hxxp://www[.]google[.]lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1[.]25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0

Resubmissions

28/03/2025, 10:54

250328-mzrl3swrz7 4

28/03/2025, 10:49

250328-mwpnbavve1 4

Analysis

max time kernel
329s
max time network
320s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1.25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1052693689\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_698171320\manifest.fingerprint	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_60_669050034\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_2072993644\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_758200972\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_977161046\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_758200972\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_758200972\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1052693689\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_698171320\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1806132993\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1958359544\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1958359544\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_373392949\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_2072993644\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1958359544\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_698171320\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_977161046\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_2072993644\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1369686084\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping60_1076626605\_locales\ru\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876328748926263"	msedge.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{24E284BD-E152-478E-BD31-C3019487B650}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 3856	60	msedge.exe	86
PID 60 wrote to memory of 3856	60	msedge.exe	86
PID 60 wrote to memory of 5596	60	msedge.exe	87
PID 60 wrote to memory of 5596	60	msedge.exe	87
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 3460	60	msedge.exe	88
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89
PID 60 wrote to memory of 1400	60	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.lu/maps/vt/stream/pb=!1m7!8m6!1m3!1i6!2i32!3i22!2i3!3x484!2m18!1e2!2slore-rec!3i999999!320033310m11!1i1368782!1i1368785!1i4861626!1i72458815!1i94222679!1i94243289!1i94255677!5i6!5i9!5i12!5i15!416607470m2!3e3!6e2!3m3!2sen!3slu!5e1105!4e1!5m4!1e4!8m2!1e0!1e1!6m31!1e12!2i2!6b0!7b1!19m1!1e0!20m1!1e0!28e6!30m1!1f1.25!32b1!39b1!40b1!41e1!43b1!44e1!45b1!50e0!57b1!60b1!62i6!62i9!62i12!62i15!63i8!63i11!63i14!63i21!67m1!1e1!23i202752!23i10205968!23i10208640!23i1368782!23i1368785!23i4861626!23i4897086!23i47054629!23i72385654!23i72310157!23i72458815!23i10211069!23i94243289!23i94255677!23i72692817!23i10210500!23i94222679!27m5!361814206m0!436338559m3!5m2!1m1!1e0!28i726&authuser=0
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff9202df208,0x7ff9202df214,0x7ff9202df220
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5024,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5080,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5400,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4928,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=1108 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1012,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3284,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3216,i,1061968394690824698,3216457488211909065,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:180

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping60_1052693689\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_1369686084\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_1806132993\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_1806132993\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_1958359544\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_2072993644\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_373392949\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_373392949\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_698171320\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping60_977161046\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Filesize
1.1MB

MD5
12c90b818570a118c17bb124c33c2595

SHA1
85477978bb501118bd1c0947d0543e31e0d48562

SHA256
7d665bac428e272ffe2fd0d72e2c2629d352b1de8dcdd363a6264edcc58f7366

SHA512
ee313d520c6ee642eb96efc2b3f9323296b920cabe72e5c8e87708283ba002df24a9f2f3688fbb6ca5099fc17264f771eee990ecc5ab4cb451cea8e7782f0298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
dbb4de25fbb3cc33fb1b33b89b5fcda9

SHA1
bc113f8e6f0c19659d4563fa8a3448bcf00ba487

SHA256
62287e0f4ecc11199baf117aa71af28a5508cfb33412ea28edeb871d9f6e7c46

SHA512
2bdec9ae390583f8ee4b53abcd0065fbd42f4a4d8c898708e7a1c3beb6eb042622e9ffd7e6413c4da691e7e2e4562a2c9a1f3ef6f4e4f9424fb37778b0d99c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
151B

MD5
466b44f9bee105ece7cb5befd446dc3b

SHA1
723c6a25dc5ccaeb82af911d716c0ef47fd588cd

SHA256
fc2bcf7bf706860af3c61fcdabde6ad373acc547ad2ba7c2c520b26b98f1fe60

SHA512
88ed1f11d1ec03d7d2af54c3e3ddf146c221d6902116058cd01a4db78ccf9ca3896303fd28365866784704d1d2d6ce056d79344518555071381a7ff451d86dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e9839f7504e8c4713124cf6615ac41ce

SHA1
a77e7c7998f279a8573650adb5d34ae3832a56b1

SHA256
0dd066ab3e74dfa7fc6fcb9979646ee7d53c0b0d8f6706144644eefd4b2d46a6

SHA512
bd6f51c08d5b8be81fe8f2e28ed614d8846a820cc169c5c389f39029bd9dae3628fdf263b11d268d7af9d64f5e3f5c45794b47bb13830cf8a8898e29b5d003e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dd07b36026193a7df93bfcb96880996a

SHA1
1f101318ecbb1cfa64ed20968234f4f79c8c286e

SHA256
0d2d8cbca2c2ad406f4b18258513a48d28ad65e9711f16244027a348c64b9e05

SHA512
76bdf4dcbf21989826bd913d06339251b776889c788a4b8b8524dfd5b519ca6f131ee4e035963e49f6cff46da714018ca4d3d8bd917587e5ca5ffff10d2b0b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
db45f155de5ab7ddbffb735df5310257

SHA1
73a2cdb810352e81035dea9b417b013cc9e80c2c

SHA256
bbe18980ce41ee16ae7903344e64873bd9ecf4431b4d3a8cc06c259b668a7118

SHA512
d47a038b80d5f65a41be259390631dcf493880831e63e78f4c46d220ff9145eb56b361ce580d64cfc175a3fa300072d1747972aa8a9d5c4d5d1d16b5edfa8e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
1b2fe024086935d3042a827aba47a8b9

SHA1
0d80af06bc2445b470fcd1ddb5a6cdb374f17f94

SHA256
2187ba53a8bd9fef0a114c3d187d11ac2d90f51c25eacc5a88bb34d07d1ba3b5

SHA512
67b93e63a1a432d648b1fa03728df710b311672f67978b942ef994099df3a97337b69c4dd0f4d9fca7bf055b7d93018b4c2e39b9691027b354b23d94e061516a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f105a26e1f3e04297550c7a60d7d4523

SHA1
37b4526173142929429df00a5d2b34d9c1f65661

SHA256
34f216e569961101888d0315f7a80deb29614d2081bbcd2a857eea9c50ef2546

SHA512
7f8cdf7f80f9ea5e38c5501655bbb0701a793ceacec2c2c010eee08f6fccbcccf862f6fd4516ddca08323af336922bfa17d3e22f7fee03e0e2c57be948136377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
3b92ceeafa8a265b2e46a184ec9c6726

SHA1
71bca683d7da9caceb9b0209ea287d9db86a9b0d

SHA256
9862c5fb2212aec198040fb18d6d79f8ebf74f97bacafdf89d702e3186956dd0

SHA512
f8bf18528d6b8f2da08b0a429f2c8926b822b03484124f39bbe472ba1f16a887dbcbac3eaebb2a008783d24e6036c79b269e5bfc2fa9b0f915e3249a50519f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ef7490535d75276c7881ed3307ebd61f

SHA1
01eb039751d4561293cb92da9d92b345b8210109

SHA256
b3934c0a6e4bdf5d7fb442e2b54b48a3eb6bdb4ec499e488dfc0fa77c3265198

SHA512
523012c3ad8d7e2154ffbc0888c279585cc94a3a403f26dc6ba34683df0c624639e3928142773e9995ab29968ba29a9a002e2aa904a1b7926791757300f7361e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
64843f3f363f694e5c277f7b07dd7c93

SHA1
ed0027827f19e711e596adfebd0eb72cf870f52f

SHA256
ddbd394f4629c92f73919e684e27e1eaa3fbbba0a94eb8c1129b0867aa58ec6a

SHA512
78e64f5fd8f216459c5eedb36f8b56660ed93a625d6f9c6cf48602741706e1d5f56a827baa6daef3a826862cb87edc23b9f7bb7a5ecf8ebbfc3f1cf51c87e39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
902B

MD5
204f62a07123bdcda1f51216e63d6e51

SHA1
56308a938453f9a4644122fe2dcfc8d3fe1ee9cf

SHA256
9be5dfbeac5f15c482042acaff296e4d3339985830dd193c3fcf1095b1b216e4

SHA512
9306b75e57204422adf80ab60eb2e74b390eef985c1a429f391d8f36dd5d5b203f77948ed85426b5fe2b7b42feb72505b25f5144bedc703cbc6cfb56128b349f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
e340916d5e2d9e81bc5aab9aa9e1e497

SHA1
d109ff2770542754cafe968e1dc0bbb3b552ea0c

SHA256
500207275ac80dfc7dcaa7e6627e13770c29d8ad1dbfb97473b42540c121804c

SHA512
ae791ff8ce2547ca8bd05ae749fd05a17c8c68af2952f2d63c3de0f733eee2f44e816b934064fdc42601a1d865c1834ba1d986a91ec40d7cdeb01e64c5c97c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
24c603eedcdc8fcea925f717004801cb

SHA1
0199564bf7bae29d1c66b7b9e24b3cdced0c8f8a

SHA256
ea1866b6b33c81fe024333da6673d6c6cf5dbafe8978106d335a8e68b9da5c3a

SHA512
0f32618d5e15aab73242c07dabecd06ac952d7b5caa3d2a0fe2f52fa6c080c6de4af505c7552424f09a6b8add2a056fe9e5fec7a5387294e22ef574fa2ebb16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
6463b3f0ddb09585db48017f49bf5f67

SHA1
2c64ae2d84ba0e976a8e89125bd53a815113cf3c

SHA256
a31dd1b8d56d7bd031942a72bee8f3d6bed882073da0971e91f2619263df6c80

SHA512
e5f24650d04cb4d74b9e255e1763159d7a7140278331894dafe3186be5e2c4e8a2d34ddd180a020f943cab0fc3c7d0464254e4c72f8b60b968ae274d3168f21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
1306f8d2148f19fc41ae2cf2d1433bb9

SHA1
f0c6211fa24047a2299697f703515ba7f3111e0e

SHA256
cc09d22436dfd4344c4a4a73d242b1b71079ce54a1235e38c9cdd309838be76b

SHA512
654344c185f7f468c264e42ddca26d2179c430b8dc56746861baad6e625efd59fc6e6240adf83f179488b342bfdda10a86bdd0c9a38d219bca86270780da6f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit