hxxps://go[.]microsoft[.]com/fwlink/?linkid=2101016

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2025, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?linkid=2101016

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Loads dropped DLL 1 IoCs

pid	Process
1480	msedge.exe

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
257	5136	msedge.exe
257	5136	msedge.exe

Drops file in Program Files directory 24 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1318001380\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1318001380\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1308404467\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1308404467\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1020934297\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1020934297\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1318001380\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1318001380\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1020934297\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1191114137\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1191114137\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1308404467\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1318001380\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1191114137\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873179444829618"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{C7F5DED4-4030-4259-A9E2-FF988778A419}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5940	msedge.exe
5940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 4900	1480	msedge.exe	89
PID 1480 wrote to memory of 4900	1480	msedge.exe	89
PID 1480 wrote to memory of 5136	1480	msedge.exe	90
PID 1480 wrote to memory of 5136	1480	msedge.exe	90
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1704	1480	msedge.exe	91
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93
PID 1480 wrote to memory of 1204	1480	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://go.microsoft.com/fwlink/?linkid=2101016
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2c8,0x7ff81a32f208,0x7ff81a32f214,0x7ff81a32f220
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1948,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2324,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2232,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5000,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4648,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3520,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6184,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6536,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6568,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6976,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=4332,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5364,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6952,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7356,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7268 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7300,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7580,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7288,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7296,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3556,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7240,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6737414170436290310,12819684819273314581,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1020934297\manifest.json

Filesize
118B

MD5
791d8ef5b977b40022d73a00d269ae91

SHA1
eee166ddaa96114f05caaee653e81b3fbed325ae

SHA256
0642acd6bbb8906fa49601ab1af556afe9b072cdce3f2fdfdd8393b6749a9079

SHA512
afaeb3f15dfbe6e3374cf61fde33a313f0b94a971fb6a1fc255b92bf921ce55762d180d2ab45fe19c8180105a913c70f6fde6cc9c312f52d6390a45d893df3e1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1191114137\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_1308404467\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_2088730344\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1480_348319975\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d0

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
6b04f0d89b7f8dedf8712a7a4f380399

SHA1
cf724a3332b0561a8088b2c27b4b728277886fc6

SHA256
625dae381797a2ec483d41d0d1b591d534aa9c5197a54fb0bb777560c9483817

SHA512
6c779ee66f23086e41a005d2e93a787719d2d846d8e4ac473d9ee44dc1064377b62c99a93463aa3686d5687034d208603a27f94b65c7791f84108718991bff68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7d5a5a876a78b51499065bc36103adb2

SHA1
ee4787828e6984e9ab55a98a0a1a47c1ffdc944a

SHA256
a0f4024362f0ecb6e2bb7973042d7920d8b98a4bfa4723baca2f816a07848762

SHA512
60b97ba903730a204ad11e9caedf0ff5edd97e57e684bc2d5de648ca4c709230afd8b878836db5e5f946b60612d0a79dd573c57495177cd04c7c459218d276d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe588076.TMP

Filesize
3KB

MD5
4c3e13b87e73d9b894bc9436b31182a3

SHA1
3cbc4d48751ff22c089edc2e610171fd10216e8f

SHA256
6efc0402e8c3edabc3b15b027490ce73daf4ad2abde41508716f378b876e0b28

SHA512
5e82f58dd4556270a3f9049223c47ee7f8e72c8b01a17e37407e69f20b9e0d57af60e89b27c966d6d2bf5ea71c7965ad4b35ed61d22191392d572aff746335d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
1d2de71ddef5b6e84a36c436d9c0d971

SHA1
b31935ba5bca75a9e82dbda4dbc2373a4fedeb62

SHA256
a5a35196ba6cc752aac576bf5de03380e8d044798b95f06abb1245957f6bfe37

SHA512
4e0248abd487ab9e99abbf96e68b57bbe2a7d94c79a097da76653c8fb659d69c57138ef0dc9afda967b2706a6ecb623b143b099dbccfa6966796cd967dbcb7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f570eb375cb94f16345e2894169430d6

SHA1
ef84aa0646164d6bccefd1268f7e09ab5bf70880

SHA256
cdaba82ac49a349b0afa07fe979604447e31b760c47a472f0caf34960d75f8c0

SHA512
5cbb04bbd1476f15cd60fdc6ac2016f18756a7fc06a2ce2e98ac053d0ce03203326df20af3d67040c4327bae1c37a4ef411b4945a2aaf81bf5edd6630ca74619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
529b15454abaf07c377cf90d8faf3892

SHA1
4c55c6c8c5ae1709b6f16f7b09d9708723a4738c

SHA256
5bcc662d3e34779fe755aababa37d2ab1d8caae13735456d00770a8be9882109

SHA512
fb14bac6d0c44a4499e4216cbaaf2053051970ed4f071ce535dd07f2cf22bbcce744ac9239fdde1516af07f0c73053d2b1943bea03434b8b57059344043e7443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
210B

MD5
3b726740219e11f9f6ac5ae7164e2fc6

SHA1
8e7345c3fb63bd321d6d052a4dc75030c61d291e

SHA256
7b12c6adb338f228e8dfb99e39eb1d893c16730cc452f04835ace05ce9c068dd

SHA512
205d76e7ef743a2eab8173539cd160c66cc9737e9e19beb4c629aa37d8201a2559ec9b5547da36c4753f9664e93849f46b7e1b3ce23acc23f56546ebcfc48f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
9d3083e40aa3acc6f043e42eb6478a68

SHA1
d4517d81a247e35fad49f24e8361caf25232e77b

SHA256
cbac43aade2407b029cdd3bcf61ea05e0f129330cf2f39427747117cbada1bb0

SHA512
c2b5f70ff277335a8e85432d7ce376e6a019c64cd88e4a716b001b9db9b9fd6172adc4a1cdbd5dbec2bb4bd884097bdeb5bfd03905c02715e4d98012dccfec3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
58e62a77389209b06be96e37f0cc9f17

SHA1
fdf61487b18867dab300f7ad08dccc13d0225ae0

SHA256
406616c62d757ae81cc1612b47a81288a4b8270a8f1cfcf04bac4a7597475357

SHA512
f3fcf25281b054422e33c1567e4f61d42e2918a03568a3e59242ce0945174ee1bb0b56f8706ddea4e3c62eb859cd5c397e89b8737e1d0cccc0621604373930e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
5cf14ab33aeff350a9cd6a2e8795b9a3

SHA1
c273f6738bd9277c51dd49034593c68bcb1864d8

SHA256
58794e67b87d10417a241f54fa1915fe98e498aa04077c5d10d615eb39d9a8af

SHA512
d64b2ca698de3d6cc0fde6eab1b2281a345b544e3d9b300f44c34f7d1b9d6f90d794ef9700bd14262ee7c56da353193d0b1a462604cb72ab62ffb2e1a5ab3894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
91ca8875f84b9b71bee6f9fe4429cb71

SHA1
1ea5bbeb8f1d329c807754138beb0d04a11cb74c

SHA256
4ca8d61306960d35de0ada5789fad69d3982f31358d72b2210f846677b9b88ef

SHA512
80b758966804c07bc2d34cf350e1051ca9009372ecbc9126e95553ae759ae0ed22d09029d80e6ba4eaeb14bba3d7592a6b2c2bb969caa04c3714da136315f0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
e278fe8bacf4bc64f08dcec22faaf4c5

SHA1
6806c207d0a5d4ba25ad8ed7291a4bc03fc1c25f

SHA256
2894d396e5d62c3c90b183a3858634a5059d1b5bf1d245e0b858d8630f0d57d0

SHA512
f3c0c03ef3b5466e0247b1fc040f0adb7cb14eaf7937a6713e73146a368576be7fe2d7eb3a8b276c0e02d3e9d8b1b53c5195bc6ac1e5c6a800b1f43cb9b991b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\18bb54b3-b4f9-4bfe-9a18-44603577e9bb\index-dir\the-real-index

Filesize
72B

MD5
9a93021a0f2f8709e547c437dbe2193e

SHA1
2f947dc694642d61051764a8c7b508c583416435

SHA256
ac8b6da6bc283842b708426dcefa2b86d9911b01c04c4b3b79e25e19f7d25c26

SHA512
bd8d30bba7ef25ea98688778efb32d46b5e8fc06ea98596ff93d48957df27ed1e0c52c0926a4c44e3546b498b1ba730167d5587a95e9a90e15c2aa296cef2fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\18bb54b3-b4f9-4bfe-9a18-44603577e9bb\index-dir\the-real-index~RFe586963.TMP

Filesize
48B

MD5
b7196928c6c7141bc1911e8ff547f1c1

SHA1
95ca6b64aa047e2d564f45f24ee4db3125ca667d

SHA256
f59bb63151a6f8bd65f996fa98902db48b6b00089099be0c6e0f78af597330ef

SHA512
17cbce552611493429db2f81ec265fe1ac92c1ab7d50dcefe93d8e19974823e258ba7f0837c59cb35cba0f9dbee652ec4584571b601c5000094b9382126c85f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
495f6f87ff58d5a05fc5eaea8bb0a8eb

SHA1
c80f5698aa414a0a31ab5fbbe279b499b790c62d

SHA256
eba099ba4faf4b9fe4c241bcd3b0af06e93cdd0a4ed524b4657d76227da18ceb

SHA512
c06d1963c17187c1911e3d2d50f5d3cde6e22ef9de762d4055997ac3b4e88511fd5c2442d1354e012799edcf3611d8cd0d8c4ede95f528b65a3a7bf77b1e570e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
7aef43d76b83ac01af7ec1987d9301a7

SHA1
4ef0d036740a4b86da29475c3006b5310e98e58d

SHA256
d1a2c92964a1df6aa98b5fc57d2c92977d307ff34c3a4665f3449829cdedb1e6

SHA512
93b277d074785e5b934c3bbe1efa90a73fdc22a385706bcb6882311f7bcaaab9b60add6ab847f107cca3eebbf56fb139ffc457c78492912a3b816d7c49c1a3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
1KB

MD5
ade436e6b42533f4b3a6cd0be96cf2e3

SHA1
6574082fbf9f9f16cd6cda3e753173cc524811ef

SHA256
e282fbf423e6e5575fadd501e44c3a322cdd7c50e574ba6af1d422a3bec9b8a7

SHA512
f7626d493a751352d14ab1dacd1c9ec88e193caef772b99d874f89a62346b005390fc82a9c304cca9fb2ab8c472161eed967ca3cad7c46096863373673e324f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
2KB

MD5
ce6b730a7dd9dde652b355ad9c2ec5b3

SHA1
d717fa51c707d345678f7d8977f0852ba2c5aac4

SHA256
29d85559761a18dc994c96b7309d77b37ca128bd2d01c775398add50f735e3b4

SHA512
2938570958f069ded4be73ddd461ae91fc881416130fc570d5242b8526cbfe5e58eec57e0e05d4ba89c5955a322857dc045b5e48ce612ef2370bce6e9b09b724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe57c043.TMP

Filesize
1KB

MD5
7345e2b4360c22e63beedb89a763dcb5

SHA1
70f07f70a5ebf08d3a7647eacb48c57b768fa2fe

SHA256
bd318463762ef74e665b0ee4da30ba4134fca7fad6b1ce6ee96a81d66edff8cd

SHA512
8646431c21e60a93a76da1482029e1b62ed72f8da4afbb94ca0d22f9410f73a17d7d4e066256ba1346154b16a175556a6128bbe1105d71a5d0247291a3cf94cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bf936319-5ab0-4855-8a64-d24824610382\index-dir\the-real-index

Filesize
72B

MD5
7f78fd88087605b6696e417fa24f8570

SHA1
087d692ea15a84c37083e4476d9423a47b804b42

SHA256
4792918a2ef06959f4e96cbb0e4db3158b69538e2172a7157864b04d781b704d

SHA512
ec26ac4a552bc7d9c776f6120a285e28dfbf2bb8db6eb55f59a6fe343824d35253c80dc4827ee3b75639bc143aa196ff4fc0ad4249faa5c97602dd8fba6ac0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
536a1b872af57825e71e9495515e1d89

SHA1
12c6ad8c16ff2743e4e3c4abe436efc8f27c1078

SHA256
711a2dcbe2297987d180800ee7cbb108258a727c4bab2c83c5eb53d2dc49e93a

SHA512
a4ccd0f38544fb119e2727b324a133b9dc2112d6134a84b5782905b69c0810a7574fb7f0b53bb3648910a0f4c33e80cf85e2aea26b221546c9793c5bfc527229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
90c1b55943ddd776f4de0f12a8ca26f6

SHA1
b7539a6950b7dffe0a9cf43840cf4679457aa63a

SHA256
a94cc6c733a6bd31ee604930dfd0b33f539615104c8b434821dbe4f715880a50

SHA512
40df25de025e36147b1354f6e3820efef402b880474f2dc61b199a219529c59b7565429df81909aed816af809986922800c22d9a06baf384be0699eb7c62a90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
848c0297accb669327ffb9235d0c79f2

SHA1
535e6b8878fc28a7bd606296545e62a24421c487

SHA256
621e53cb1221dd1e5d19203733a4c1fe0649acb0730aecb3caddf7ec045e9c95

SHA512
73739e555860e67355cfcf6859f1e45992e00da8a46ec9927baa11d261467d8c15a5fd998e5685107d308d32e414df2d7f1ce6080414b1e543e07f0078c1ca3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
01bb72bb30a62ea0195b3151add2499a

SHA1
c83c26e0549a242f973e711a828c24ed67606b76

SHA256
20b8295ab491f7f5941fc018f6905bf50b110355d76a6dc61f9350482808aeac

SHA512
b0199ba6af03a5aa6c941c1846c6079f016a573a0938ee0af8573ab33759263dc5a985601f1141c10d8be6940353ec180ee2843c575a4a424ecf7171db2cfb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581807.TMP

Filesize
48B

MD5
a8f3b68c6985616c7e40f6c9029dda61

SHA1
760a8fa21c949dbb4ac056773b635bade0f74d4e

SHA256
bbf05e79f55b96231cace9e0aae566576f4ddec2bf355db7268469742f9ae936

SHA512
3183c5be8d56123e30fc41633b02a7375d6acd94f86fe9d77c489f1ac1f4d3c5e3c73620b1c3bd9dccb6118c4488c5616fc5accc28c330b3e86f562b17d540af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
227203c560e1d340d6c288c1d2b2d835

SHA1
5a0b5dcb83082872969e56ab1cf73dc64965fd03

SHA256
f683e11930981ad0325743449d517a547fcd8d2bf9b76ce2ef22b662add1763a

SHA512
ee799ad7f3d74f9422a1aba3f694b8e353d73af2e6ab765926848ea9539328488ab9440b0eb78a0a44a5c39fa77ae8717ee7a50527b7c3165b7a2cd87ff52a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
2ea85e8d8c646d2c5779fa4ed8520a33

SHA1
7ae637ce04ec960a52bb8953810319f100b32079

SHA256
8fe99bdb4472795e5f11fd09017c15f3bda6685244cbe45b341b1b3f183c3d0c

SHA512
178b38aa3fe806f6034e6555646a25b892cacb56dc59178d8c7b8ad8f96b41e17536b884a2c25c63b1c39af1acf9dd131d9c045700c2e08be29c734a591c1e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
3ee6598bd63d382c33b7de50f2d5bc81

SHA1
0aae8c20335c714ce7ad8784bb90ac641ec74ed1

SHA256
bd2cc56f7add3460de01c0e72f8d6c891212c6b387b8e53e212a8c24dd7319f4

SHA512
20f66edc32e2aa9323faa621a8c6a42492883cde9a8c3273695a15edc059ae5889506a58fa0bbe4c2905d263190c2ab35108610652240348450f764594654e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
2a0f91cb1556bc8795224018c02c04ad

SHA1
538d88a3a907c31cbff2b2f25bd446d7eb1e26b9

SHA256
3031672ee3dfea0647165978377948a0aecd1ca6e32ee0bfc80796a0581dfabf

SHA512
112d035104024bd90846e3aabd4c5f448b92d5e323480933c2b7e89998aa945a0b97bf96f518280b83ba362ff4d5777ba047c2147bd5d15cb79154891ced9232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
7de8aade321dae1900d1cfb80321bf47

SHA1
cfaabb9a3ce6aaafd18058a87639f8666a00166b

SHA256
7ede3d40e38c5cc8dc9113670810dbde5d89dbe82a5c2a30e3cf706db5a938bf

SHA512
e098da16e3f6a3f232472fe97738ee87cf0692d09dbee72357c206ea44d318e4dd5cee3de9b795a1b9b39855691ef627418f2e7457b747a57a5ddbe0cb6b3931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e1a860f95f231785224b4adcb833c693

SHA1
d1a373eea25c15649e238fbee970ffbad1e2ab99

SHA256
89dc84d2bd72540411b6f14ada4dbc12ec4908e276be559a29aef420223f6256

SHA512
22b54acd46661d266d7855cd44d560c615dcaa28a4df77649d00d036c71a5938ba604099bc2708d4b0abd6a59257791d7422e1cd9c8405baaac0701fed52faba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4ff2d889488f8e9481989d30d8a1e960

SHA1
6ea11b1462ea11d35594a0c17fc42f22b1cdc44d

SHA256
3bb40f5a0db46d5b8e6599376e348eab2c7d9ed8756abd43d63e8cf4c17df441

SHA512
06e466b3d386e7e3a3342c284bae4ef815d4d12596dbcdd74554f964ffd4e291fa72c785ad70ae3a6c0b1186fb87decfa11ff5584213838b99d9bced88449d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
56e27a6cfc4b219f4452f3fe4ad726d4

SHA1
75c3ac42ea536026a7241bd34d2aebc49f6d35a4

SHA256
9805d3feaa6d182f7494aed9a47e2e1a548cf459ce332e3b98905a38747cedf7

SHA512
d4ea3260e61dd21d095a75174c267b887047f80dff16e33d21068e9bf0cbd9a613f574fe9ee28150bbb3b6dfc3f608d4177e42960bcdd2980d7856c24dc1f842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ecfdc7c1afab9e56fc4df8fc69c73108

SHA1
d8e5de3963a0047515f53099e6e7c42f4bbbab35

SHA256
0045c87b9f1eb2ec32c783509c17470d6e4939c9738c804cc321d296a53f1723

SHA512
83f928a1bae2f70cfa52385e7f30ef78a4241fd79987b7ac4f27cac365558c809cdd2bbab3e6f364a443df53fb5182a8b11aa576903164c20be0262dc528e8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1673e3db45529b058599ee0d3c51c070

SHA1
057cfc89d25af0f2e1991b7ff998945f8261e814

SHA256
e5374a820ed8c9bafc16a4bd5808b0c2f773c0397b6b0ec5a77f69e4b48a0852

SHA512
a906b3b0e5a391cfd059e3d35ac7a82673532574c41a9aa73ca661465dcebc76930837f0190ce057b4041344b0b30422704f707b768636890ef16a212fd8d3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58021e.TMP

Filesize
392B

MD5
3d91eb9148ee8ee1b74664284e7ca9e7

SHA1
54d6bdcf9d13ae4c045fbd07b3ece9effa16d591

SHA256
aa83fb28486abdd7997c45d07b5a2eaead98824609f55a778e1c4765ba51cc14

SHA512
d21f4bac2a8183daa3cd8a208c62dd92fa124633311ab6fcb25856e7c4f6ee78562bdda3f8e259b4dbbd15364ab990567c61870288b9d5d442bd9f5acb84e9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.24.1\typosquatting_list.pb

Filesize
638KB

MD5
c58dc6e76e524d25a1a8cf23ba450518

SHA1
26179cb88c8f3c2db96aed106844c817d8b08d29

SHA256
695140b50858ab3ff19e2519e0aff4b6a358d16e4cc110d5ca1bb6283b37be4c

SHA512
4d74793a2b91a5c307e6f23521622611dae00dbc8717ff0e7b93451ebe40313ace05cca8e85fc3b2e23094b07219040cbf6ddd88918bae7895ef0352db1af71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dac88987-3e2d-4908-aec6-f321ef783287.tmp

Filesize
55KB

MD5
e9ac731b895ac0a17c0116a7ffb71ef0

SHA1
7d2f64c9de8e714d532fb9c7fd416623ab66ab7f

SHA256
cfd3cd268dd2955132ceeae2d79b107ef4143001ac1bf94065e8281ea1db9106

SHA512
dae8cdc50f1fbe07366f8dcf73156ca020a407f2386149858fe4dc450a18791b1b4e943607ee5466aa2e94705718f41bd8069e9ceaca55e2714e78f909f5fa32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d6a6fcc963cd6b922e31874e506c987b

SHA1
c47527e4a730bbf08802f1d0387f4bb236f05281

SHA256
0cce08fdce514edaad71e97e6ad47a3b98129ae0f56faff19988ae2b46734eb8

SHA512
d4634e6c1870c7d715b3568288d0096ef7e37ac0b501ed352c9422c2dd2dd95c70504f0bebe821f2a0d9bbc2b5fe1b95e92a2d9217d926f414aa72f969fc0cdf

Download Submit