hxxps://pub-9fc83eebce874384b76d4554a7f46528[.]r2[.]dev/adobe_redirect[.]html

Analysis

max time kernel
595s
max time network
494s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub-9fc83eebce874384b76d4554a7f46528.r2.dev/adobe_redirect.html

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_447871552\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1049216316\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification-shared\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1004006791\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1004006791\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1049216316\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-shared-components\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-shared-components\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-mobile-hub\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\wallet\wallet-stable.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\wallet\wallet-tokenization-config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Notification\notification.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Wallet-Checkout\load-ec-deps.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_447871552\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1049216316\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\wallet-webui-227.bb2c3c84778e2589775f.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\wallet_checkout_autofill_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1049216316\Filtering Rules	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\hu\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification-shared\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1039101682\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-ec\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Notification\notification_fast.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-mobile-hub\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-mobile-hub\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-mobile-hub\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\wallet\README.md	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1143237960\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1610117314\shopping.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-ec\pl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-hub\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-notification-shared\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-tokenized-card\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4132_2107918855\_locales\hu\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876634993011805"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{08213254-DE78-4E9F-A9D2-AD6EE3B57A0A}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 4824	4132	msedge.exe	87
PID 4132 wrote to memory of 4824	4132	msedge.exe	87
PID 4132 wrote to memory of 2600	4132	msedge.exe	88
PID 4132 wrote to memory of 2600	4132	msedge.exe	88
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 1208	4132	msedge.exe	89
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90
PID 4132 wrote to memory of 5028	4132	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pub-9fc83eebce874384b76d4554a7f46528.r2.dev/adobe_redirect.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff9e194f208,0x7ff9e194f214,0x7ff9e194f220
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1760,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2580,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5012,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5988,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3008,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5176,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=768,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3772,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,5624352964521123798,3483938098285513161,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1004006791\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1029733398\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1039101682\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1039101682\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1049216316\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1143237960\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1389822521\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1573391384\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1610117314\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_447871552\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4132_447871552\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
23abcff2fb0063fe87cf33121c01781e

SHA1
aa85f90c26ecb1974ebcbeac5d38808404de094e

SHA256
7965aaa0f6774c0460fc77c928cf634744f7ba1e757c5f0ae26f094986fd4140

SHA512
b6380741627f302cc85dd556d541d898a40783ffe902e7df0437eab6fdb0dc95eaa8c41605deafd941bd72bfa441c7e19aefe437f577e814ed2dd2403347748d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
9fd65954f1e63a2007ac2fef5e8a04ca

SHA1
1f6e7d40925bcaa30a24619e8c215f98d1ce7a6c

SHA256
301d06da0b4fccbfe7818dc7d184a157110cc3efdad4fa5c5a448161656b65f6

SHA512
ca0deedc44714febece33637dfb3eee08a9b5ff273d3583d65eac37ac72bd8f384af7c9012666dcb7521fd340a1617b3b3bd17d8480116b1f0c9f92eaa8a7930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
a27f5fd95f297a5d8d1bd13ac51c237b

SHA1
dc639ffad062758d89da57d744de562702b76a86

SHA256
80b2015a9ecaf31154cec52174922f0dbbecd580d9105dd553975a5a27b033cf

SHA512
23c0e155a187bfc2ebd5a3ac91f0e33cb8e3491b0fb23663f9049165ed60050d67bfebcc27cced7a6fca68f1224c9e5d91de3d0d0597f999c4bc47643cd52f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f04f75cf6cbc1d1ffb040595f9d821d2

SHA1
cef46e700670c456be105f94ed0450b2c62794c7

SHA256
a224e4e68332afedc517ed12cbeacce25479086bbec45c306b83187545438e25

SHA512
a56fc53d94e74f1f611a92e20d82facb68124632e150ae82043c8e1dd05ca7042924470573cb548887a74c0d6d0823f1bd4d8269b557dcdde7f45211534f65c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c3ad8451d18a9a2000d94dca98e3a6f9

SHA1
ffe91bc74c311f1f5326e7ea032d47027042f98f

SHA256
f444929fbcda8c9de6a0895e5fb03dbed4ca69c119ea34ff580089fa5afdc322

SHA512
7305ede39ff7e08720c24027e78ae371b8515635fed576dca00dabba83119a3a9ff457965940e112ca0045d96d69f379f3c74cfab866d11d6dfdb69bf98a3878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
45ac2a7cddc9a4326278281ec04e1aa4

SHA1
dbf3633331962f345fd28f435d6bad29482d8bcc

SHA256
8597f5395a79279f4b44cf30110034d920ae5c057151bea38cb1a7984aa27e70

SHA512
049644826d192aeb2252ba0e7100dd3188b8aab03f0bd219274748966b1f873a4ea564ef58ef250bd1b2ce30f789f57f3cbc46822c8eb77e3420eed5488e5e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
209187bcae328ac25eb5a26f5b2f84ce

SHA1
821076f4425a02333e0de721b4581bc9de1a2138

SHA256
f17186f599a9a95d9f07d2e602854eb322eb53784e5634ee40b1e50da4eb62f2

SHA512
089defa698e1f80418a6ba2a81ce4d8f2edf4328963649cfbced843af654704c9df7e3db996fb248c56c0d294da9b76c6baccdadeb63488dcb8dcd3e73898598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c9c81ea27c078a7f971b03caf1cbbcc4

SHA1
976509e7a3b980c1e709c839dbb3007696195ecc

SHA256
6c30ac570d61ae8dbed3c56ba59c3ae1edd30ffe83f37269ce1bd0b845f3a23d

SHA512
4a29d6d2032eb91d2d027ccb91c7c00517c95fd035de5630f055d3527de7414c6b6b79d3ed3243a18864012b187bcdb0c8d0b2fa785304cff75ea083f1028aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
8094bae011988761e061d35ee3b1c76f

SHA1
ddab7fb3d14ef638f62ebb97f8d2b2cf611c5668

SHA256
3e08dfe2044c45d7f030497009d217d6c9d15cf5a712f59c1b82de56e7763260

SHA512
d0afb1aae4f97542f3447d9e5185e6e2034b9fad4c7011cd8af41a3a226640b7dcc9ad60939d35d0c6faaf92f948cac1c929c12952128cfe4fa40ac71628b51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
8a737a0222b87f643b11eb87b7727daa

SHA1
aac4f9f1aae5d8400ea72dfaacf80504d0c1f41f

SHA256
536099b17cc708c1fd92af0ddd6d1b7654dde0c956f4fd2ecabb71aeeadc99ef

SHA512
1977795516adf4085aeb8594fed925c1f2fa832cff76f612248f5217777d647a595a1bd112f6169384e39c1779b6e0795b20fe7273c297e9a1a64297f5931f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe5c1842.TMP

Filesize
2KB

MD5
fefbf9f946911757f72afbbe46d4b8ce

SHA1
82c7fdd2e900e8c99ee0816cdb5a0f314d2d5797

SHA256
9b4f9f68ef089bad7a0adf5e119413727904fd606031c2403f673cdc6d69b64f

SHA512
cc5b2022566866e0a8a628d158ae4b43f50767ef31f891f35a3dc849a0e80c3fa5246f363e02f19f7fc7acfa18d808223eb83eb3d145186733ba6631ea19a587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
90d4c6a8ca08db4b1e8aecacb95a3b41

SHA1
7ec6a08ca04e057a2b0a0786ec7080f18a86e73e

SHA256
b9013eda5d664e7acf25d84bcf023afa870d6b2ec4e48609c5094051891eaef7

SHA512
1ac1423911c1b51a90f1e311a736b3451f2c5a6b6fc3c265011e1c1718dff3df0b945a250296df72748d86c41b94583f32d986afa633e47ca10ade2cf941a58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
f7316264c9b3bc08cf49d7b5f2e8795f

SHA1
83f8eead71d403986e4641e480a8be7483753996

SHA256
b3b88149cadaa5ba68a570f6c034e0faf50495349f5e3678dd7313abecc85860

SHA512
2cf20269cc43aa8e7189c68eecc2f1ab03eda02be724e811968e594409a242a62e658b48647f041f9c808362a27c663c884ade81159310db6a557f067975b802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
a4936783be4e0892517159a6c5905951

SHA1
e211274544205ddafe52e7bdced4834fc2ed0133

SHA256
c9b4fc550f3423de2bce576af028e34e197e16111c8a223133c74e48908f8f7f

SHA512
700fc60234f3a841483b4aee8b07f80c780fb511b7aecad83714973ee3b8ca27b95b5f865707a2c7f47664a61764f6a69fb4091202c6087db72f476ce4260636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
859563ba3ffe2d3139a02e293f682a5b

SHA1
8ceeb4e5bd79f5d5f13874191abd15d32c4f8efb

SHA256
f91ba784a33fe2a168deb0e32dd264b1ab3720c66e9c7121d464e39b33992b80

SHA512
d336bf9fd83300eb0b7400253909a3293692c700b4cbf26c1a6f961e93ec9b0bb8d0a6d0984feffea11f703cd9038a4b49d93deaf110db0074c78f71cec3b794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
2eaf85679be5f578ad544200040bb435

SHA1
6f400dea746a54c8d5a16caa2c8a4f001b2879c9

SHA256
899c5d077d8f614e565cba57fc2aab37128929b8121deab6910225d93b8ee0c7

SHA512
51e812aa3c95d7644fe0f11276158591b76cd4e83b9d4c1f351f22bbf38c269b28bd40b7bf3f37384a7708009aeea72e0043eeee9fdd9ddf3d1cdcc18653d378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\d45a4006-76c3-4210-9866-44a606ad1be3.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
c98c8919c46f0f449d259d2075003191

SHA1
8a5055cf733a2dfd6ea68b6cbb7751d95ef7a2f2

SHA256
927f6de8aefbf2b3fc52d76adc2060fa5527d9c6e4bf95da4e0fbeff6011da77

SHA512
f4da41ecb5eef3b6576b56bf1dbae654b3b3131d8e97d8848fe90c65ee8186baca5c9350556f5b381c89efc2aad2fc630c95e0f153f03c73081b4086a776fcd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
051b3a1e45cdfc4dbc4697515180bfc7

SHA1
2c901bf61481c4846f17720a46fd9003523f7d33

SHA256
0a267eb1c4bd2dce841566056db8ba23c3cf15cba9946eeb0875a6f0caa22718

SHA512
4ad06114c8e4314b1385ada74519f8159f10796e623e096d1ec8840cb13ccaef29cd61194bc1d18694825bda2879b55a31ce674d324925160460eb9ad97b4255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
94ad75d633cc224e248099a93f0e4da5

SHA1
ac91c0991156b67487401c21a6223043f92eb528

SHA256
71913fc9b41e59656eaae8d3e3ec0502ccaaafd09ec121baba7fe23be37de53f

SHA512
efe4871376f0cbb0267c90a82b672f90f1c795074f20e282c383b08219504a18483948bda1466238563b59b49ac2b92990903577aa2daa7c7662b84936d8c536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e42ee8e9005a06ce13cd3585d7395687

SHA1
b72ba8413cee8a2ba893f877a27727d6a1c9c43d

SHA256
4b7c9954985afca77094f308f04c46c4641adbea6d93196d8bdd13c54ba77376

SHA512
05743c3457ae627282a7a4b103d92b22959f22ed5c7f6cd6a65588464776fecb89802826bb211636f34e7dc7b39817bbe9c0d68890842224ebf76e0cc8e7ef97

Download Submit