Analysis

  • max time kernel
    130s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 18:52

General

  • Target

    https://bazaar.abuse.ch/sample/fe0e093058074512febd0db6385e626eb256208b498e5ad948fb6a9fad43ab00/

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/sample/fe0e093058074512febd0db6385e626eb256208b498e5ad948fb6a9fad43ab00/
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffe25eaf208,0x7ffe25eaf214,0x7ffe25eaf220
      2⤵
        PID:3220
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:3
        2⤵
          PID:5896
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2280,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
          2⤵
            PID:5352
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1856,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2920 /prefetch:8
            2⤵
              PID:2932
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
              2⤵
                PID:6124
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
                2⤵
                  PID:2372
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3424,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
                  2⤵
                    PID:5148
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3448,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:1
                    2⤵
                      PID:5032
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
                      2⤵
                        PID:3260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
                        2⤵
                          PID:1792
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
                          2⤵
                            PID:2068
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
                            2⤵
                              PID:628
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
                              2⤵
                                PID:1268
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
                                2⤵
                                  PID:4400
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:8
                                  2⤵
                                    PID:5876
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
                                    2⤵
                                      PID:2408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
                                      2⤵
                                        PID:2392
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:8
                                        2⤵
                                          PID:4088
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
                                          2⤵
                                            PID:1476
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
                                            2⤵
                                              PID:1776
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8
                                              2⤵
                                                PID:5056
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5588,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
                                                2⤵
                                                  PID:5440
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3948,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4732
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                1⤵
                                                  PID:5536
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                  1⤵
                                                    PID:5744
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                      2⤵
                                                        PID:3656

                                                    Network

                                                          MITRE ATT&CK Enterprise v16

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\deny_domains.list

                                                            Filesize

                                                            12B

                                                            MD5

                                                            085a334bdb7c8e27b7d925a596bfc19a

                                                            SHA1

                                                            1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2

                                                            SHA256

                                                            f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85

                                                            SHA512

                                                            c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\manifest.json

                                                            Filesize

                                                            176B

                                                            MD5

                                                            e7314184e67b4501f5048c2e5f181d96

                                                            SHA1

                                                            f741a8a1b8c18c8d4974f937ef589b134dde5419

                                                            SHA256

                                                            7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a

                                                            SHA512

                                                            773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping2036_945891742\manifest.json

                                                            Filesize

                                                            119B

                                                            MD5

                                                            01cb8b111843d1f1dac11d249c24c8b7

                                                            SHA1

                                                            c4f1f6f219f325caee6363df7f459323109f2f6e

                                                            SHA256

                                                            b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a

                                                            SHA512

                                                            075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

                                                            Filesize

                                                            175B

                                                            MD5

                                                            8060c129d08468ed3f3f3d09f13540ce

                                                            SHA1

                                                            f979419a76d5abfc89007d91f35412420aeae611

                                                            SHA256

                                                            b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                            SHA512

                                                            99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            1c865471f98902a3818e8bbf46360342

                                                            SHA1

                                                            932497309e942f67080b84dd37dbd634117135d4

                                                            SHA256

                                                            b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d

                                                            SHA512

                                                            d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

                                                            Filesize

                                                            509KB

                                                            MD5

                                                            c1a0d30e5eebef19db1b7e68fc79d2be

                                                            SHA1

                                                            de4ccb9e7ea5850363d0e7124c01da766425039c

                                                            SHA256

                                                            f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                            SHA512

                                                            f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            280B

                                                            MD5

                                                            a8219bcaf7176916236cbfec789cb19d

                                                            SHA1

                                                            c0ecfcf1f890870b2a94b57f88f160cfa13b2909

                                                            SHA256

                                                            ddf8dd6ff5315b074f05e8db037478239d3f789d09caa984e0b995c5f16c7e52

                                                            SHA512

                                                            167286afc9b5ce19b36be3bb3612f2df5d8c62ffde354a13809e991806346b117c15a9a5f9227a8e0bcd1e263cdd857c8d45ced7361dd4ff3b813eb0b4d56e80

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b79dfd0-e49c-4d54-b046-28c66b09f98c.tmp

                                                            Filesize

                                                            16KB

                                                            MD5

                                                            761854dc3f97575438c6f49bc91f9227

                                                            SHA1

                                                            97de740da38a32544edff08b828a0b8e81e9bedf

                                                            SHA256

                                                            be42accc2e8983f76085b27625f54c2938bf85747cfb81e553054f5c6d319dae

                                                            SHA512

                                                            f7ab9d61b5c24cbb9b8faae45e313473e89fa9f5a8017188ea93f8ae01b77db72d3cb7f8849ab2165af42492f30f25a92cb9229486108c4231fb7d722009b4e1

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                            Filesize

                                                            3KB

                                                            MD5

                                                            e46ecd1c4faea2bc4cee135212ce69c2

                                                            SHA1

                                                            dc04a60a28b1b1aecf857f4572a0e803dbef17fe

                                                            SHA256

                                                            3aac477b0f6b2cff7988a034767e56c27c127ec2bb419cf3c1ec643c8a446b14

                                                            SHA512

                                                            387bc676308c2c9bd052500d8ce9500e95c5319f4ed6709ef01f7dedbac7cd80fd853e2965a5ee13f8ed8a1af0cecd5e3d7f9e460bfe017fa13ae0034085337e

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57eef4.TMP

                                                            Filesize

                                                            3KB

                                                            MD5

                                                            3baf29c62020e12b2e7d7fa339994a4a

                                                            SHA1

                                                            6bdb69c4293461287cc382279c929801b851f811

                                                            SHA256

                                                            63ee34b440dfb7c1232c6ece68ebf34ea01ad590d47eed7a7ea6442cd3620c0b

                                                            SHA512

                                                            7f0db253e6fedf7059f8313830e407708b376bcb1febf795aa8d338ccb05b4fa136bc53d1170d20e1833883a6b78c2f555f7f6def57314c45a3331ea1400e682

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                            Filesize

                                                            2B

                                                            MD5

                                                            99914b932bd37a50b983c5e7c90ae93b

                                                            SHA1

                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                            SHA256

                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                            SHA512

                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                            Filesize

                                                            108KB

                                                            MD5

                                                            06d55006c2dec078a94558b85ae01aef

                                                            SHA1

                                                            6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                            SHA256

                                                            088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                            SHA512

                                                            ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                            Filesize

                                                            3KB

                                                            MD5

                                                            52b1b97cf6317908832af7ebdfc9e2be

                                                            SHA1

                                                            e82c6be095f82e229f53a5797413a8285fdd2c07

                                                            SHA256

                                                            86d8571c4980be187eace8cc4622b0fb1ae3a742b9d520e5708768a69ba6c045

                                                            SHA512

                                                            9a34fd8a16893bc2e901b896c978882cce10fb5016a07f3a0334f84ec19b5a94b45a751d1ac0afef74919d96fcdc83d9bff13a1f53a44d1e881ba66dd676cc45

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                            Filesize

                                                            2B

                                                            MD5

                                                            d751713988987e9331980363e24189ce

                                                            SHA1

                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                            SHA256

                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                            SHA512

                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                            Filesize

                                                            40B

                                                            MD5

                                                            20d4b8fa017a12a108c87f540836e250

                                                            SHA1

                                                            1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                            SHA256

                                                            6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                            SHA512

                                                            507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            16KB

                                                            MD5

                                                            905f459c718c7382717522c7685c1e6e

                                                            SHA1

                                                            efdbe0e82a1e1c8d535913ce38611e655b21d221

                                                            SHA256

                                                            d817b659e9e6b048a56125ae9443e71b64f50328ec4cc8867d0c4419874f2fb7

                                                            SHA512

                                                            17ab80a649f59c024a44707b890cf5dd205afb57db83a23f17d8d8d5e1611b1076631574cbf4a0f82f1bdc57d86596a4053ad2939781e8cbc21c7b6b42f23c56

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                            Filesize

                                                            36KB

                                                            MD5

                                                            be682f75a282069c8dadcd1370fffba3

                                                            SHA1

                                                            a8e93da8771b052e90b6115aaa8cc7882b9364d1

                                                            SHA256

                                                            3eefe2348c5d3fcc6c2697d96a5d9dd8dcf1d6899c041b29e42521ec6cda2238

                                                            SHA512

                                                            1966e89b4489adcad67d4c5118be606e999a7171f196538cf79af5f4f71058598f92e23ee10193b0d6293d21a2cd18e14df26633c15aac49f6471ad19bfcfe16

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                            Filesize

                                                            22KB

                                                            MD5

                                                            1bbf84350c4ea49d4fd16d533023ab07

                                                            SHA1

                                                            fcfcc93070792caeed0476b34f0a34e3364327f9

                                                            SHA256

                                                            029ada40fabc23cf1344d2558a8e817da7936b246567d81a39cf5c24da192eae

                                                            SHA512

                                                            22b277a0ced500858430eeb870fc02fa55786eb6e6d0671fca40cc395de218e0c54cde54c2e4f9cd3d9a5b1cb769da1e0d093d6492f708e9066aa606cd586bed

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                            Filesize

                                                            462B

                                                            MD5

                                                            24b80776be6675499e78d077214a4708

                                                            SHA1

                                                            fc1cbf25f0dbd023c93440bd3018ee0fdc4824d8

                                                            SHA256

                                                            6c89003563bcc3df717bd88df4cd7ba8d5c4c4c0c9703fa2a8e014d5ada8b2be

                                                            SHA512

                                                            d12ea6661ec950ff230293a5906e818a0fd3d6b8a61537b75609ed0ffb143db89d3de8efedd399d6eb5345d7600f3d359445f02766174d79facddcbf2ec9b30f

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            50KB

                                                            MD5

                                                            187dba4e47873bfac4235ee9a9bbd2f2

                                                            SHA1

                                                            b6a1f0d487fc17e31bd4344a5ec395f6375ac0e0

                                                            SHA256

                                                            1cb13be2375277907cce99160c39760e0ae747981ea7036a9f5f2c2a712018e5

                                                            SHA512

                                                            f146e12ff0aacd4837912a5dbc8a389d8e83156bcdf80de962df72bdb1171ef4864aaa9a848ffd3fff10ea2142052986545d82631cce74704e5cea25e71789e4

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            38KB

                                                            MD5

                                                            9a9fd50be15a61ad1425a55cc4a839c2

                                                            SHA1

                                                            39665b57bb2bb1dee774e97826d1383ca512c533

                                                            SHA256

                                                            8b764008b0f7dff814cd9e449bd213a2d4f50d891a172e9df965fead353138a2

                                                            SHA512

                                                            bc4d60124645bd4f568356bd69a74fc607ca4993fb31b7186ad5cdcf504ee28c9c3ed515e385a442b75e58c321667e42b01dc386cd70c518149f042b2479c0a7

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            38KB

                                                            MD5

                                                            f89a6f36f2280e358a31a0a6403bbcd4

                                                            SHA1

                                                            aec8a82a9cc2ca39ef19bfa31758d672db9e1b5f

                                                            SHA256

                                                            d00f21aa19f163073429b60f1cd59e7fc0503fe2a563ff9478d1201ac8c3e32a

                                                            SHA512

                                                            e03feafeeee25d6a02526d31024fc2fe245d15539001b9f44c28d6d203b4ce7d0877ced568d4226abaaa3dae04d68303c489be1b03676a46e2454a661796b9d7

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                            Filesize

                                                            156KB

                                                            MD5

                                                            b384b2c8acf11d0ca778ea05a710bc01

                                                            SHA1

                                                            4d3e01b65ed401b19e9d05e2218eeb01a0a65972

                                                            SHA256

                                                            0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                            SHA512

                                                            272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

                                                          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            e78d95908a7d8d8ac97c332db0d0f7e2

                                                            SHA1

                                                            6ffb2069df7f280e45d9f7ef204ae3123953ef7b

                                                            SHA256

                                                            85ccbe0f3698718df053135825bdc5455f4862c765f462b1b2c51fde99b5dec5

                                                            SHA512

                                                            d93bd594b879ae91eed2a220d6e31c26d7d5e9654e066d825087d0bd4f735781bc440c89c2807a3a74b3ee8dac60006af0d8484a88665b5d79e21d51b92ca193