Analysis Overview
Threat Level: Likely benign
The file https://u.wechat.com/MMKbh1wtGuwEGoLr7hG1fXk was found to be: Likely benign.
Malicious Activity Summary
Drops file in Program Files directory
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-02 18:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-02 18:51
Reported
2025-07-02 18:54
Platform
win10v2004-20250619-en
Max time kernel
149s
Max time network
140s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\autofill_bypass_cache_forms.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_1825637746\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_1825637746\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\regex_patterns.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\v1FieldTypes.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping5852_1825637746\data.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959559280835342" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4144907350-1836498122-2806216936-1000\{A20F82FF-E0B0-4A68-8EC4-36E25D9770CB} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.wechat.com/MMKbh1wtGuwEGoLr7hG1fXk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7fff4d82f208,0x7fff4d82f214,0x7fff4d82f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6024,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2120,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=872,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | u.wechat.com | udp |
| US | 8.8.8.8:53 | u.wechat.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| FR | 43.152.186.225:443 | u.wechat.com | tcp |
| FR | 43.152.186.225:443 | u.wechat.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| FR | 43.152.186.225:443 | u.wechat.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.wechat.com | udp |
| US | 8.8.8.8:53 | www.wechat.com | udp |
| US | 8.8.8.8:53 | www.wechat.com | udp |
| FR | 43.152.186.225:443 | www.wechat.com | tcp |
| US | 8.8.8.8:53 | newres.wechat.com | udp |
| US | 8.8.8.8:53 | newres.wechat.com | udp |
| GB | 43.132.64.188:443 | newres.wechat.com | tcp |
| GB | 43.132.64.188:443 | newres.wechat.com | tcp |
| GB | 43.132.64.188:443 | newres.wechat.com | tcp |
| GB | 43.132.64.188:443 | newres.wechat.com | tcp |
| GB | 43.132.64.188:443 | newres.wechat.com | tcp |
| US | 8.8.8.8:53 | support.wechat.com | udp |
| US | 8.8.8.8:53 | support.wechat.com | udp |
| SG | 43.159.26.129:443 | support.wechat.com | tcp |
| SG | 43.159.26.129:443 | support.wechat.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 84.201.209.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f9b586a2b197ec0404db8c1b4eb139c |
| SHA1 | 75314779c5010cd9381ce6ddec0bbb3f769101a1 |
| SHA256 | 9f2e3d60fd8fb52271ca8d2ae914d6cb35f9900d95781053bbcc2116aa9b4f04 |
| SHA512 | 73a64c8f7063d9827d10be0120dcea850a16ae98b39784ee888370dfd5b39419c68b4b866c6d2ce1b426f18c0688cd6e83d8bca40b52243de4939b0e80db0971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1a9860d0a63f7df89e69a55c181657ea |
| SHA1 | 491f18fcf7320563329183e5b7ce72dba250cbe8 |
| SHA256 | 7d6d6b6a3eebee46dfa220c021bb383ff9457706c4d700d4958c8fc71bbca8d3 |
| SHA512 | 2dee55713683f114f393ea12851e14236ecffe2d3e986dc5a57f87d2fa74630042234dc8914e065720ed8a6cc7464b6ea6ca7df14a8842247b3b131b6dc5f946 |
\??\pipe\crashpad_5852_CSPGPVJFJDVCITDZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 38c83b1e7aa706dde6e16335a6c62c7f |
| SHA1 | 992fcb584cd134ef68e73fd7534e13d4e252bdba |
| SHA256 | 7edff9f1a5608935df0650f0185c335a26f49f7316a7ae6d70f6f7573356c6d7 |
| SHA512 | 5ad337293f95eac7e0838e4a89a176c1980bbffdf8b683592a1aaab4cde5d1729aae6b49122563eadd15b39061b03efff2082a4ca9c90c017ae020584e59e146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 024dd07846952baf50e20fe444abf868 |
| SHA1 | 8ad338770d12f9db96cadd15fca55e3cbf8f14d5 |
| SHA256 | 2641f2eed0fa668a8800368c252fe956d3c69704fc6d16c094fe9eab3706ada3 |
| SHA512 | 1a583ede8cacd1c3d849889cad2de3b26759d91914340a5eee0082a3e31299877aea45a655fb41cb4c8c382847f3bc4398609a91301672e9b87d0955f38b79c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 77076da42f6aea261d3f4c466dd9af53 |
| SHA1 | c263ef32be50f6c9c9842f6a650d282d8f4f2775 |
| SHA256 | c3804a8645b930b00a66e224ee37a88b936e493b531d56c4d3aa9e8e9a677d0b |
| SHA512 | 4e4081017ee8a35c5b0571a5423c6ba125576b6e70bc911dd3f1eeb94f02d035b81f5b62fcfcda281e66cbc589503901447b3470c93fc534b8b0cdc14e4d5d97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d0b7685d27d8c8da9a782bad89d63cf |
| SHA1 | 504a9dd61e41312113bbfd033fd321b592f294b7 |
| SHA256 | 2e96cc62a977805bdb0b0a376738bb2c9f5739ddbd169dc8616068eec83a7d91 |
| SHA512 | 4823039df4cff46c7f5270fb3e8a5ccc5f1f594de28af9c9b1614dae286459435ddf62ba315776a8c91fccdf9ad5d98bee426ce3274a0e1b9736c316d6c7c203 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | c784359a87085f261555dfbfbc113ac2 |
| SHA1 | feaab080057a0e2a488eb4d9200af418f0164419 |
| SHA256 | 55d61d9b2cb259155957269807c8ba5d1835ac588fb466c821aa02c171e3fb32 |
| SHA512 | c554389b9ae19ddcc8828fe93983f0487de42e2c548103193f69f1a8bb17145264e4890857153d87480346035253a946a0bc88c04bf3f11a80a6f637f2f958ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 26a133b7d8824939f9a8416825280866 |
| SHA1 | 45d016ea066b5091ed0f92144676889394cc1582 |
| SHA256 | 2bee671b40e524da711a0a3644aea7dbb124b73fa05a6a43991d38a63c1d310e |
| SHA512 | f5c8b93752a3dfb233cfd823bfb8157e357957b0d71dd92a0b10d11834d84a6f13fa8cfebad1867f3e22e6657f1b83d31d48b3ec636e3c8495237f0d91163bcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f29d.TMP
| MD5 | 2cfbcf4eccdcaf6aa893368130f74a8a |
| SHA1 | 99ce940d76ac5999205b9c49f497b499ad904c08 |
| SHA256 | 2b37d366558ab310644623c51c2baf673f82f1d6ef0ad5eeee9a5e8b08579003 |
| SHA512 | 72ab8d6ad29a4add7f2e1ddc16097f94ae20ae73865e415eb6e6075785f2246a7b094756439195c1ab72daa787a61f0c4a393be10d9730da11dea8ae2dcab56d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 14177794a18ecf6b87bb9a12ec3f36ee |
| SHA1 | 663184311d1cab52238feef92a8f34767aa8ad3f |
| SHA256 | c61bb7d6b423a81c0b306d087f6fd60b70e10a9a0116a96998d7cbf38df570af |
| SHA512 | f90b97a34a4b435b26f0883974244f0ce032cc64208f4bb7a7def9dea1ccbb260e539588f72fbed1aa69f163a5342f0854f987e9bbfdbfdbf13037c4c0f20da4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 476847b796db0aa9ff4fe0579d2ec65b |
| SHA1 | 65f143aae28b844e9063557151bfecd2b130854e |
| SHA256 | b52bd36ff441a227da4e32fa9f01678ae8fffbae6261ef10b3165d1cd77785af |
| SHA512 | 25e40d840a0dd5a649f329cce37c4273adb0b4c147a70f75a8c23e59201e63540b4136ad5c496a7fbbb413942c7a938c7b979d8bfb7da97776f9a768cfd67578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8374127-e8df-490d-89ed-23fb7d0b3f85.tmp
| MD5 | 2c04c0ec085dccdc57cc3cd9cef7d893 |
| SHA1 | 5b49bec8918b38edbddf546148db806fda133bfc |
| SHA256 | 5105a0d74b308f60c0f5e3a24cd65c5d23e1bca70775d8db4248eb242abb6018 |
| SHA512 | 438cca1f3377110e69ab617b8d3cf1cb3d69962631e589a27ce5770f9f36ecc29d05badb62d4052cd38e4cca0fdf5b0f1fc8335cb7b2cbc11d867c01d9f64817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | ed5edcabb302373cd6f65c06a15b5519 |
| SHA1 | bff11f856a6e885e030ed42446a6641754f9c915 |
| SHA256 | b890dcf96e8da8414f6750a275364bde0682acf7ba643af366cc8765a414c2a3 |
| SHA512 | c5648c164e1d177b3731ddcc439079892a2fbe2ea2cf1a5d3ea1e886c9aa6ddea2d9320e8951278760c9f3b10c1f1631510a46d8922a5bf5f023febb1ee1b60b |
C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\manifest.json
| MD5 | e0909520982fc48e47a6451443b11741 |
| SHA1 | 0e46425274933c153ebf5a03f25e693267a8cea2 |
| SHA256 | 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654 |
| SHA512 | 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\manifest.json
| MD5 | e7314184e67b4501f5048c2e5f181d96 |
| SHA1 | f741a8a1b8c18c8d4974f937ef589b134dde5419 |
| SHA256 | 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a |
| SHA512 | 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\manifest.json
| MD5 | 01cb8b111843d1f1dac11d249c24c8b7 |
| SHA1 | c4f1f6f219f325caee6363df7f459323109f2f6e |
| SHA256 | b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a |
| SHA512 | 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json
| MD5 | 1c865471f98902a3818e8bbf46360342 |
| SHA1 | 932497309e942f67080b84dd37dbd634117135d4 |
| SHA256 | b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d |
| SHA512 | d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json
| MD5 | 8060c129d08468ed3f3f3d09f13540ce |
| SHA1 | f979419a76d5abfc89007d91f35412420aeae611 |
| SHA256 | b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92 |
| SHA512 | 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7233a5fa740ef617f74f6e2dddd211f |
| SHA1 | 70c5bef23c224ed4552a0f06791f1449817da8dd |
| SHA256 | 2767ceb7bd1d1029846f9408419ff8a74a092f5467dfb9d750cc2a8cc0b33b23 |
| SHA512 | 1e254b2f3602365eef514a4b914fd04609ad7e1458f2c197c84fd14943b0898ddfb0fa7d643ebf81d914f79305ec887370f7c34dd1d4c25606b4661485d27eae |
C:\Program Files\chrome_Unpacker_BeginUnzipping5852_1825637746\manifest.json
| MD5 | b4d869dd7052d78d29b3e439565f1600 |
| SHA1 | caa2cfa31729f4348a02514eba0235e72b88ce5a |
| SHA256 | 0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c |
| SHA512 | 1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt
| MD5 | 1bee2c36cebf096d8a559d5c4eeacff7 |
| SHA1 | c695eda67f31d729dfc336b8a471ad6346a39031 |
| SHA256 | 5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999 |
| SHA512 | ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | d0f015815c95fb23303851fd8cffea94 |
| SHA1 | a8b7c08219465f980fa5bd52365ec6f3ae6e52b7 |
| SHA256 | 678aba1d5575863f0e7a4c99dd4f9d56bc570b1ead44d6e899a7d540c3fcf762 |
| SHA512 | 32f2e78cd061e92ac65b0ae0b5a548e1d6bc7783bcbabd0e722ed2a5b0c861ac5357cedad486e55c305319d87b9a21faf00e2251b11f9a3d1ac4ec3884af45fd |