4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

02/04/2025, 22:36

250402-2h95esxpz5 3

30/03/2025, 19:46

29/03/2025, 19:55

29/03/2025, 19:55

29/03/2025, 18:18

29/03/2025, 10:24

29/03/2025, 00:19

Analysis

max time kernel
870s
max time network
876s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/bin/Monaco/index.html
Size

164KB
MD5

001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
SHA1

982a05814546017c40771e59e7677b53d84787e9
SHA256

f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
SHA512

9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
SSDEEP

3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3736	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	raw.githubusercontent.com
22	raw.githubusercontent.com
15	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-notification-shared\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_754689713\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1296161540\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_754689713\product_page.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-hub\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-notification\el\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1019659104\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\manifest.webapp.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1832506582\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-notification\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-notification-shared\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-notification-shared\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\bnpl_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_754689713\shoppingfre.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-shared-components\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\Wallet-Checkout\load-ec-deps.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1832506582\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\Notification\notification_fast.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\wallet-webui-792.b1180305c186d50631a2.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_89734771\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_729110530\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_540262941\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\Filtering Rules-AA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-shared-components\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\wallet\README.md	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\wallet\wallet-checkout\merchant-site-info.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-ec\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-shared-components\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3736_622183676\_locales\de\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877183560704884"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{85C5E12F-FE67-428C-8209-A1F3236C1455}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5668	msedge.exe
5668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 1708	3736	msedge.exe	85
PID 3736 wrote to memory of 1708	3736	msedge.exe	85
PID 3736 wrote to memory of 4948	3736	msedge.exe	87
PID 3736 wrote to memory of 4948	3736	msedge.exe	87
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5644	3736	msedge.exe	88
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89
PID 3736 wrote to memory of 5972	3736	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\bin\Monaco\index.html
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffe32a0f208,0x7ffe32a0f214,0x7ffe32a0f220
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2196,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3392,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4784,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4964,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6348,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1036,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4552,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5016,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1320,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,6279338047615042157,6349973524853614816,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1008027212\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1019659104\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1212202902\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1247406851\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1263704134\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1296161540\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1408964629\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1408964629\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_1554411916\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_342586681\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_403737696\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_540262941\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_651940\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_729110530\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_729110530\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_754689713\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3736_89734771\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Filesize
1.1MB

MD5
2305bb457dc88d529e00f3108cf420b4

SHA1
ffc8ac85ddd1c8f4aea3b7fbe212035f996754be

SHA256
ddcffed76ba7cf1c1e7c1a71d633ee6f135d95961deceb2160837b6fa19c0318

SHA512
b9d5f16101a45d37d72d0f181380e2ee793ce5c5afeb2020e7211a82ca5916dea208aefb6c8fae342f460335fadbf00dc60e98bafb1a916017169a8267438319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
0ac9d5827611d7c303ce95c35b54d738

SHA1
afc0dc8ad53bfe57b6e9622411d7c97b8b7a86ef

SHA256
75ce82b1c835428e8da23c89d11839fab04e28e5eb0ccd6f5abb957811de9e89

SHA512
5c031cc1a95b67c54a3355ceaa9f3e2dd5927d1ac84714ae68c9d13c36829875f50fde9dbdd7628dc4d37a1ce300c6f333835a2e0b8ba8fde62d58673d00af31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
e5af75206feaf7c129758278f510ce23

SHA1
e4540f79260380c3af1d17076702b03096a50067

SHA256
cf6785a79e2fe5a1ff6dfe6893fa311e04f436246109fc70b58a809d77fe9005

SHA512
75f2f1135a9c9255994cf7ebcedb06a446e29d565bf3abddc67ddf4597d43f6bccf7ae0c03bdf0453cf25827ae4e39e9f3fef3abae4a1a18dcab3c9d64472eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
268B

MD5
1739aa779aec0ddb3c520692f39ccb77

SHA1
60a5aa79541f9ca7d3150a6a54faf7c8b7ce8900

SHA256
1c0cd5858b2fe9c93c0d6dfb221a3b8c9adde6ac97d7545a66d767d1bd86f0b0

SHA512
2b460b43f83c48eba93860a6e872b862a41215cfa33d8000e426e4627d443b9e244c546be728cdb9f88dc8b1d7a7a961edc7f7f9b711a87cf1f6ca5b543ce664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
151B

MD5
8f8a08d7b623908ec2b0250c18cbaca6

SHA1
7cd9ccadaae674db3f7c2bba535585c9473f424f

SHA256
29c4b8911259740f299201fe2cf74d856f2c2c3bb6825b62e862060574e23378

SHA512
ed9c306883921945bcc046ec9bbc120d2cd4be0859c0be6ad8e385b7b60f1aaf83ed91f92ec6cdff1cf0a4d15415406bf20ec75c56116f348f4caed1bb9c7e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7ef6e7467ae33b793893acffe1876b5b

SHA1
ff7be62f48164ca3f114e37ec27ff3cd1e74ddb9

SHA256
be42b4328c88dcbba27155bdfe185b009d9a37ca0fe36c7454d142c195150d3a

SHA512
38bb34cc09a1e15aeab9b9bf2448238bdc7a39dfc74591d651ecd9a929ec2909597ec7293d716f85474b9732a45f85fc59b37dc7987f3482ecc5a069d5099554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
46376d8bd2e33a229cb2e429b6881945

SHA1
81872df5ce9dc35871f4e733562d80c84eb47480

SHA256
04e77d33cbb7d9eacfb3fbfafd7a7876c6c1823501dc8e9477aa1825c66f7d28

SHA512
91b71b7f51f23620880569465fec67eca9202c1038c5e0240fb31cb36c895e7990965207d3677088bedc234c22f4e85db7f0046761fcea4d06300a79b41cf236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2373eb256436daa77c80c47f067f584c

SHA1
ad3a24b713b04552323e38fa235732655fc73c98

SHA256
7fe9c8ba84f4e2f395ac7dcd3b02fbd2525901f0d32b029a036baf8688eabc0a

SHA512
3bf1543aa83ea463c8a14e46301bb7b8b08acbdbea02866dea408424036c955a75f920d1fce12abc1f539604ad2f67d17b4f8e5a7ccfe361a5ab5af6c5979f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
140a0b2786c1b245f7205737be335b33

SHA1
218e455c77149324cebdc905b602976a6df15904

SHA256
c56e6604921bda55447fd3771bac958db08917db0794d524f15e65ae1347ff08

SHA512
0b22fc0da6199d11bdb87e993555d06e08099124e66bff0dc8eac13626fc4e476bc9ba946a61bcdc0234c83fdd795deb7b93940b5c0c45f0ccff1ef72535b741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
992b6f4642874d872a88947750098fa9

SHA1
fe8c76d3f0dc9e61d500fc85eced646689856aba

SHA256
a697223ff6ddbf12933e2f677674c2f1f70495ebba9d2a4ee9912d2555358935

SHA512
a79fbd669c4164117cefea4dc73fa95d0869de6480699e20732906eb28931488bd496d6856ccf66fc9a5de151df42cfb7facad885ae7088d413bd576116e2487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
865b78c5c7f5c337c3a2f88351b8ff4e

SHA1
0b9221f4d9439bcb7ea67d1fb97a326f47dd2557

SHA256
e6b40f51eae3e1cc3ccb14767eab2fb65785824e3aacee422adb34d87fef8d3a

SHA512
02630fb52c6bbd53b75eb6ca686a92de66eb4a3f7ec504174a1163506d5ae303403e0eeee9dc85e15e9777fd37a080fecccbabe54111bab02967b16dd862e2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
9613d9c259ef57c1b9dc5c3c1057c59c

SHA1
95dc567d08a9510692f9a7c91973a62a6d4e5874

SHA256
aa68f90300936a188e0668f7df556bc278e930a2d13d05fc56136ea2203c34d2

SHA512
80181743162ca0e4d6936c99410bc87be405bdd675b09439ef0cb168301bb295c305cb024deb2c895bfa2679224b923edf4cd344c58be244fe685076060ac0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
1KB

MD5
0df59f0f74961f2ceabefdbad4b5d45b

SHA1
70c27ff01327b6d0f320373f6e8fc8f0d0ed9395

SHA256
83b83fb1ba0049c9e7abebef8c09e48597af76b4a2a23427a49bbc98e5e196d8

SHA512
4385aed2ae06187502271874d8d0d53f314268e4364da2f02035be72d5e20932980ff29beda7d7b10c0656b998b5c1be3753cad0799451d4bab7eaf3b12976ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index~RFe5bcd5f.TMP

Filesize
1KB

MD5
f663259ff39f29a9e4318b2c856c5273

SHA1
ed48e6e4c6fc6c5de22deec72cd8d966ffb56203

SHA256
4c58856afc5364fdf405d3a419a02bb02150b3ce038fe66569165c4fce626e5b

SHA512
ff8e53f8a69c3375442b520b4a2d68f5876cdb10fe83724817f67e2a9787e6703909123481cd7f38f19ca2e2a3186bffed2e2d7dde9f3a4724832e05320e116a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
b6cb92301af568fe247c393db89175e1

SHA1
1e933a69b154eca017f4c2f5d181153dc5c0c3f9

SHA256
f60d577f28e8d7ab1ba4b2e036f6b68c70d665e2872ef473ad5db5960410bd21

SHA512
87b363556bd2eeabc72d179610ef0fb9abd101ee1f14b457416912dbd67c1883385ce7634acfe972d1bdf0f70839358b9ba2a3e5106207428baa694502ffe6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
684fe16d47423f61acd358f32cdb3a49

SHA1
26897ccea388596e1b810dea4b7bbed545f16dff

SHA256
02b29cd129d8f18586d980852a6ed2ebe6b194807929b0554a0f4c8b2eb56ce1

SHA512
ee9c851377865ac88a25b49df7c5f03a6196bee79f980fb8903aba15e3ddd1b6ac9fc3f9da684207c35dc0461d60076712f59d214f829bb725cf05eb9235efaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
13ad17d87b0627e9ed15c71621294743

SHA1
dbaa051cb7200221dfb102bdceb89c58d533b6f6

SHA256
4af8d8aaa4f5e1eb505fe3f91f280c90239b7a62961d4d970fa5b343e887e6cf

SHA512
93e55ac2c04fbfe1799bfc7cf72cfa918604d8e3e37eab7c764d0c1d9f3e5a2022eb7e1d277f3e91c83f06143a52aae5f6fb2d0e862abdebf473e6b49e1f9fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
4e897812cecc68df9301d68f2cd0a885

SHA1
44c31eeb5c4970b8a1599805bda1cad74d86dc9d

SHA256
2b2bbb9f45b6460e16dee34260cbb0834357f3fc7cacd24c75289e5075572b22

SHA512
fc2549174fccb5885d3d413e31a8471b901cb0b6d91a7740209fb9f922d0857fa60d9559695c6ab47978a48ed6eac83dbf8be697ca0dba3cd112a582ffe5fdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
1f8953c878705a22fbbafaf0ac4c7eb6

SHA1
20ea428675bf949e9e97536fcd7a8b3874efa55a

SHA256
cc305210db2656314e3f3e53c3f1d35377b7243f02de6e997e211e05099918a0

SHA512
fc47b188f2da3634d2414a16d60d3650a3fc937766fda8a628e70f06517d7c0297eba3e6889c87ed729c88df4f3adbd2eefbda93cbcaece882b689fbd5a71c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
2c67ce5bc1f41f9568cfd45734d244e2

SHA1
7151356bdf281b7f7b0ce96aefd677cfb6a324f0

SHA256
dbcb55acf45baeb4b57cbe4f752062bf25f9998c469ce6d41c07c95fd219847e

SHA512
caef1818600db912cab505370f3a16a8fa83549747309d4a53b507b1e3bdce18b7a89eedd9cda175b4420531f439de435ca80890f95f79acd5f4f19f65d58d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
81d14ee83b979100a6c0fc33c85f25fc

SHA1
f94df793ced2988b94a5fbf3ca205d48b03104d1

SHA256
602f764c5f70fc18eb9ebb0a7f6788f73283b06c5284f7dc6677f0a833eba116

SHA512
25725ad1238f19d5b48fe70d53dbe209c8c0326d1fe0e1e6c2fc0a9abe62949151b4f9769da56dc84ba773ac8c3d8ec4ae4fd7f90157249e00df05c058308f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e86289f5c01547b24119d721dbbc115f

SHA1
3d02e59097ed6cb6fc9f0bfb0fd6094de46c00b9

SHA256
0bd9e8e16ea3883ba80e11967707d10efbc7c1d6efbbfa09873429d0e5d6cee6

SHA512
7a47bb4ba2aeaf4ee00b546213de6ece97737146740032b1f0deeba476667eb4a5605ad839fed4e07d17f4fffaacabfef4d050d624be7d7f4956d1971d30abb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
41f8f1724abb136bcb8483bedd10741b

SHA1
6553ed76558a10c3adcb0120e2c1db563babefc4

SHA256
26a2a2cfc87906b660ec98c31f5e17c3277ee275e84f17411160e64ddabdd3b3

SHA512
4ea41cfba19887a487c7604ac6ca4dba9e6510c16c5316b72688f689ad2e74b39ed6c54f249746e29623a012bf862d95e6ed65971c593c5ec8b1026a6ab8afd8

Download Submit