hxxps://emltrk[.]tpimidia[.]com/pld[.]tracking/Default[.]aspx?T=TRK1000&L=8480461&D=841&E=angelo@concert[.]com[.]br&U=[//]lifewaveaustralia[.]com[.]au%2F[.]wovem%2Fmawuva%2F6HV5-JKVG7V-ZGE0/ZGlkaWVyLmdhbWJhcnRAa2ludG8tbW9iaWxpdHkuZXU=

Analysis

max time kernel
284s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2025, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://emltrk.tpimidia.com/pld.tracking/Default.aspx?T=TRK1000&L=8480461&D=841&[email protected]&U=//lifewaveaustralia.com.au%2F.wovem%2Fmawuva%2F6HV5-JKVG7V-ZGE0/ZGlkaWVyLmdhbWJhcnRAa2ludG8tbW9iaWxpdHkuZXU=

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Loads dropped DLL 1 IoCs

pid	Process
5768	msedge.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
128	api.ipify.org
129	api.ipify.org
130	api.ipify.org

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
127	1480	msedge.exe
180	1480	msedge.exe

Drops file in Program Files directory 35 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_532502110\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1473929762\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1473929762\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_532502110\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1738891332\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_532502110\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1738891332\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1473929762\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1738891332\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133872926181441588"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{B984B47B-1822-4962-B773-9821BFC092D9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5768 wrote to memory of 5040	5768	msedge.exe	86
PID 5768 wrote to memory of 5040	5768	msedge.exe	86
PID 5768 wrote to memory of 1480	5768	msedge.exe	87
PID 5768 wrote to memory of 1480	5768	msedge.exe	87
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 3952	5768	msedge.exe	88
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89
PID 5768 wrote to memory of 2832	5768	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://emltrk.tpimidia.com/pld.tracking/Default.aspx?T=TRK1000&L=8480461&D=841&[email protected]&U=//lifewaveaustralia.com.au%2F.wovem%2Fmawuva%2F6HV5-JKVG7V-ZGE0/ZGlkaWVyLmdhbWJhcnRAa2ludG8tbW9iaWxpdHkuZXU=
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7ffd3babf208,0x7ffd3babf214,0x7ffd3babf220
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2072,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4860,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4372,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3628,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6024,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5264,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3700,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6172,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3432,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4052,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3276,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3388,i,13206474575761365970,1041440747849184140,262144 --variations-seed-version --mojo-platform-channel-handle=1048 /prefetch:8
  2⤵
  PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1068850214\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1394687255\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1473929762\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_158139737\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1738891332\manifest.json

Filesize
118B

MD5
791d8ef5b977b40022d73a00d269ae91

SHA1
eee166ddaa96114f05caaee653e81b3fbed325ae

SHA256
0642acd6bbb8906fa49601ab1af556afe9b072cdce3f2fdfdd8393b6749a9079

SHA512
afaeb3f15dfbe6e3374cf61fde33a313f0b94a971fb6a1fc255b92bf921ce55762d180d2ab45fe19c8180105a913c70f6fde6cc9c312f52d6390a45d893df3e1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_1884306117\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_420720787\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5768_532502110\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
74e33b0f0294575c93c26d654c0d9c91

SHA1
3e61c0599b1dcb3c1e04860b62561a8ecd36c5fe

SHA256
5cef192a3411e87883b46124b4e631689235752bbc6a0901a252ffb47468edbd

SHA512
fefb34bc5421202585c59ffdc926d1dd1a4aed453684f06866378cec37901a6a63575528f3a077fa0a5ec7d79fed64860c3f67e54eb74d358d30feee3450bea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bf8ff3485738fd339616af4c794672ea

SHA1
f4d146d1d42c058d0e7375ea3653ca2d2a3710df

SHA256
5084ca0c28e220d1d0ac082b1bd3cd5285e7cc3f76cbaf7908bbf5f57aa3397e

SHA512
41dc0f9872bcb0aecd7b4db97063cf31df68474af1b2125e93acfebc9ad5838d6f3660486edd229bf888e67bdbff4cc0a738a15842aa157ff43587a294e30f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c49d939d07cf3f3fff1800506b9227ea

SHA1
023d7c7ffdff0a7032c3db96ee82d2baddcc34f2

SHA256
44f9067719e3d384da28e0745cffec6d6ad5e8e61ea39c8957eefd08c80d3f9f

SHA512
5f97998c1b664ecee0bcd97d420d8536be27cb06bcf54774b68d0c511e9dd0cc71c28cc39c85072a23e4c20557905032334b956fe6cdb62aa38fe905c011f778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bde1.TMP

Filesize
3KB

MD5
511857aeb7404d245593aa475f6c84a2

SHA1
9a23fd5488e878307bfe8dad47f9c9020ac107ca

SHA256
7d6d8112a90b0b42954b95af8e8ee0895619620cffbeb81973524ca88eda8b94

SHA512
cc05c0e48ff915f1c88c1a0ee66a70ec69a9964356c77812e868ccac4dbd2b17d7cbf0b0dbfc2dc93388ac7857ffe5edf0db2b6c22b677b3a9012330cfb06c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
718bc6370028e95199dded52679478df

SHA1
96a064346c1952d30dff774a072f4541d2dd8d31

SHA256
493b5d968a808a68daa008fb6cdcbc7238f3c1df09b81551bceab3120edba56f

SHA512
576dbd50daf30ce46879540d9a243649b67c12044aebb398ff30380515f2866290043aacdd6ea6bea9ddf19fdb8ff42ac8b30e19b7b5ca2d44e49e063c46b2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ccf59f30ce7d35cd2a2f8d6f9ec6b982

SHA1
cb7bc12f44f7ca9ae6551dd47d8d09d757112cae

SHA256
ac0451ed85e8a4b69a56032f8e3c9d5d9568d9b85606412d6449fea5c527df41

SHA512
197a2ae2d8957e3bfb9004442a86afd75824cc456a274fc199b97859c7954d119a43bf5874c93a3f76a92e5f5759466c5757bd050ef14917f15c140f0ceb81b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4468679d15564af2983577a781a787b9

SHA1
4c22273d831f930fbbb4f088342e83c92673ba8c

SHA256
4c25c7133845dd3b68a224287d8b2d4a9288aa2720adceb8c490af83390e1057

SHA512
40456d5334f23dccc99e99bb772aed81c5bbbbaf5b495be360ef520c0e381b04d92a4f31f5e2a9bd8878e510117f4123d7d6766ff98db115ac2465a8480c0638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cc34648580a1c61e051ed3621160ded6

SHA1
b810e536f74a5fa2ce0fc3fab4db2d657a1aaa90

SHA256
05815fd88e4403a4cbb50d9edb154e983435591678046f9077295fc9df30ecba

SHA512
aec3ac8ce7197864564d344f8344a49fd717cd2ba8725d76fd1ac405b142345fbdf020fbb58cf1b75953a45d140589fcb4d757cce0cde9748e8a7669e8909577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
b86d419b75a7b7327e03ae7721f1c008

SHA1
33a6c0ee5286134dc3dd1979914ec8fcc6c211c6

SHA256
da6faaa1ed075ae465b7f76bffdd98f7b720b7dc8852a0f71ee91f73b91e9469

SHA512
968bc3edd017213db31ffe4e5bfccf27482c18fadf336e441ea2a93b81a6a1f0dea42ecb0184003ad5b7bd6f70e291366211ea407306d605db4b2e07745edb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1a1da01d2e577d67a5da113ce4239479

SHA1
74a3789ed8bebb583abcde9b6a594e7931498f44

SHA256
23741def446f7baa58f7b3a695f6d0637c4911353ce385519df32fb543cb593a

SHA512
0eb3a42e60234dbde25bf1a61e1f121ab0ae84a97e7b48f910b2526b0390d0140b563eb12585878c896da170080edb25257f4a96f0c7b7bd449b5e3e0dddb0bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d7edac8d1d58f4ebf7cf5264ad4d238b

SHA1
8597712ce853271226e123eff5087351faffad0e

SHA256
9222450f9b58d24935ba3286096d3b7ee9b1dd1dd498d8f54500403a03dd7bc8

SHA512
17501dba3f5b6b1395fa61eab82921e6b782ddf1ae9b7b8f2724d666b220ede8004ca39b122447f41149472cf3d6d3cdf624d8a279ae5cc8806d05c88ad23761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
1b7dc81d64a0d25005a56c703946d40d

SHA1
ebbfcc51e9063d09e45004ce57a086da1e006545

SHA256
24f324e2afbfac3863ddee6e0a1a7b7ede69fe6e52c5490eef178f4959b32f7f

SHA512
80eff9e82ac79b421a806f23ce8ae5b6f3fbddd0b2a58cdb98e5f224ac84a9f7234d0097bab4d7afd80b092e48fc6aacf367f8527e0f4f16d1a14da7b9c760df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
ad71cf8e49b6a21ccb78a286b5ad03c9

SHA1
017f5161b199507a4265d10d91d0e5746c497c22

SHA256
57080cecb4e056183d1bba93417931a77655073d69df2efa7df0620f91faae44

SHA512
bca26b70973db4fbb1d6e1eb4761ad9beb67994b3621b1ae8095508d3be7d31aa13691e96dd1734b078268f0bbcda9cd304098ea536a6f7924155bace882af41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
557c1d5c3e03579c5593032ccd3a4a05

SHA1
a4430069809e85f25f3d97e712f9c6ce7f316ce7

SHA256
bbcb33191074465678959435dfa05b5f83205b4635c1c9f518cde23ee230fdc2

SHA512
fdaf8e2059e9019d4da096f892bdcef12b9eaeea0e0d12b9404a987a432ebf6a1f30d2f54e5753d28c7dc16276ebd70001eb5a6e4c8ac86e6acf9e5c25212f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
30bc966277155fa9815f612a1fb62209

SHA1
e03ae7f88694f443a52f87e73e19d5c0b3b499ac

SHA256
fd93e0c435406c2364dc80ca492cdc50684ad3b9fc3f02bb72ea442f0dd95d29

SHA512
3cea9d275a4033a3cde4be3352548c25ff66991a6d5aa19708ee81cbde552ca87885f821c3b2949d60667cee324c1c7231e04b579d2e0d228e051d08ca8c853c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2931282676df7e9ad21a9e53da8b6c26

SHA1
673e2cded70ec4fbcb3c6660166cfdfa4a651558

SHA256
34ad39ddbf202c1441dfefdcde3a0d11958deeb695329fd2cd66e4c8fb1bb566

SHA512
9ca194b9405c990a0bbdc76924715c7203cf84bc28344165203d86f009981ac7ab39073ac4ab463c9134c48347e1da65594ef2517164cb845eac39c72d005cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
475c765c0319fcc155b0667b04d1a581

SHA1
d82d4932a7cf9f6caf5a16ea93270f884c95a80b

SHA256
2112ceb1717bd40d15518448f11b4202d8fb595419e127308fb2acccba04aa95

SHA512
50e33e1fdd628447b64a40eba36a2ce64bf0590a38d5d5a12c6dcfa3149775a040463d8228613e8841073b9920c281f785c1eb591927398076a5b9ba3d8abc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
95fdd45a1d175827007da0d66bc781b2

SHA1
cd22922b16f874405f2dd7947777bfb7e890f43a

SHA256
91f37e0f9ecf0294f8c8df9a338a82f0b954370a602a1c8931c703976fb1dfd9

SHA512
2ec37ba1038da9fd7be2c648b718973591bda63acc5a3a977035fa9232884a951eb9a2178fe0022baa289158101878d3c8c641e0d75b2e0dd90bfdaf42a608be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.24.1\typosquatting_list.pb

Filesize
638KB

MD5
c58dc6e76e524d25a1a8cf23ba450518

SHA1
26179cb88c8f3c2db96aed106844c817d8b08d29

SHA256
695140b50858ab3ff19e2519e0aff4b6a358d16e4cc110d5ca1bb6283b37be4c

SHA512
4d74793a2b91a5c307e6f23521622611dae00dbc8717ff0e7b93451ebe40313ace05cca8e85fc3b2e23094b07219040cbf6ddd88918bae7895ef0352db1af71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f629f888a5405b8dbf84f2abf99c9398

SHA1
be372bcece0f1ac660565651568896b73850e83e

SHA256
806ec6a64c6b430776b73bc87813c7e172744684060acd3abb8e55f031ffb3c7

SHA512
811385bcb840b945321c121530d9f0451cdfdb4b9dfa06befd90cf4f3d03490395d450fa3dc8e02ddf3d297a936e5450ce2d471b1e0610176c2d45139dc7b854

Download Submit