hxxps://steamcommunity[.]com/linkfilter/e[.]vg/gift-952185

Resubmissions

15/04/2025, 22:34

250415-2hfktaxwft 5

15/04/2025, 22:31

250415-2fjjpaxwes 4

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2025, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/linkfilter/e.vg/gift-952185

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_2118468961\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_2118468961\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_2118468961\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\_metadata\verified_contents.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892299039960410"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{8727AF5E-1873-4E2E-BFAE-20F6DF6845E3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5964 wrote to memory of 5880	5964	msedge.exe	88
PID 5964 wrote to memory of 5880	5964	msedge.exe	88
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 4988	5964	msedge.exe	90
PID 5964 wrote to memory of 4988	5964	msedge.exe	90
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1440	5964	msedge.exe	89
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91
PID 5964 wrote to memory of 1756	5964	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/linkfilter/e.vg/gift-952185
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ff9e15cf208,0x7ff9e15cf214,0x7ff9e15cf220
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3424,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2356,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=868 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5376,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,13387364339930872874,13814357500761848095,262144 --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1596

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5964_1211855725\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5964_123756245\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5964_2118468961\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5964_2118468961\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5964_377407824\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
77449e98893b5fb2fe2249ffeaab3506

SHA1
a24606cbe553e0ea73d42982ce4c6fd360791e4e

SHA256
96fb85835a9f50dcb66c641ddeb32ea436ea7a4704e0fc4cf021bb2c7892751c

SHA512
3c4053eeb124a99543077fb9a3be9ac0f83f1106577178157211e1e985ea4f73ee98d6734b78fa461e4ccba8bab5340f438051a478b8dc2dc8226330070f916e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
80a6604147739be2b7acafc782c9dd63

SHA1
2030dbf7426042448f01e829a633edefa79bc8f8

SHA256
90d078bf8f4b9cc93c5c52c28f3234df1c42d63edd816de6530593a78aae6cae

SHA512
f04a24c6359697cc10758bbd7f0442f64871aabfda44519a47ab999591ed70855a69a947188d8e4efd6397767dd9742b71791ce468d4c96da39182563dfe3d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
113e5c20a2816fd0c7400f3611d389fc

SHA1
07e87e29656be482fe4252fb36964327bcd97776

SHA256
981a7ad2dfab0d0e16b9427ef2ca65f761a8699b02c2d35d7a275e9d7172c5e1

SHA512
ece731464ea1dec028ecb7762c3b46acd333393d31c69f3da3b61e9105dc195d84c04182c7a4045dc7249dd166dcd52e2b5cb7edf14b34708cc2555c1b4ad1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
708f1af51d82396ebb79a94bc67fb46d

SHA1
0ffa74e2946c29024b8dd4cf88d5b20a34c60570

SHA256
148f56f1d18aa9dbba1a87afd26aec27ac12d88f7f0ca27f75cac6ca05ed5666

SHA512
073a3f8b3c00166f8d2838fe0f6e8d451fefb7dd97616f9e3e209718f6e38245b5f40758229bb9ce9b2382dc73522c32f96f3a315fd0e54851b4044e8d8b9781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9ab25570ad8078d7c2a7680a961836af

SHA1
1bdd7753c36d65408943666a6390fef41f878e49

SHA256
81ba6638c028da1f4e72662a7d4876182bf1b2e1154db01dc63272101cf78065

SHA512
07182ddec385ec1c1909255df3b92e68a1b691557bb65525edd415ec6eea6dad4c4885fd1284cac7fe89017c775310d0a23e98102a8c7fd7ece9fbcb77edddf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
2b11e1c2969c9d91dc59590847a2fa48

SHA1
32e6b0db01ebb56c16b6c59b728c7bede227ce94

SHA256
b1d12bfe90a0c9fe3496781527a350613cad5d52f522396c6d4284d11db0299c

SHA512
08dbaba6530780eb0b398178d347a6650fd3c2b2470f697438f85a88b7ae2a3811eb574c612de917847c7dffeacd2f0ba3b973412583d3c1ff7a306ae74831cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
79d8f6d51d46f5df438d5277adf2c00c

SHA1
078e9541aa848259ad0b6fbbbe42d69674bd0fb4

SHA256
2b42b764d1dc3a12ffc660bb5a99256615673472fd361a86a27db1d2745933f9

SHA512
bb88390845f128fbf3c991ec84764af8685401db3dade19eb38b4d0ca4ae62515fdf64bab63892416290ff7108b0a4c8b694cfc6afbeabb61f64898275ee8cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
683f6cbf001843ed8911e73b2633846b

SHA1
13f421721416c823504666cfee23432f5c8eb16f

SHA256
85464be2d6b8c78d75513ed632046a0354f0424d1167c12170cc463f6a800381

SHA512
78b0aff16c7ed4ca8e48c333f2354562e288cc4eac841da5f7affce006901906c85a5b08e60c74993d0fa701c44b698f24a36869fb6225f4b0122d950de53630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
d54ab56addd1d4f3f7da50e0f217b1b6

SHA1
0f1885ea6e74e45d6518ad00d90df7eb25d97b7c

SHA256
f618f5b83e0bcfffdf98cc0c443f5e2a9d2c858796ec2868bb3ca3bbb3ee9868

SHA512
0248615ad4e100cf0e88b8040fa0041ed4516c51938955f7a636e6ed208191401b7ca4efe4327480296749940a60a975efe12a20a0b7adffe06e633bb0ed5524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ff15bd5ced37cb0d5f03889a740dcfca

SHA1
0c2282ef65cc3395a38b6e773a9cc5016a2e05de

SHA256
25a1af179a1a9396bd1892401c8dd5ca5c926ca289aaa9870e408be77062d94e

SHA512
aa2e95090646a02b90df121e1b5423a2153e3f6bbbcbf8939b1ca683b372c94de5675efcd0de092076313832df8556b3479e33782d23579788b057eb5d7f3d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
16018b03d951cd72f2227b47dfe309aa

SHA1
79db15014f0ae78c6169eb2733033586e3b7aeb5

SHA256
d4629939e5f1e58d540d09a5b2e1422399586b798da23939208224e82d0bfe1a

SHA512
cb9e8a1b9c6956eb0565fd0ea1fbfa145c07cb5373b5ea1ff839e32b0bce87e92eded9a9f36c6f32fa7b28553ee68647cb6499b8f7d05c33d6f194ebf2e25f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
078380dccf978f1c69ff88a05c366e34

SHA1
0550dac6169ae1e76dd558975012b7c0f65e5cd2

SHA256
6592424644316900ec8422282756b4c8011de33a8d5179de14651aba0abc59e2

SHA512
fe4c22b554e6afd53682dc62b1c7e0f083f53cb4dde8dd31d2231efd4f523ace0b88e71ec4a2032dbafff0484bc0b142abdddef1a270c0c9c077c24e924fd744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
75df51cba299967b3de355ab306dabee

SHA1
154e336aea9042269dcc70897b8161efd0301b49

SHA256
3544e1b0453add849ddc8d70bb670e8eb6b018e39e91067ca4489466abc6377e

SHA512
a5681aef0ef01a3f6f3a115de90843fe035372362a838946449bf692a7835450fa62dcd2eb8287d927964144ab91ac2eef849f771b431c1b277dc5219a93cbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3714d406f1886395654bbfe720ebe612

SHA1
a611111bdcb74fad368f4444407d1406c132f3f5

SHA256
3e1a92c6aa9f3f6221dc5e92c964252228e055df9b71c0951e08e7d75120c437

SHA512
7fa6fe779cb16236e6bee35781e24ac9cff8ac3a1231662592f6e88c4315b6f42da173b32774f73bc0bdbcde41f2cbc8fefffe3c67b01d854c8cbc7353748e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
da7407d9f046f6de373ecc07bf96f694

SHA1
72a30d3ec89a2afbef80162561731b09eb9fe238

SHA256
56776d6b66d6c7aa644a5361cc3e483c81bb1ada44e39f883e5e5b42f40ddd00

SHA512
c2c12fad01c59993181b14516d057759f28df4ab071f1e89fb704fe593238a5418f19eb2d49f2b3c406a4903b7ec911ab8a84e52b3c5799949313e4d99b53587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
9e36604d0211f2fe83c95dc472e486d2

SHA1
e49e624b6d8f8da400888060baaf17bbabd7c17c

SHA256
182e603d56980e17a51edcae5fee455ab5e5df00394cc929c7a19a2ab9f58da4

SHA512
d53f7a0c3e852d4954efeace8deef1b9fa67d2221820db08a149c1d94dc76e6b761b565d82caa1b5cf95415a2900b066cbddf502401756d76cdf2a674fda9508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
972ea9dfa46ddca57d2e8c11a1012475

SHA1
26df43204fb5ab84bae89d36e84613e7ec440e82

SHA256
be1064dbe59fa0b60fb500738cb23128c355fec159b337e7b4f1cb559a0e3fcf

SHA512
a74583a2b7099487be1ffccf58be3a7b65a813c82b823dd896c92430825517c8d51e9d4db91cdd0b76d7fc543c9c2dbacf975d76134c17d4b3e9f0b6c0bb650c

Download Submit