Analysis Overview
SHA256
0b83908a50084deba090cd763582f0c743c5071f0a0aeef600111bdefb59e4a0
Threat Level: Known bad
The file 2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom was found to be: Known bad.
Malicious Activity Summary
Phorphiex, Phorpiex
Phorphiex family
Phorphiex payload
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Enumerates system info in registry
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-19 22:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-19 22:25
Reported
2025-05-19 22:28
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Phorphiex family
Phorphiex payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Phorphiex, Phorpiex
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8424.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8424.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\421510305.exe | N/A |
| N/A | N/A | C:\Windows\syscrondvr.exe | N/A |
| N/A | N/A | C:\Windows\syscrondvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\942711417.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Windows\\syscrondvr.exe" | C:\Users\Admin\AppData\Local\Temp\421510305.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\keys.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1482588259\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1482588259\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1482588259\typosquatting_list.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\syscrondvr.exe | C:\Users\Admin\AppData\Local\Temp\421510305.exe | N/A |
| File opened for modification | C:\Windows\syscrondvr.exe | C:\Users\Admin\AppData\Local\Temp\421510305.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8424.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\421510305.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syscrondvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\942711417.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133921671735440232" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342576763-1998465526-3870295501-1000\{8C1CDBF7-D6D5-450D-A238-7EFE2D4AAB82} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-19_137278ef2bde70e41d136b9c6cd348b7_black-basta_cobalt-strike_hijackloader_satacom.exe"
C:\Users\Admin\AppData\Local\Temp\8424.exe
"C:\Users\Admin\AppData\Local\Temp\8424.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pc.weixin.qq.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffcb668f208,0x7ffcb668f214,0x7ffcb668f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2616,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4904,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5016,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\421510305.exe
C:\Users\Admin\AppData\Local\Temp\421510305.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\syscrondvr.exe
C:\Windows\syscrondvr.exe
C:\Windows\syscrondvr.exe
C:\Windows\syscrondvr.exe
C:\Windows\syscrondvr.exe
C:\Users\Admin\AppData\Local\Temp\942711417.exe
C:\Users\Admin\AppData\Local\Temp\942711417.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3660,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6488,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3872,i,11054394738043764405,12499646599835852177,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| UA | 185.156.72.39:80 | 185.156.72.39 | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | pc.weixin.qq.com | udp |
| US | 8.8.8.8:53 | pc.weixin.qq.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | pc.weixin.qq.com | udp |
| US | 8.8.8.8:53 | pc.weixin.qq.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 23.216.155.137:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 23.216.155.137:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 23.216.155.137:443 | copilot.microsoft.com | tcp |
| HK | 43.154.240.170:80 | pc.weixin.qq.com | tcp |
| HK | 43.154.240.170:80 | pc.weixin.qq.com | tcp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| US | 8.8.8.8:53 | res.wx.qq.com | udp |
| US | 8.8.8.8:53 | res.wx.qq.com | udp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.190:443 | res.wx.qq.com | tcp |
| US | 8.8.8.8:53 | support.weixin.qq.com | udp |
| HK | 43.129.254.124:443 | support.weixin.qq.com | tcp |
| IE | 23.216.155.155:443 | www.bing.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| UA | 185.156.72.39:80 | 185.156.72.39 | tcp |
| UA | 185.156.72.39:80 | 185.156.72.39 | tcp |
| UA | 185.156.72.39:80 | 185.156.72.39 | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| NL | 45.141.233.6:80 | 45.141.233.6 | tcp |
| US | 8.8.8.8:53 | www.update.microsoft.com | udp |
| US | 20.109.209.108:80 | www.update.microsoft.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| UZ | 89.236.219.80:40500 | udp | |
| KZ | 2.133.138.172:40500 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| IE | 23.216.155.155:443 | www.bing.com | udp |
| UZ | 217.30.163.6:40500 | udp | |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| KZ | 2.133.139.173:40500 | udp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| IR | 5.53.32.26:40500 | udp | |
| RU | 178.204.216.253:40500 | udp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| UZ | 5.133.122.210:40500 | tcp | |
| IR | 5.219.230.137:40500 | udp | |
| DZ | 41.101.137.229:40500 | udp | |
| RU | 188.17.69.62:40500 | udp | |
| KZ | 92.47.143.195:40500 | udp | |
| AZ | 213.154.15.109:40500 | udp | |
| DZ | 41.101.164.168:40500 | tcp | |
| YE | 5.255.10.178:40500 | udp | |
| IR | 46.21.87.136:40500 | udp | |
| KZ | 95.57.74.165:40500 | udp | |
| UZ | 217.30.162.37:40500 | udp | |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| HK | 43.155.124.49:443 | pc.weixin.qq.com | tcp |
| KZ | 89.218.44.218:40500 | udp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| MX | 189.167.17.208:40500 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| UZ | 94.141.68.215:40500 | udp | |
| N/A | 187.235.178.97:40500 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\8424.exe
| MD5 | 0ec46393976eb51f307cc11d80bae845 |
| SHA1 | 69d4cb168f3a1b97c37a0ba1519d0adb1ff7e245 |
| SHA256 | 252171bdaa35d19f872c165e861b03d347a4afb85d7a03d02f8eae09d191038d |
| SHA512 | 803351760e3c422e4825103235e13085004b3418b483a2c646aafaef62b7212a1ba4ed28469134a236c5b6121e6a748ba958bbae2dbe4afe9f9f45704928d31f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 27e3745f90548c6ac300e17a87b2a8cd |
| SHA1 | e9a7601a719934907c4359b4f4a443fae73f24a6 |
| SHA256 | 4e0d3ee09bfcf0e7c5aa916ef36dab1700537c7d6e314517874dfda82e689c75 |
| SHA512 | 19b2060e8711123e9a4bc264d29036d779e975bef7f74a969f47f226d392016eee46d3484ef7fc748a5b236406039135f0d519b8714c7354a3b55b528d94b706 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d17338f2e464820220821318a9c0e5f8 |
| SHA1 | b9add8dc5cc83758758a5d5316b4f885bc352af2 |
| SHA256 | 2a11f5af7aa9cd3d6262f5db33956ce7b9037149614484f986fb6de61cef5c97 |
| SHA512 | 5aacea61df92c43080d7b8b69d3dad739dfdd86356c1e3eaf72a3b189bf9a20e6afc2b5e9c65839e48f1549b7f348bd2010f43b29624e03b363f5d26c404166e |
\??\pipe\crashpad_5404_CXWRMNHJRWTNLOWZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | ffa968bec47aca85c15c55b9cef2af23 |
| SHA1 | d4fd63bf3c859a0c52c2f4eadc53dd916f201a70 |
| SHA256 | 9834bd9929116eddcd1262b2a85616b33ce33d8eed232eb0a4ec93ae091d7097 |
| SHA512 | 4c55e2ad87a2c2f2c206858a03b35b5c9577b1b9182f5f6d08db5b8ad99317fea62f26a797bf041f538f12451d9b58bf4f759978d9f190a43bf643bb35bcb716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 8fd4412319167c6b3420c5edd3960176 |
| SHA1 | f3da9dea5a5e8738d3849faf5da9ec9b92aa4860 |
| SHA256 | 7e947e16146108bb3e7662cc30c02931899530952adefb928d2fdb311bdd2def |
| SHA512 | f1afca5d3a4113d5116827f4c94388f80e16330a5080c1bdc0e982ab12e865e374ed56a69a53f35d0c64a12db7a0d16bec91d338b6a8690a360cc9a83cf3658d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5b282ec75ff7cdefe24930e7670fae6 |
| SHA1 | e45aeddfee45cfdb703206ceed6dcd267d520728 |
| SHA256 | 54d666f856feb92e7dd95ac9c69a41c5c965c3e9254bea45e1859409b381fe72 |
| SHA512 | 4c42367c88dad36a03de13a54717d501aebef42e16737bcc184f003ae9b9ef8674411985d7454a960487204df297000399db0ef36da7e2f5fa9cfac585420cce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d40f3ec5-f4cf-43c5-89ac-4b65c4d2b252.tmp
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4819c2d53c6a4145e0d39eea10a5efe6 |
| SHA1 | ea77dc891fffb85fcc5a7c6c49943a0f0cf5c00a |
| SHA256 | 79a3147c13d36d76c8b3ce3b76213eeee4df3bc48111c405cf2ed84e90a8a22c |
| SHA512 | fe419581ed2c10fb109b724cd2d92550cfb01383274060d4b77b6b6b26013c82d123c513ea85aadbcb0b11eae90da9e3ebe9ffb0a90a97dec74bf9d8a59c77af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 2ea43ebc89f2be111e91a7202fc5aac3 |
| SHA1 | 11ce465e03479490817c436136ecf6a3f2b70289 |
| SHA256 | ef2a403a9d52aa250683c9e8c233217ec1f2d8eb5d46fd15dc5333bc12d9a012 |
| SHA512 | 01b4c24f0c6c936bc71faad581ba3f3603e950e4e89c5f776d91857c8726b6e481815801c75fab54a7fc68a9a7a396f0b3e03fecff004eaa694940950f4b9530 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Temp\421510305.exe
| MD5 | f30fdbf3448f67cbc3566f31729cb7a6 |
| SHA1 | fbf005c38f4a1c2e86817a2cb70406fc241f2c90 |
| SHA256 | 81783b558904becc5b86553faba9525070de5f43339766eb1c025bcfbfe1eef8 |
| SHA512 | b428df2c8f8b4a002c8d7e1bfd9926e5cf95ee998688a2c360b8551e80be5bfbfa17ef210bea35f247da4a5c8a940fb5dba49f4786da9a74e5d001b771c8e9a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 812e1dc69f819830dac01039a2b2293c |
| SHA1 | 2ec671a78f319008739233a4f362d3334dc58a95 |
| SHA256 | d99db12baa30009daeef5c36427595a60b71debc6ec22f66831f281e395cb4fb |
| SHA512 | a9d8d11c1c6bf113c2f53a3453e13e37a6777a2b7be14289fd9f26dd33e654c5daf711686681c44b0c541907dc4043dd3ffaf6173e855e9542a0cee5658e6df6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580644.TMP
| MD5 | 32fbe78e4ff2b6d423080aa9148763bf |
| SHA1 | 1ca0b33d9879623dd8995a5b2fbc15b424c4139e |
| SHA256 | d00c1b52a59a69c13b318484e5068e4abf7e9e87c6df684b0723ed72c8155d67 |
| SHA512 | 8c5f8617c03095aa1728d657558e02ad8f6ff7ac928d9fff9e34b87620b45ebbaa131801da95a11f3bdd5c223bbe1eb8c080a2f64c0929825a2ab4cebbc63cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6b20943f358d0737960b7bbb1372564d |
| SHA1 | 07341583311b332a0c3cac6e0cbdfce2a188fe4d |
| SHA256 | a397732771100d21f0453986b3b6d325a01ae52e92e99faf2ebfde29191396b4 |
| SHA512 | 456449c0f46749c3ae1b61fc8d6e476d08992178e5ee59510407eaad4e6252c20447cc85682054adbaefd0a08a7870ba2d0994cfa2be23dc35742d5269155418 |
C:\Users\Admin\AppData\Local\Temp\942711417.exe
| MD5 | c08cfa523c9377d3ae24fdb373b3ae13 |
| SHA1 | 5289219770ad28b0fa4f0bdd91817f76bd6be222 |
| SHA256 | 326c70a965d4e642275c26cd913e268b1db89edd59b31a86ee600a7a9c664eb0 |
| SHA512 | c91acd580ac832d5fed363a9a2b98b724a255d82e4fdda6eca62133feb5e60dd79a8caca36597a52bfbfa907a44208c48b15142e2e6020db219d14e970c3f57c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | a9ed32a41f6ea90f1e04b906ee018143 |
| SHA1 | 193df13af2fd0c9d89f12890eaded9d2ac38ccf4 |
| SHA256 | 391edb827142114dfa16f832f4f1dd4016cf92c87a0c3250c80c6dbc38fdd9a4 |
| SHA512 | ac600b815c2f03fd91ce51964cabe5e80f1ecefbf88d9981bbb4e5b5a3939dfa205bea3be524eca568b6e27974d1915ebe0ae73748ae081323c464daec98a24e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bed81a5ccad5a0f2ac69b6842761a59e |
| SHA1 | f60a5c56500392407d4c34e517adb5fb114b5008 |
| SHA256 | f3f9e0699ad346bad89128356b06d47db0e6cd88c7f5ca8392c64936528fba2c |
| SHA512 | 77f25baad6c12b7ebce10b72d2c613cc16490a806f9d7577f16838709435abccf6100c01aa2260f73a32d6546e877970a471f7d0ae162906802b786fe56aa997 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | f0ec99ad2a360fe17ba5725b1c94b252 |
| SHA1 | 53dace8e64d9965f6ce6f4cf03517327f63751d3 |
| SHA256 | deca99913b1e3584e79532529ebb18e5183e205d126529bd8e1757723e8706d7 |
| SHA512 | b5bf612470389a318bdf6847413cebdcb6b1e353ea6a8711942357ed90c7390561930fe8199bd68c2fb3a51198b9e23ef41fbd0b15d082f340ea6e02a112c03e |
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\manifest.json
| MD5 | e0909520982fc48e47a6451443b11741 |
| SHA1 | 0e46425274933c153ebf5a03f25e693267a8cea2 |
| SHA256 | 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654 |
| SHA512 | 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1052958116\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1955620446\manifest.json
| MD5 | 89217e000f3145a2523e43f947208e79 |
| SHA1 | cd7915d003ee87f2babc9ee9add12841022710ac |
| SHA256 | 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb |
| SHA512 | 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json
| MD5 | 03f15dff10ac451682f8a308674ddf77 |
| SHA1 | c723e23c49bed8a52b8f947b2cb8879a110fc94b |
| SHA256 | f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4 |
| SHA512 | df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e |
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_438841068\manifest.json
| MD5 | 778202dc964e7fb0ab5bed004f33fb14 |
| SHA1 | 932ed013275e2c1172575885246c937c7cca87af |
| SHA256 | 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9 |
| SHA512 | 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10a45d6f415b6f0176323792088bec8e |
| SHA1 | ff3be6372369baa049958a1eb45858dc8ff90369 |
| SHA256 | af4a863fc354c612929d31cdf7af08253f81aa92d0cd4bc3d5523d7edce63d33 |
| SHA512 | 13ae0407c45f070a324fbbc26c0db83ba79d8b14994ad8fa2b748c510fdba7ee8bbfd80ab0b3d203e2fa4ff3aed68f8abf4d882a0e05f65e0ca75a141b36d5cf |
C:\Program Files\chrome_Unpacker_BeginUnzipping5404_1482588259\manifest.json
| MD5 | ec2d07974ef45152a83c82d09a08e138 |
| SHA1 | cdfca8778648c74844b359b2d0f1d405302de8f6 |
| SHA256 | bd6ad3cd015f36a4958892945f666703aeb10b2999422f58b699ba2d0895fa87 |
| SHA512 | a9ec4562f90d2400229c6b30259ba569181398e20ede3dee4e8199a3c46f7607de5f78ab2ca115d83e7296f4e373625790ebe00108f1d0568b8f6f42cbc26dde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.9.1\typosquatting_list.pb
| MD5 | a50b46aa311787328482750c251d2633 |
| SHA1 | eaa327f9a89e5ec13301979f4ce49a36fc871049 |
| SHA256 | 019b9efc88e3e5939912472d7a9e43a8d9b675fff7ebf9b7b445042f6de4b721 |
| SHA512 | a6820b29aa645abebeca3683ceb91372d69d8e589859e03f653ad6b2f3470ce2248603ce265c5d11f3da4833776d22493f3371e8e297591b678fa364bb5dc149 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 3ff34d4e29435c5d38002ec2e0e76064 |
| SHA1 | 0aa66afeea056817290b4dc994e6eabc3252db78 |
| SHA256 | 3eea6e3122155510215ba70ebfd72314c0e5da074bcefebc90e644a74452833c |
| SHA512 | fd9c2cfac5af5651a7ace166cc86a85a085a8a23d1814e34fcf6477fffe439df794c92266b71daf0e15fc90fb4d2a1f37f3325dd2ed99f039a8fe2802144a9f2 |