hxxp://www[.]google[.]lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1[.]25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0

Analysis

max time kernel
443s
max time network
447s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1.25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1728	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1124914803\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_727521731\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1221812836\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1681757434\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_171327753\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_727521731\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2069940295\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1221812836\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1001036352\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1728_2098015932\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2115451679\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2069940295\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2115451679\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1221812836\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1221812836\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1124914803\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2115451679\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_636144593\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1001036352\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2043280798\_locales\km\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876323896140820"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{DF7FB1F8-4B5A-4DAF-9A12-6822682D5831}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1392	1728	msedge.exe	85
PID 1728 wrote to memory of 1392	1728	msedge.exe	85
PID 1728 wrote to memory of 3952	1728	msedge.exe	86
PID 1728 wrote to memory of 3952	1728	msedge.exe	86
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 1988	1728	msedge.exe	87
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88
PID 1728 wrote to memory of 5760	1728	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1.25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffa6214f208,0x7ffa6214f214,0x7ffa6214f220
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2012,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5036,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2624,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6680,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6036,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5620,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6832,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1316,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4876,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3884,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6964,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5940,i,7123858536374968008,342503047448364376,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1001036352\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1124914803\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1124914803\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1505050835\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_1681757434\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_171327753\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2069940295\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_2115451679\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_727521731\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_727521731\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1728_992397301\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Filesize
1.1MB

MD5
491195acbadf0100c8486215a47bca4f

SHA1
47191a7b85151f959f0bb94d070c7c11a6836044

SHA256
f726832ebdee1ea6f7c31ca41b39afd18ff094d2f1b19b5c3bd83af82232a1d9

SHA512
13120ea1a18e7e4543740b7b2d29b13bef1eacbeee7b749b51034357bd365519f5c9b8b22a1749558ad480f56c09d9b454529eea96c059708e4500f918ace6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
ad5c0e2862d891f4ab874535a2ddd8ea

SHA1
455893b42b42d41c142aadcf57b8a5a3367f608b

SHA256
4d098544304c6238fc0fa4d83b90489ca50dbc802c350a6cad39880d2a8c424e

SHA512
cf52c74a169f5a797059abda5e033925f91757da6bbdb51e622dc52de448f43b2d9fc6c91fab09d85896f5a03a107ae08a5594704fde97b65435bfe06975cb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
151B

MD5
b21d33b94e73cd59dd683425953c1ff0

SHA1
9247256eca6b875ef3aefba7ca1ddb510021bd9b

SHA256
79ed58e03975c3fbbc0e4b4639d7921c1af16cb9649ed62cb1d57cd7c7648d01

SHA512
925d9fe34ad64f35ff6a43303f93a204bea0e2666db29974896e93f0a4e7c664842ee5a9c166eb74580cc04c5dd940af555a1937297ee18c405a93d8a0e4fa9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b0e7159148953dd7d4ada1450a8d0985

SHA1
f3ecf2d680749835ee133cf7555b6cc8b8d41e04

SHA256
39c3d813e74289c7e3137236290f782d7975dc8cdc409ff356831759874de15a

SHA512
142ef96d1786e72e11859ec515cfb42959d0560cc135131fe9d12fd787b206edde0dd39982049f41786722110a4516a8eede0dc46697d35eb87c65931ff523ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aef4061da78858313cbb97d1f682e179

SHA1
11f90a6e14c5f79c939d8415ffef426b170c1d5e

SHA256
333c7704911392c55f5cec68c4124cec5b8259825c254f00f60712b8f13014fa

SHA512
e49c78f7ac4eee59613d5ae136f8f06e335b8d18f26963aed3b837e573610e79e7f2395ab1ace60ffb151c2ec07499f8b3c21576ed2e318ee5b389360460da2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
03f83bf0771a2944c40bfc453dde8880

SHA1
20093df009debf4753d35de0eeb5056184f18142

SHA256
33c130edecd519fb46397fb50e212b92187ffaa7642eddac7f19527054766e5d

SHA512
98126f1cb55f2fc446f84d54e1cb7f5a914a403ce93adac9977ea8f6893975068f63875928650fea68f3a2bfccd2cccb307767801ad5affd6fe378251eb60540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
749bfea0b89a41c8d7a0c973cd902c93

SHA1
a1074b5f91d5322b86e2b51249f7f8c06bb15b2e

SHA256
1637ddb6c717d6c5cd900e2f82d1f1a3605d02bde6525e3a8d00762ccb40bcf7

SHA512
d3919d06563cd18283829812bb7745db984394d5c60dcdb0895000d4676ec6a1aca789222dd243c7b595730394c9ef6294bc51116a0f01990bdcf2624c78edaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
d548531707b1a1cc3c2b90aab4243f80

SHA1
742f468d0bacc7fae3825b18ff1939ab9e25d099

SHA256
bdce601680e7131acb1736f296a80e7d69ccfc018bee056305b594bab425cdec

SHA512
738ed0928d2f75250512d7c751cb30e804bf3876105f89ec889156c2c2dff346a522f470f071852b65f28ce3c17897b479f5646b8582ded3c2145ebeebc71c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
79c8a438b9e7e0f7cca05776f2b67fc0

SHA1
955823711910de9d69f52a09003dbc14f02d6428

SHA256
ae83e2c1b0efb0def260f1eb1d87987efd05f6b1f153d3ac4e0d153111e70f21

SHA512
db2fe0fc5ec9b2c7f232ffd6cd9e0068c9739335dd47b4537e376dd77283a6947a8268102dd2d6a9c802962e299f2de6fc0b5875ad63630563f3921afc14b132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ff4336d1878ca3fdba4e90f0656450bb

SHA1
196abe4c0126a21c081d32cb2f792bf078f63ddb

SHA256
a35e026ffc3b1172883963f5512e8578b0ff9a08b33f53c71ec2460d5a29c215

SHA512
8b7dbd2a49eca45c6b08ff3435520a9411e021ccc04d96b2acaf6a27470ad90f325e07238e31d06af28f6b5fa91fe1e48434c38ae3510d398a6c128c3d7387fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\349f9180-c917-4bad-a158-3f8859eac126.tmp

Filesize
904B

MD5
ca1fa799b6c7ac3e5322f7b673f1c6bc

SHA1
7dd41f65351fed3ad4c369ca59890d7f9bc1561b

SHA256
5766503366d50c9001147f9c25f05f79231f42027c3872921f5eb2e8c8a89c7b

SHA512
58e8c5b8e79570e6b2067b5e8d4b5750693a0852b05194061a16dc733b53ebcdae020b17b7f0391a6f606b04b0b94dd17ebdde647533675ba174694b136ed0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\6f791a26-e196-4ae2-a850-e85d6f72ceb0.tmp

Filesize
469B

MD5
ffa4b26cf7b41c70b23ced84314768b5

SHA1
c4d1a54e1ce263f27695d4b9948ab443b8902616

SHA256
4693beb7fbd820f4b5680b57d53d7c5ccb31d2ba20098cec49f709445608c40f

SHA512
f3c8ee0f89e7b6ccb1febf7e4dc0935b34e9354a373862a4325e251d74242b48b27f1cf0b557f51373e2bfb2a80cf5db4b0e71dcd3e01d2e66aa00da40854d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\740b24c6-f6aa-404b-81c0-be7c5c4d80da.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
5d68e122ff1194d9a00b607f4a61a6a7

SHA1
276c91c356bdd6ccbe6f9da1149ca9a5448332f5

SHA256
e6bfb69560ac340a284a5b598adfb44a3b593610452152bc98d324cf6e1f166c

SHA512
e6f6c864758e4efb616f0755352c9c5723580f0a8898e1ca78c21380f75e41f33be133894442756fdef019d5424328387ed4bf41fc5e6ffd02392f429a9bdd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a6dc6167905c6d15de379d3cb3119d0f

SHA1
ddbc8f63497c8bbd7061d61802b6ae2c2803ce12

SHA256
aa7ab51dbecd7c7a1765a674e4dd34e420f6cdb2e7d385638c74cae8577660dc

SHA512
000df77e078c60422dd0c0b4d7e9baa1675132a2d7d9c6ec932990834dbba03512cf78780d7b764e0a6b6c97aa3245c4bcf383fe5f1471dbb15fdb3cdbd4e201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b9c3a45aa5ce379816376f4473ff4145

SHA1
30a70661992676604494b255b3676ab22473db22

SHA256
70d9b32779bc784f603017e0a08d9076bfb2069bc5abfa218d1c91f56ae5a94c

SHA512
d7d879e2284896fe99f4379a8d7cab4f5db9085e9b16654dd5ec5fe3df5320c6f1ec04cec8ef57a051a0cb2593717f05a17a1cc4e7733db87e6bbe276564ef17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
3de6b369eac6d90c6239480e455e7247

SHA1
200657402b6f974c2ddb4e363deea3f131a04465

SHA256
c6aac7dab5d7b1ca87ee1be8ea6e028860d525d0e5513c2e67dd49645ec21cdf

SHA512
32ab2fc70afc29953cc8851a15a1153849fc331689223a5a7389743f567d5970ace554a109af962b4cc18799c99720b928b9555b4633d6239c4c67c19268f691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
077cff6df35ff24d6daf15fc766d085a

SHA1
1bdff7b7b26b4ba2a599363abac1cf28ac2cf5b1

SHA256
3811108150073a3ec270220ba600a90b13cce4b7c76a899713c066bc08ff4bd5

SHA512
9b7f936cd84e614350c3f2c380f2787be42e95f4f211a73a54ff215695a3b5677af37647ba00f724b43980e359c8e31ddef2ada5fc8fa9f88cc71b3f30d3967b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
1bcbc8d3fd097ba90240aff3191ad5ef

SHA1
f736024290b9ab6f2b2144644c413f8fe5180c66

SHA256
85cf9e02fce8c46a237d549d746837a9f9cd9d6d35a1a4996bed3320fdfba592

SHA512
4b359d177a5a73ceeb4ee03084fc21c993e24885cf48bed31c3817d013a01d168b501840c802e46570ec6adb2f48e6501aef37c608fc853641ceb02e927fba8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
544988a30637d90dd7fc7b79576cf483

SHA1
540e6867eaa07e77a4f41db7567ed3e157e3c3cc

SHA256
6f0a5f459e05c8d9d43ced40d4cf95ac0173f6fe3d0f3d7cdfdc140cd57be7c5

SHA512
71823e4f9239bd2e496c1f94c570e42f9cc6e343f954f82ba9d2547da3259c2383712b0f5757d1c4ccd9f3252b847032a862455a51cc9c0aab204c23a0b849d1

Download Submit