hxxp://drive[.]google[.]com/file/d/11G7JdJ_Y26kuXfQgbVTF5Nkx-ZbjUoUl/view

Analysis

max time kernel
284s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/file/d/11G7JdJ_Y26kuXfQgbVTF5Nkx-ZbjUoUl/view

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5168	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
20	drive.google.com
21	drive.google.com
26	drive.google.com
8	drive.google.com
9	drive.google.com
10	drive.google.com
11	drive.google.com
15	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_368894709\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1793132981\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_770152483\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_292322196\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_368894709\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_2105742728\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_368894709\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_770152483\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_770152483\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_770152483\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1421143619\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_336080026\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_2105742728\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1951443185\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879279693760817"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{BE06C683-8D8D-4F44-AAB1-ED6169A5095E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6072	msedge.exe
6072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5168 wrote to memory of 1764	5168	msedge.exe	86
PID 5168 wrote to memory of 1764	5168	msedge.exe	86
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 2600	5168	msedge.exe	88
PID 5168 wrote to memory of 2600	5168	msedge.exe	88
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5868	5168	msedge.exe	87
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89
PID 5168 wrote to memory of 5624	5168	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://drive.google.com/file/d/11G7JdJ_Y26kuXfQgbVTF5Nkx-ZbjUoUl/view
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7fff0d64f208,0x7fff0d64f214,0x7fff0d64f220
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4796,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5124,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3908,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5860,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6708,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4256,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2880,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=752,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6852,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6796,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2864,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1304,i,4298467449044476848,11780106139433879045,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1421143619\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1421143619\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1793132981\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_1951443185\manifest.json

Filesize
118B

MD5
cd1d4274760a18d1f06020875ed4e124

SHA1
ea252982d53eee1c8836745044006608f0bc3da6

SHA256
5ea4457e970f9096c4a5b204324e33cd6dd51aba345ee3d0e9da0a4220409c27

SHA512
aaff1c564bb6e949e272c7df4a64f775e369c8a49511297992892e15092be6f83ce84a28afd6360dd6d76c9a503d452bcd8904f947c975b32e7f695a6818bfbc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_2105742728\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_292322196\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_368894709\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_770152483\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5168_919810318\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Filesize
1.1MB

MD5
8b3ead3625e314b99af4bcfecb8eecfe

SHA1
0c7e20b1e2d7e64e796d1175db0bbf95780a4361

SHA256
45be978494ceecde94631603b22d115346047dadf39639299f19148848f0304a

SHA512
edc31eb0a88754cd87c02b7bc59f46d87fa9a8cd5d13a61699509e7327867e4975c6ca0db459fd20a75bb15b9b1ddd8ea80430013f06f8c23b6c8fdaf0bf1045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
141f75d130e95c54dac5e42960c4c0f0

SHA1
f388bab84b9cde3eb88d604c46a6deb61e58d3da

SHA256
1b49dbb201fc8518c7becfb2535948d2958ba2a3892b9d54aee635a7323f3faf

SHA512
971e6779b457d57ae527dcb7cfb509058ac320658880dc0e9a53b3cb96ae73a379bf72064fe27345e340c5ac9594f61b9445f88feb984ae02b3fe1ef87c83203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
151B

MD5
1359cb974c4242e6781cbda508ff6539

SHA1
b1d48bc3456287eb3b75db548c41fd84d662581e

SHA256
6812ba684ca6777303ae1aa2af87dac42c134cbc42c7a0bac57485ceb8672b54

SHA512
92b743c80f74bde65b440e00884c8e13991e4105b4b9d5f007f6bb612404bc2690b035b57dc07590cf6a292bae69c3d7dd823a0efd0ed485c7ff91cfc837a7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8eaf4a0063257cbcfb82079cbd0343d6

SHA1
b2f06ad889c6b47f8d770335dcb71fd0295335f6

SHA256
4a6e451bb11f82580660f56a22566e4ba90099f02299d0cc480bd7babbd46249

SHA512
7214f8ca32e58e50db9d0ced66a78d005343ae9c474acdd621fb1418a609f91a39965795f70c2df66bbc2e090789b77806a004e819859d6646d9830712c75615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b323.TMP

Filesize
3KB

MD5
f94fd1ce64374d207a6cf81fc6a940ea

SHA1
6b9235a0d8cf0f982e9d878c6ecc0c3e2c7012c3

SHA256
46b7f2e42cbc52bb1a2d52b6c285f14c32c0aedf3f668a624f47656f97cd2ac3

SHA512
9f93d7f82c885a679eb45ff91d9f98290c855177f4a364d93cc2ae0d396adea8b9c1c4667c2e8ae11177810e9426490267ab0dc0202f714b2139775243f9334a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
aa586149e174cd04bfe94ab7137cfa60

SHA1
b024269f9c327a69858216db5d0e60295411df42

SHA256
d89b60d854464735b236163217db20e7099f1be6bcd1c5bab13d2ae409976c9d

SHA512
51e5b022ce785fc60e3b57c7f39308e91ee788444ba55a91fe165647f80efb4fad52520d53b7f2b24fbc5d5f7ef53b4a3e9e5cb7662ecebb1d7f8f9c9fae1b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3e50525ae767f860457d8ccac0992b60

SHA1
8fd102e64004772c535b922ed426a9e0fe257936

SHA256
afd5595e0c170f6170a779e276024bb6a1713652061f248bf58b0328035a04ba

SHA512
31a5f10b729f917741e97441634a9dc307460dc0ddb4d83c645c51cace5d492797ab8deaffc453c7429c0528e156e6cf710077e51a3362a664f0984ca09de48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
05f37ee606ba7f21796ded3a9b36b6f5

SHA1
6361c5393938380927d27ea9055c7da0f175a22f

SHA256
8804a69f9b5ab3f1acd778f87caef9bfe2798e386905e7a27c53de632d80f3e3

SHA512
f38772d8a8789e98bf0c6cf17249bd4233f81a43340d2c54b1dfa6c3d82cb849e8f6b2ebca9661df82f318d0b6e923b3119354cf7982de87d4f156510f7ec936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c331ff693bd96cf61d74159ca5a20e67

SHA1
ded44058341698dbe0d05dc1270a31f5930dffa0

SHA256
e5da8c04f86c4db028330305ba18822bbbe862f6beeec11153d1b37f93e6f7d6

SHA512
abb6c33105aea084db1cfbbd511a7c40b9e4746763f690ad19034e1d038acf6e4974ba1185dcb25484a92f7188766c5f073dca20d92e4a99b83fbe85c3a010aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3ac7365454c1c4b7c82ba3c1f20071c6

SHA1
1aae0b09c75cb64e8f49da0806c8a83c4fcadb58

SHA256
072a7c575352f64f98d49159479d5f9620a1bc672e03503a30a5da1503bdd4f3

SHA512
8a1e1414b15aa9cf6fc70641b4bc0a7715da9d10c9de3125d7b827805ecb35c3f62118d2923b1a58d21546c4deff7e46f0d05e22cc187db882fd1d5e2dc6aa44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
176414b941878bac5826d9d386d7af51

SHA1
fa3a1b805b0f84faad6ee61618185af30a7b760a

SHA256
3b3ccb19c6ed4b1a529eb8b7245acbbbf781f7baeb9cded9aba06f04a76771d6

SHA512
d47d3f8b420d7f0ab693ca0f16bf2f8933b7750edececf65da6fed45da1770fb51c5a67e18e9547c5d9f918e096cd78c0e8c50b5591fd6b06f5be9b488f51a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a46668005895c80c5738ac1b509188fe

SHA1
cc73c6cc9a85934ed6f3129e3b789533c4814a56

SHA256
29796296d71f54c6732f7517aea6f7b571ac32e4b38c665868b3343358a633b8

SHA512
66bb1f808dbfc4d919cab8bc4b3819898785029932907ac141375557c9ba0a50b910d3a6de7fd7ad3cccaea8b61123ac25ed4581d123f49962805da864732446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a6cb7c0b745da931c6efb7b2a276e06c

SHA1
b7eb461e6ee336679860d9afa2296684a781725d

SHA256
64a463036f4dff6e02aa259fd22e506271cdcbe6d524d44866fbd8c86469ef63

SHA512
4bfc8649fc7df6a1c8e2adc7a9365081d98ff242880ec8ad598fcbd5894c0a868b298fbdbe6ce9fe21f5c959274ddb86f904b1a678e32257021aae35f037e24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579b75.TMP

Filesize
72B

MD5
5c571c3bda8dbc43629fe30dc115664b

SHA1
ff983984632c4f719ae127d674c9fb9b6e6ef882

SHA256
c5a613e10ecc13e20ff015135dd5d41bdd8693d60a24ced37a7382685ff308f7

SHA512
af0066ad7c9970e7a70a696bf91082928b0d1485857822b7e19ad2a0db2c4cef866c8af3545d94a69701c26e21f7d99886cbaa4ef7bcb8a2eed6e0a4cd81e02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
7ddd0645b3e14977952c76665aea1fa9

SHA1
b05dba4fd2263be8c36a5f882237a1b5f88a6dcc

SHA256
9ffadb6972116eb78c6556e55a1554b407fbfc13b29f7336ebfe61da1d2f495c

SHA512
4bb3679dc532e8f6de62a538a586e7d4dec78f0cbba9ef77c80ee6ec0bacbf99066eb25f5eb3a12ef61c22096558e0d108d23123b4b70db4d005c4680dfa4f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
b4f7b5c86c053fd460f895f8d1cfc6d0

SHA1
be3bd3bad8176c2162aab89b6e590f4ef600c50f

SHA256
fdd906a311d9f373d9167eb3e8d1fae13f369ca0032bf43197907f0f480ce32f

SHA512
37d967bbbe051b0580744d666cd6a9c8a4b3fb23d2dd68595533909472bf1795e693651d569a3f7b1bcff6e7169087a14fdf94c2b158ff7d18a874c80e031658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
f139b3c9e0b6961f05b3af00a482e6fb

SHA1
0e1e85eab65317501ac4f08384f016933d6d75b9

SHA256
1c318f9ba171e88a8fe991054ae7c55a994552d62e02a0f3a30bffc4f6140874

SHA512
398c910cee70640e580f134d49275cefd888c58b60e18427626245fe441a74bb6d727f0299d11728b9e115f91f28a2eea2046d9fd9cbdb067c59676304980bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
039012bd00dacad2639bcc3bb02c9456

SHA1
2884171f83dde5f7440755b2ebb3e7ed701ef17d

SHA256
be34e35df0ed5fdc70f02ee357ed1d173a183a568f19223d56248d7832f68efb

SHA512
1a1722adce430af1bdaf96e1b2d41dd7f9cfa2614c9c717dbc0057283b011fca3bb0fe553eabce26962ccabd1043903f657fe88fe64902ee6ae043a6d38d6ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
368d469c67abf32dd149c9bfb8d22492

SHA1
9062f65bde52741ab8ec5dff61c3c2da46ed3e60

SHA256
f25e26e6319bf23b72f6414b3f6c198c0364b56094b468d2048df7375ac7e82e

SHA512
417532009d4bb77fe56ed9197e9a18e95539d2ae5d0777c38762e2590c868b3362de426f3768f885501355fc268034372c0e5f9150b9cfc16ea61a9ae98334b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
b5a20efe0922f79a4d50ad61cb000cea

SHA1
9515b25bf7cb13b6dd846a894f8771502a258316

SHA256
af9625e857ca5725f72eacbc8da7b686339bf6174f6fdcf7358bfda78b15d4b3

SHA512
5b71a7e0b04be12cbc44cd87fca3412831de44958848758565a07ffce237486f572e421133959f0856a58add2b57afa050000012b53721ac3ee3d3ae17c939cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bc90efc60b3ac2d5d711d3116176cf1b

SHA1
7abfe8c3d61c51628388f164034241f267c69b68

SHA256
dcb666cdd3753bb1754960d41ac2d6a33dddbfdd9f1abb855f3a7a73740d783a

SHA512
5d3837ad1190f3342422c13fb5103ccd48f15e6c784deb39061417055828d3b473db7cf9c44fe92beff95a55a167470f5bfccbf883a46036fc1aea2f4bea2ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.31.1\typosquatting_list.pb

Filesize
628KB

MD5
c900ffe1b28b9a4314051c8511e6877b

SHA1
72a51a35e83ea5b3258a820b0a2b51e49e06a17f

SHA256
cfb1eb35033af3f46053a42f4fbf4756e7e64fb6fd2b66a14ba9e5215262421d

SHA512
b9598a8fe3d9d3ce2f614b3a5074d60edf3c96b5b4139325c33fe08f05e395934b1c14704cf3e51eb8bf9a4e4d1a54f9144710b18fcde0d5d763a31c27c3d598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4f0d510a40176673c1a434fdbc62553f

SHA1
be84c11d9caa836a71cb9d30c67d3a1f2c79107c

SHA256
1b339d84b7d586e53477a26ddc5051f69210d3d7365bc3307e63b80f4aa81537

SHA512
8f5b167e800ff8b2a955c81b78d4dc2dce0244e7e73a7adfdec7308f4e29518de1c902565620e0ef73329721ce61125af20da1c121a5013bacf82d4e762c5483

Download Submit