a1432db64114a30

SHA512
02d91c98b83aa869f599d11153218fd929e8f40b5093b07f87ff1356c5b60dd52deea751077a7b49106c490c4a62ce99a1a80ae7ecc83b23c97a7bb39d3b6c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
a94c23d88023a300aa379919563050b3

SHA1
b3be4fea49e7b2b55cc7062b95971367f02e2bb8

SHA256
a0cb87c5c2379ee77c58ea0b9f9579cf3f69691d376bcaa58ce604ed4923987c

SHA512
03e5e19d6c56433688f6927d25e9fa32361087afc5a7fe471080a5cb59eaba029819e409d90a7f82a6408a0ecc6db1b9db2321eb5ec5f02f3c5feaca3bc51e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
b38dd3c835802a8a5d21f9776e4ce5aa

SHA1
e2d07202498562c2c75e45ace706656d0cb302e3

SHA256
58ce6c13b066b95c7f96f823064021457bc7f8ff4eba0fbec917834ff0c99c71

SHA512
aabd9a6dcf0c1a8e8f47bd58afb59bf6cf3d2d8476416172fde739cf4acd937a230dbe2f91d2859d8c8b5345abe78267f803ed1e57fcc3c0b47c31091c2a9f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18340.18330.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
6c60774ec4d5e6b21004b0703d63c2e5

SHA1
25751e4149e60be509b99493d5996a9e0f0c89d8

SHA256
74de8905e87904dd198bfc1b31e47423818f41c64c3bc0b71ed691b96c1038fe

SHA512
9147ea8368ef0a5393fc01b71b7579c4be60a7cc508fc26a1de9907e5054af64075d90bb9dadb1d3ac68db5a4525c8797907892d1d471d2f34f9505e8dd50fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9fee0cf459b267b23dd72b2aac79a111

SHA1
771e3ecbb598d56d1d61f78f06fe03bad1dd9df9

SHA256
4b5412a131fd66e073e45baee5bb1c5cb24b76f96c021223e54835d4bdd9e0e0

SHA512
21121bc7fd3ae8984f6d2b4b7bdbca9622ec8639a937638bc1e59711013e560945c9582be218638ba3396657f8b1d1019300bf2c5346a80914c47a06984d3bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
b3732320f92ec49522999c2599d3e0ff

SHA1
4168946cab8b68f3ab6d003579b4e77f9f4d95af

SHA256
16fb0dd3fe8f451817c694dcf79031ef8b24ac18186cdf990f2c649bc823db6e

SHA512
74de29b5dddef455983a474cf45a61af76875b7472bb259c2daf5d9398bbb41084a3fc0df1e05b6f324a09369c6d1ecfb2ba4817000f379352baf836691701eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.17.1\typosquatting_list.pb

Filesize
631KB

MD5
094ca661fb20ae7e5c26df780e0f7ecd

SHA1
0cc79e2fdf43962d9597b7eec7b34c8983c3562c

SHA256
76f100a3d96cddfbad67460eb0db1a8877a53c8a1881888b208011cd3a9d5726

SHA512
088ca8996eb3bd02f5561b026a9e36755c915d19eb9ae768ee3949491059b1c7e34117b72828d843131df50456c6a162eb2cffe74fd38c273708cd4ac6fda53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
6aa56f1ddb4a9a4abe7b38f9186c01eb

SHA1
19899aa39e6238ed44b268aadc7eb871cb0f2b33

SHA256
2a75afbafe0960179cc3409cdb1e3ff033e5702be189b4dcf10ad501d8823676

SHA512
03f8aa2f8ee49c86a9e8e30cf81f329abc464bf6c5139205e16f6b3ec54b6e6319bafbe9f541ea60afcc5ea81afede43e9489ca9a9a59382c4289641403b17fd

Download Submit