hxxps://download1076[.]mediafire[.]com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232[.]zip

Analysis

max time kernel
870s
max time network
734s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
27/03/2025, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1076.mediafire.com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232.zip

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\ur\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\gu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1439500513\shopping_fre.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification-shared\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\wallet-crypto.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-ec\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-mobile-hub\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification-shared\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_480554387\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\bnpl\bnpl.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-or.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-ec\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-hub\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-tokenized-card\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-es.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-eu.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-ml.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-ec\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-shared-components\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification-shared\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\wallet-icon.svg	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-nl.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1282199435\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\wallet\wallet-checkout\merchant-site-info.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\Tokenized-Card\tokenized-card.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-hub\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-mobile-hub\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-mobile-hub\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_480554387\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1042410020\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-hi.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1282199435\Part-NL	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1282199435\Part-RU	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\et\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-lv.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-nn.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-mobile-hub\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-notification\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-shared-components\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\mr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1293635231\_locales\en\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875082861079735"	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{34EEC8B7-880A-4AA5-B434-8709C35FB9C4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5872 wrote to memory of 5152	5872	msedge.exe	83
PID 5872 wrote to memory of 5152	5872	msedge.exe	83
PID 5872 wrote to memory of 2276	5872	msedge.exe	84
PID 5872 wrote to memory of 2276	5872	msedge.exe	84
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 5724	5872	msedge.exe	85
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86
PID 5872 wrote to memory of 3280	5872	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download1076.mediafire.com/7i7l9bhb2nygILRXfJJpn3iRcC2WAi0ue_r7a5XvT2hCE2qjtFerhV6DTMB7Z22_C12w7kBty8ksrdgN9yiGPf49w1MLEfLl4a1bWAioM0a6WrWV27dSbMrkF25KKO0ISCqu2GWXaCLbjNhDBpDT60eMKASRvD_X7h6oJlYroLxylQ/xqdeo3f92dkqxlz/de4dot%232.zip
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ffdfd6ef208,0x7ffdfd6ef214,0x7ffdfd6ef220
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:3
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2732,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:2
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1976,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5852,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3500,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3508,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6644,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5344,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5692,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=1068 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4024,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=1072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6996,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=1344 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2680,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5080,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5396,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,7659694791823299811,6593803018612818768,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aa9afd16e8041e8c80250b50ea6899e4

SHA1
a3a698d431952253255c343f2b35f74e73e63088

SHA256
2bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926

SHA512
344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2934ecab-60aa-4e96-ac6a-51af609c208e.tmp

Filesize
16KB

MD5
3d82af7a477676a3a498b60d11c58ca3

SHA1
a209228aec7175f560b830899166830d05c5e8e1

SHA256
15adce71f9d13d123aed29670a869060d8fd2301a63417709ec9a000e2c370a8

SHA512
d32339218a444622422b2f0e6fcc11b5e8af56f8f4501e3f759a62f9afba2d96ccbf45cbe5d5fdb9996dbef7e7dc44c9cd0a296d4a9c62a21b5aeeca16f6d79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000005.log

Filesize
21KB

MD5
3beac129b91c76ba2c538065de6256d6

SHA1
58a81811a9b6e17e74d10ee3131a16f8abd59bc1

SHA256
958b5f5ccb9bb0b95fee6bc9c411c937e842c976d4e2c49a64409ec804289769

SHA512
4b3a336cec9ccab596ae6e4a4f87f5a2a2d14fdb5acac5677f40ec6840c427f2dadd9eb317eb41a382a320af805d62f5bc0cb04ef80d6ce8fbf03e154e1a4462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
424705fe3c6a6b083bd150159472e837

SHA1
e25faca9d5dc6c7ad764fa3e5619a16f8a457915

SHA256
63709264fcddda71d66f1dae59a1f28ef5437e3e12b2dd72dd5ce203f06623d4

SHA512
e5dc59def280549ee80298834e42b3067dad02a6832a711813a575b33570c234e4af8ca04f00d23a1067dc59513085bbd006f49a725490d399685f79cdf26907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
7d7ea323723e6275789a950a7af56ceb

SHA1
5cff0b9d0867c1b0ad7fc5c5742188573d699971

SHA256
6e665126e0293535269e240b579c1b74916767356647aa3ec5b96219cf5f28c7

SHA512
11b7369c108a724cc5949d2b907e367545c464267e07712213ca6b182a5e7ed91c6c4848e225668044611278c3a3035d9d8b9d6c26db48e1485bcce77a5d9b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
0642406c700a264cf1b465e889163227

SHA1
d3dbc694fb03f15fd5bdd7ce1f521e73e5e655c6

SHA256
64ac5a6ea11d3e7a9d4fb9f8a2df09c47764e5b962b4108645c3483b6bc5424b

SHA512
4bf0793dda5344373ddb8dab71ac1769bb8d8fe654c29e44693f5a68e8898cd1d297029616f707c333119f1d079cd5249ab81331146e063c1aafa8c30bfbeeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1ff0e15e3af4191bc4b8caa78d7132f6

SHA1
395603a048f789423f9a07748a28e3c45a428d07

SHA256
d1344b7f051fd3aaa03d286b2854a4a0f4ff3b025d8f2e3f3ab14a1090f99b39

SHA512
524b5a9d818afcd6f1d38887d9e433ef8d104faa0851d828094dede6dbd0fc561d9265fc9fbf3ad1940110f775bcfc703bbf72548e0b56c36747bd5b207c6fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b7d46797e0e2a9b315ea121d5a39ed22

SHA1
9f3d0581ca799b079ae45964815ff16ba47c3cc6

SHA256
038d27a4b3eb1228118722a579c4cfa6a545b6ff0da79df7119969dbf1691c09

SHA512
7971e39b25291b6f9958bb4cfed5e46fa81c2bdced96d8fb2b697d56e74980a4d4a4d63524a9dc506eaf7f2331909524634e41651b9ccbb72bff85c31b089ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3033ee62409e18890a4301aec0d995c0

SHA1
2b55075511a7c066dc7d094ab7c165df8f63c44f

SHA256
ab6df33b93f62416dee47755b23e01868019676b76a9d5d0c267ea9f98b15fa1

SHA512
a751a1b5c3317f894d3e9afc02e7e275f995704448221d14756ed34c678a29e88f2d1e8e846b4e15bf9ce107a1f30d3245d94a6352799fe6b118607969fdc9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
23f9edc6ccde5fe02201a8c160614b8f

SHA1
ef86e58deb5783cfba5805a4276f3ce36f266df5

SHA256
1db697e12fb3b5dc746824cfb26c38a60b1126adef09f64f4de250bbfb60de84

SHA512
35abb175ca10bae0cad3cb1b0431d4c921906d185cd4b5b1e8e037ccc2b51cb959d42d868502bdad731b4fb8c8ef7d62976c9ebfac09dbf511e4318b1aec4f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
53ca2d883cec448787d14967ef4d4c9f

SHA1
befc5c2ac27860dab945d7ac03f9b0db98d8b3f7

SHA256
763830c865fc9ab80fcc2731cfd2a9e1f420fc31a878343bd47569bb217ddef8

SHA512
bf3ebb38f8c0ab1c82ddb9f1707ac84a109af298363e05fe5185949d783dbb2b53c4bb6357bfcade124b76236cc74762fb183ab087f340986ac56738409d2cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
40781b42ea5773f189ba840c2ddebd67

SHA1
ba2d77d494b677203506fe8d9b9558de9528322a

SHA256
47a22614934b791c29c761f4285a548c854a1429a83489a68e32a027643e8253

SHA512
4f85c4cf13cbc5b1248ab07f52eecc4e3c7b43ffb0e99a04164f7f30acceb4513327e8ad6df6157ea584053b28d7ea0d1f4dda781cae76a2e5ec3436de101256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
d220731d7756f550e743c86d118a9943

SHA1
a482310afe99115673c22432db4b1721c02634ec

SHA256
cd7bcfedb884f61ff72b198c6862bbe8df397c6eb181c5dca110d8669c2c30bc

SHA512
56e3cae74e1dfd5f2b52c5bea10cfabfbef1dda72bac81794e2416282a7c09fbb1176e1e95f847e030a4c6576d1a20817061279c48b4eb6a7388336d06f6b55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
d73119ac062f346311f84608645ad597

SHA1
1be1e2898507126691cee69bb7b325285615d1df

SHA256
6cca04f34d4b8f52535c35c855b579e03522912be9da5c2674e6102660ffd351

SHA512
96532c3f6670d398f347deefa467284674f582bebd1e051c3acf5d1d82404804eab2773a01a74096ee0a73bd3a69e2e012fb83fa673431051b8a6b73e7e5d28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
5eb725f68d83ef0c5668c75bae8cfa61

SHA1
be6b6b6a66bddc28f46aa1c4cbfce9f5607c8a65

SHA256
29350153cf8db3c0db311417b10a49ea198a65f171443b85be1f5301f56b7b34

SHA512
be678db73d8159f8e19f80167b4ea45e6dcbaac5833d8a4960496134d0c86d72c3047b1a77a71ddec81b89cb5ed8f4bd38193b6c1c2ecd7f5d5c8b9d837d7158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
133410d2fe9030b6e0a6b5c03d7edb9a

SHA1
5ead323b922815dbb0ac0c379d08e988ba399f84

SHA256
ad0dc5e24acee2724633605b8166a05535324d7c177abe89b2f2aca7e07c2629

SHA512
d46ca8d961324d852049dd9573a8be1d337c435bbd9a09ee1d1a6b052e4c2f00b8eb70325fc416fb6ce3597afb9b49a1ce9c52624f9405f7ae819d8608936d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
bc317467c2f01b397acdb7342d9c819e

SHA1
1038cbd2da7437814b2b28b8d4d3c5de1fd40dcc

SHA256
9ef53860cafc46cdf07a3540751cbd886a8a97cf75203d2ddd255bcf6ee507aa

SHA512
fb8d8480cf2c4f1a7f58ffbda97d47f91f1a54b4ff81c60b7fdfc81503b851fdbe2fc69b01332ef3191660f6f29361cbf7058c4f0010c9973d899391ce435f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e52a3325e97f1ebb8a3b07a3647ed522

SHA1
5da8638415cc47fd87f5175682b20e0f1af509a6

SHA256
916b078f1998703c1591fe280599c8319bf0ed43831da8826524fdc8e1eaff30

SHA512
35294b8e790a0f597e46f7cc500e725806f8dbd392d8d162399dd835c0effca224764086cdb987bb16d07ca9127dccaad2299eb590e5c9813e7d377d08c384db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
7eca2bbb12cc00f712d6ec3adf36f1a1

SHA1
1ab68d69ed27da6a2445e5a98864207cc1c524d7

SHA256
4eb6935b16c5626fa7d7522a7c32b5b0b6a1a6cd9afbf319ebc328ef8523406b

SHA512
d3882dc3884fbc573ca80cb7028c3c1a2451587bd3268f2472de117eb4bfa2c33259ba7105e3dd618b67a3b3148e07dfa8231967b4f7846ac850bb25694accfb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1042410020\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1439500513\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\Notification\notification.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_1678474524\json\i18n-tokenized-card\fr\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-mr.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5872_51027493\hyph-nn.hyb

Filesize
141KB

MD5
f2d8fe158d5361fc1d4b794a7255835a

SHA1
6c8744fa70651f629ed887cb76b6bc1bed304af9

SHA256
5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809

SHA512
946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

Download Submit