hxxps://go[.]microsoft[.]com/fwlink/?linkid=2101016

Analysis

max time kernel
209s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2025, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?linkid=2101016

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Loads dropped DLL 1 IoCs

pid	Process
2220	msedge.exe

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
300	3452	msedge.exe
300	3452	msedge.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1345538038\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1345538038\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_751426914\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1938225958\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1938225958\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1938225958\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1345538038\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1345538038\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1338880529\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_751426914\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1345538038\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1338880529\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1338880529\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_751426914\typosquatting_list.pb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873173909431945"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{1DE7EFE5-9656-432C-BAB3-39A04EC934B2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5816	msedge.exe
5816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 5520	2220	msedge.exe	86
PID 2220 wrote to memory of 5520	2220	msedge.exe	86
PID 2220 wrote to memory of 3452	2220	msedge.exe	87
PID 2220 wrote to memory of 3452	2220	msedge.exe	87
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 4476	2220	msedge.exe	88
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89
PID 2220 wrote to memory of 3884	2220	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://go.microsoft.com/fwlink/?linkid=2101016
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fff15e2f208,0x7fff15e2f214,0x7fff15e2f220
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1648,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2416,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3436,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5152,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3652,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4312,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6328,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5728,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6948,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6828,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6780,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7304,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7372,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3724,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7164,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7428,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6860,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7668,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7404,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6808,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=5612,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8108,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7360,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:8
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7364,i,5824106975566904159,9933443954974986983,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:8
  2⤵
  PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1338880529\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1711687047\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1938225958\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_751426914\manifest.json

Filesize
118B

MD5
791d8ef5b977b40022d73a00d269ae91

SHA1
eee166ddaa96114f05caaee653e81b3fbed325ae

SHA256
0642acd6bbb8906fa49601ab1af556afe9b072cdce3f2fdfdd8393b6749a9079

SHA512
afaeb3f15dfbe6e3374cf61fde33a313f0b94a971fb6a1fc255b92bf921ce55762d180d2ab45fe19c8180105a913c70f6fde6cc9c312f52d6390a45d893df3e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\433e6783-780c-4b8a-8918-8208772a541d.tmp

Filesize
20KB

MD5
33901d12341ef9cba305a9715c3e4122

SHA1
25fad1a4df47935c6fc6c7f2e3879efce2e014cb

SHA256
c355cd241c6c16023a1e75d092b851d0eed17135ba2ac9bc608f95cea2ce934f

SHA512
d6192d7aea78fb3a9f7682a38b77dc08d9296ccc3bf9c77cbfa1d538335c3dc8aa9c2de427799cfb0cb81183d87260f98a9842a3853f7c68c54087a9f8aaa97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
abbb253a6c7c7dee52ee703bcd69cebd

SHA1
ebc55afab4badfc5a7334b4b4d1053dcf5b8ee85

SHA256
90c960263477a352287cc51c020eeab188bf8e1d067e3bba60463483fe96fc22

SHA512
881c74f4dd52931538442d905ad525413643707dcdcdcfa8aded6fdb8de1895faa3df134e1d3fa78be2b463d3ecdc6ccdf41a2fdf58ad8775a628352518cf793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
59KB

MD5
8fdb7fd5185f8a2b355103dba619270b

SHA1
272e4e7b4ae0f13489fb03b8210080beaa39acda

SHA256
15d3840593ccd0e22908b868ee43f9c8048d5b8dfde9912786a622957cd96975

SHA512
ad7563c5c6a5dc04364d0e583785c3e8e723bf5dd31ec5556d01b4943848ed55471aa7f9052bf2d86740c78eee3f1dd9e91c840fa521589e3a231796b6448c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
355KB

MD5
765aab9a630cede2e792ff0351339a62

SHA1
875c7393816e7db449f8b6742a4c2711bbab5569

SHA256
c91ccfd58d94a529c0b136d4a98bbd51236c36b77caffad96f6a05fcc117b5c7

SHA512
680c26888744ceedd0f6915d4f1a8431c27e4c855d6ab036536f28e11d243376c03707fd173bfc2a07a261303d86dc512f0dd6cf5251737b2c37c6b10e8957be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5

Filesize
21KB

MD5
f07b89efc6ac53433c14e9433d0b30a1

SHA1
1e93ac2466f3d3d567b435a1b06c8db0e684ee60

SHA256
2216fd2a2be255d1077dff160df60ccd31a0f5081aea28c1077567dab77cf899

SHA512
ba99f7c88027e8712382ee20adb8aab8ffdf329d3fa74a14f7d3763da87c2a9db93e3057aa2b15b0d52a4a41b53c7f92d60be068056c26b31b9f83f0ddad8bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e9

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ec

Filesize
44KB

MD5
3454e7c348ede275e059cb4d42babfa1

SHA1
f960eedf1c7fcabe4430db8fde08fcaf495c3fde

SHA256
2de3bc7f5737f35094d3e9045e13d0c29f27ffcfe267d3b5ecbe8716db67134f

SHA512
addbb5240d6be28c4cb77cda380d07dae37f02e4d45339ae270b3f0146b7ec8b1a0a66b36a88a9641bdd0fb5e64e89af4bda75939de68e30e3f19416a5bad919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
262caf993ecae17b7314e70fbd0324b1

SHA1
418be0bafbdc2e5526afe3f7a735ad314c035d86

SHA256
1a5bc4a99769915c5d09d73fa43b882ddec58a0ae58592906ea54eca27be022c

SHA512
09c519fc21aeef297481bfda938602b21603600affd085914f92bb5043a58a4c3124a35ceef03e6bacb89661dc23707f35917d68fc64ebae7290cb7b1f438b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
689ac30175fcaf9854b0a69db4e9f547

SHA1
196a0765ab76dc08c57725b95a86782ef806c94a

SHA256
5a6a5d987f2152d41d580557b0d074dda463ae5a8fcf229af93946d33684ec04

SHA512
166069bea3d37240221740b44b86f589b15bdc4f8eec9899c0bc9e4435bc25b6bd9445c4da2b1dd1d8ae23e9c48648df467b301a0d93806e0ce11d4c7d4c45d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a2c8.TMP

Filesize
3KB

MD5
c976073651d921a3f49a798310fe2454

SHA1
0c24a2d1a6ebb660ccbc27761737efde77c24788

SHA256
607d89a18092369e09dba2fe9c2e258be4024d618ed18befbb260a241304600c

SHA512
90a5801bc1fd982b847b535334e31b9fe8c092d78a4b3dac4dfa9e1e64aed350184231f1156941fddc1940e02d43b91ba5c1bb8f18ad6acfc46b79463827fc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b1afef532467354304fc96a9a3337b29

SHA1
086244d36842f05d6863256c1736e736f65b9dd7

SHA256
ebea369656066f6b4f90114c5a33f9480ae489fde6dde176450f0244f969c955

SHA512
bc30adcc37b176fda360374bbc998f2c43a497505d2fecb0cd76930428ef99081422c6d3844ed26ea47cd06956768311f3e06e4921bcb4344ca1e6ba9b06fc38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
41578e9b9d0d3f686c2c15a261322abf

SHA1
82b47abab86e1f958cbfb46116a7e4107a0c9e8a

SHA256
9a0c38f0bcb60f0ce9f3447294debd80466ddb3a265ca15664839a13794dbe6c

SHA512
83ede3c73429292802a21a77e7d861abde1d039ae73fcaf8ffe3b62a3fda024723c778d3ec710f56f3787d5c96ea1a42babf0f2496831d3c2edc7881ddcf36c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
a25b50b95c1e6081a26ee65d23e1e933

SHA1
005ec0d0872545d839c9e378a35d42169949cf21

SHA256
e5af0344c52d985b0c6df82cca157403970ff45019d55ca6049b3cacbcf96723

SHA512
c593358b84a1b3df06a06f45e3cd0853da4d7bf779f19beb3c0b40090476c29b378d1de310d695a0e4d5b77cb793e5804f79493d844f7f8566ff068fada0b24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
e563f39c5f2f3f04cd7827fadb9e21b2

SHA1
5933288010fe7677cc786f3fa21736119e0491c5

SHA256
08678cbaffb49b60a765a86f5253e1b5fc1db844fc5f6aaed7206e56fb5a3b4b

SHA512
3b1a28245e35cf1e732bf270055c7ce8f772b1f0dd70cd1df9dce72eb870a95973f3db32b7d51176d95919323b9591b259d4488f2b289510fd70bb07e531987f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
0cbcce37e736d24bd02f8454d4ccc7f5

SHA1
ba0dda9cd7578c934efe5bd3368bc681f70cd8b1

SHA256
7861e16fd8d802a5eede57183cd2dd251a84eb2209f9d5dc6be72e922b6d8026

SHA512
9737b5a71964985a7d0fd240ec43a20f006b7010cb3b2cbd81fe9963c11655ddd13c6ea604189ebc50b6134e1cf10d7a9a5c4d1c5e379e5a9088a69aad055766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
bbc83df87c0dd88840b701896a721408

SHA1
f18a9786bef58cde52d1a147319e74986cf70256

SHA256
a027e518236053035d4c74ab48d699a678f071e3b078258ad8d1255f01c0283a

SHA512
9002cb48e588773ef422515a59faa82d3effca33ea8e0db0fad72367493ccfafea8ec61d11056c6b2eb2c856ebd695bd49ddf98b62516a580d60f3356fb6932e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
2dd18e19f4a2ea5445d18cbcec8a7647

SHA1
25a9bf4084479e4a1ff6fc52e9a7fcb73450b12f

SHA256
ece3251d4c42fca4119938e5c393f8ffc18acbcdefecf64ad792a721fbf43c0b

SHA512
c840daa62ba39db44d36ce8d669c6729e3c37893eebfaababe9966e389f9d12ceda8c1cbe586d00d0ae238ed5d79b5685a069ac10f5b4af93fd16168c61c2b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
86a1602b5c3695a4cfd7f9c3062af89d

SHA1
dcc90eb24e2b94295f52b8f251d76f0a2653650e

SHA256
d197f86c86ac7f8737a87b0efd54da12a7aa97cb0eb848d24abf39db044eab1d

SHA512
648ba08df8b43303c7c80271c1bebe7af85942baed4cbb592aade0b5fde97cc0b79845b5692ecc8002e6c701d0dc665bd58f074bc24d56340f3ce83ff22712f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
696eaa64f06373ac10a42bbbc9342f44

SHA1
bc7cfe85d39e4398db4ca0526ac04b6906c4a4c0

SHA256
57201b4d353e1ac3f0dcf3ed4d3d91979fd17685a46d5a69bf2dfc32acc47927

SHA512
2b6c642b3683b7cb2fe0614b1df5d369dbec56a8fb33d32cb245d4fbe692d096cd6fc618a9fa896ebf5d348553abc5caaa087f2d70d4ef3227419b875f962b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d5ca2507e22eb673c53c38f03a3b45f0

SHA1
d7a901ad0e68c4625515e5753f57931cbe4d09f8

SHA256
e14896b54d00750dfc1495a215ce1a38402d9107d4e1c225cdf4ab43ff49b9d0

SHA512
f1bb7f6603a879bbba859bfbe8a3d15c40e64a87902cf445a9695d9fc927beba1769a93d9ebc8f2474f8ffec68ce01aa6dfc8f8e2063a7d94042a619c606f623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
2KB

MD5
5ce7f6d26b5b43ddfe9e7fc43a521abb

SHA1
20f85b1df9c0cdc3f8465ef44ce96410c6aa0625

SHA256
be85cd973224dc974600ba85191adb38d0b9d8518143a8fd41b2b6ef06d5fa77

SHA512
ec59d421ab73e0a6930ae8df07876dcf4e49d2a8000702573e53f742653094a91e195c7b55164d402ba8ea04f0672473c13c8f83fb2ff614ed98b7a5776fe9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
2KB

MD5
b9633b929569c49a3cff7dc9a0f5314f

SHA1
ac596013ce6712318741c76b151c469e63351617

SHA256
5f9b61fdeb045b6a9ef80b1ef807cda8433a284d1e212582def594a628af818e

SHA512
01fbe8cf9b648dd8f6e3a3f2242d99b6b6792ac92ba030aea4c0c0d4c3b8f511e9cea4429e6b735aa3b2e6b6bd19a8b625d6f895349b8b7ddbf767608da3cbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe584561.TMP

Filesize
2KB

MD5
f320918feb96484acc948b132587ee65

SHA1
f9363b033fc1368e0882d01a58bf780af1542c35

SHA256
5abd9fa7062eb55d8224e15628c1d04636296dcd7fe1eb537b5694a671828da5

SHA512
e0ff9327db1db22b61d6c5cb27af9a91b3c2c710f407adb50d1db5574ed555fa63247ece487276ff191672f0ff8357470d5e052ca9eba1d4197128fd93e05f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
51527766358e6da4cb6bf76e959ee79d

SHA1
56f6df468fd43cf95df56fba8b39412c407c531e

SHA256
90eb2028f8b7b06fe23c2fce6a99190ab6b011723b8ece488f2ae481b4f7e9ad

SHA512
795900c1fe748dc8a8358a03f6f45a00f58f633bc2c331694ed8a8323b804413ed31364aef2a5f313a21b4aa14cd79cbb5ff38407baab9842d89407e9e9e66bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
152KB

MD5
51c5698838a7213f3b751c721c856b18

SHA1
89320f940c4c59dfc5284105d7b681b9390eda6b

SHA256
ea97af2135dd1cc00d71b6449de9ac1d2f6e7b8285f7ed7c2c7d7e6b616f9109

SHA512
56c31e817a789d9e1d3c483a70c107b98e976bcfd0721f926e872b38063c546d9caf072b1a35092a8623f118ae08662e649ee2ad01c92c18b5b2ad59578932c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d80c0d752969a7ae363f7ab942df2b2c

SHA1
8a2bddfa30bb643ba4658ad775f90856bb0085b0

SHA256
a1eb369c9e98e5457a31e16ec953a1ed9c8be332d97d1531fd79df2f4760a8d1

SHA512
51c0a9d3abcd1f05f1433d6be418023f97074a87687ea3c12fd1f75d312afd457515b0149edb16e586f048b58827f440d24093ef1d78fe3668feba12781e7703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f3923414c73edfe63cf2c3ea511c3952

SHA1
9d3a85ccce4c88f4c4f4e7221a3ac460fd0f6240

SHA256
56f2c070535581ea7367ab12c739fb6af4222d3c618e7362b1e089a211e42ebf

SHA512
27a775ecc3072a2b995648bf07db3a13e4b05f381284041e0fbf27616c50d90eec8575952c74da978c8e7c11bbe97889313b3ca98d86f2ea052ef580594c9996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589aa5.TMP

Filesize
48B

MD5
81df3daa9e5f7344406cfdf5788c181f

SHA1
0bf9f7c8b9690c5ba585e0d4576c81b6ba0d2f2d

SHA256
6b9808e812017fa3df06acb4c36bf6a4fb4101a291bb7f9e24f744d0134ab8b2

SHA512
70f7d424bde39c310e38a39ccdec93c05e4594e8ae43c83b30ffa5a42bf764f77b642d5b2fb86a7a7cff7cf94df5f414cf848d4b5c75b3c0e1701d9e691ed49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
0a234bee644ac6ba218a73f8e257050a

SHA1
ad20dd65ee0cbcdb4165abfe33a2c30777b957e6

SHA256
735f1d03bd709f0d53d800ecb0832c78b3029e97c5f55d494c38d01e436f7bef

SHA512
f5ff0f07e224d40c8f6612ba4df224447e7bfb1033d00bb2dc883bc37ceb8531ae92d32c5ab0b534ac3fdd0bd4f74b6fac8337db5e4d0489d61585a79b8aed09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
e8249dcc803048cba6d62526fd5d1db9

SHA1
85daf036a8b80b4deaff56ec5e495ea482bc7137

SHA256
da39d76d3819e76f312263dae70692bcf81e8e7a25eab3147069ebc6f498f005

SHA512
16ccba414de5e36acd729d647a4522fd61af60c1554993dc413a8db671a333691a1c0fb1d89afa3b043307a3772d56f093fe1fa76c9a2caf420f504e949cbf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
bf85c13250562b6fa0d157690b7f7f81

SHA1
181caa3f58316d5259b5b28f7423ac4cac2ce567

SHA256
b2fd479244810bd9601914d046383f5c13ba580d3be431edd5c9f2e0223355c1

SHA512
41bf0c1d44f1e809210f1f40a45b891f018ec5c359532cbf8a5bef5c1d43346a0ff2c75b21de82013570081c44af1ca89f52b4145756b7e49d2983dbd23bdcd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
991f4ea9a2320caef7bb46309f452d8a

SHA1
151276b59561832afb35bf3baee9999a278dc4dc

SHA256
24da133a5e21a1a905bc286ab44b85ff13a5af8a51f12bd7da56a948ff59063b

SHA512
6d5deead738aec34156581e0244468ac01fc5ebeafc06f76045a32912608cf848d47a6a2f6696e2d3fc71ce729debc51286a64eda9ca89df07df5dee10d0c271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
45cd20bd0f70428bfe3ebec2816022e3

SHA1
0d5d7ed75a463aa7440f8ad7ae03e0760179d435

SHA256
b7e1a2ae5d91987586a47a38092aefc727897493616f7504d4f7ff943330f1c8

SHA512
eda65f54a444add84463d7d069437290bb7198be033b789cba444fec40ac8dac65785e07acfda6d11033a4add401221599a4663df17a4a8972663163674e4e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a803df92eb62a13e7b57570f0e78ca3d

SHA1
dec0c7b01b9f62632e8c8648fe6ad55e78fac15a

SHA256
20389c188197eb6812a2524152b0d61c3bc2d588238fab367ece83d5a216e3bc

SHA512
d20a131ff0d24105c94ce4ee79f26d56e8e847ed425870728993fd62c31f462ccf15dcc59dab198369536361a6a5088a78b62bec10b66c61b1587bc0b6991420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
da7ac48d1c1d732e811accee2fbaacf5

SHA1
2600bf3d5d6d88acb36b416d5c11be7dad11d8a8

SHA256
c9919e8e1a888aad351076083871285aa343b156c2d4722bcae576d2bbba0fca

SHA512
8a77984b7c82108550bd878d40a2e448495ce71cead5ad75a099192bdc111b2ca34efefe5615093538daa9c1b7ab26f6fe77df35b9774bf149ed00dcd9e3a59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4f4b2b289bf6c0e33190e1a5baa4852d

SHA1
e936ef25f9be558197d1a892c66b63e99047cd17

SHA256
6ff043c91286d5be0c114aa124448ead39ee4720a08d6be90ea6240719791f72

SHA512
10bf0b677ff8fdbef115f020b0c4771f47945e004883bd1980fad6f416dc106ec1061c15f92cd8e9ddeffc10a2f3bc6b083ded826d523e84864459e59ecc5502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2b710abdff0f60b425f04862950c0fe6

SHA1
0e51d6e2b90bc0418f71d4c4f0d3b0ad997163ef

SHA256
bbabeccc09293b185e977c734427f205aa7a46b4d0de0e9c48fe4fb9411c5c86

SHA512
7cc6926e6ceee42bec4109e9b621461e41638cfafb38153a2ccd01e70d65781fde32fd161fbdb11bf2cd4723da5867ffd6717152e552de8b68d2a17042fbbf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4a5a8cca529016ffb823cfc52ed1e54b

SHA1
8a1cbce6fcadd07d7de68d9437ca3e8b3625b34c

SHA256
8a1603cbcf4ad87855a4fceb3ff8a675e2181e15b5e87a761f261de693ed8f8b

SHA512
ce4b7f21bec4616928470ee2d11e8097a657882d7896adcf0bfad06e64ff112c9531cabffb7a02983c6ef9701930d5cca9d6b097c6b4e7f3c28edaf1c37073a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
00f00b4c7408b84a1d169701f5df2253

SHA1
7692a408ca78de32a33788e9990bc74b95bc4d7b

SHA256
152e15d21b6e1107cb13460477dcf1ab6fedb4b19a768b7f07ca740310bf8c6b

SHA512
f0b99e982600954e2ccd20ea5166664b14ef54029af302fb1178619e4c26bfe2adf790036a215e9370b2715c4baf67486b7ad63a044cb5cc9e294568b422eff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3426fd7249cf0160ad624702a4a07b70

SHA1
f381acf47c08612f29a56a42fdf27cd4265a543e

SHA256
d657f1efdc43c3466dbde6f6851b7d85c933e5ac61173bcaf198b0747fb11d6a

SHA512
c795e702744e5ceec27e7f78122f1f14da6a1d5b40a00efe4f1d0aa2d6c953cd024096e48c2431cf6e7a19ff023fe738bbc315ef99a20037d91565f6d64d2877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
b8d313e9a93cd1d7f31e585a202cdc17

SHA1
92c8e3545513c358436c9213970ac7c07d8899d3

SHA256
c23eebd0c7bf7d28060b1ef98cf2302db1020ac2ae5ed384f88ebe2f46f67aa5

SHA512
ad06bbbef3b7fdec0cdbe024868f4a1b11b5980abf813491ec37185e7a773d1e950b3c2dfe73db66cb244e631750ee3012ba1635395ffeb831d80a5cc89d227e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ba267b23f2232d2cc11556b61a03ce4b

SHA1
88b9ed4c087c1d43065eadeee36b80cccad564a0

SHA256
e52a2a33c28a00f55df09d04532e95db1c89bb26d0b318094e2d7a619005cf75

SHA512
f5641024227f05054a87c06acfff11f64a0731ef3693a2a3e05b4600fa9a24badf3e4460a341c6ba54f1aedb84fd3d2c52cc1a58efd33ac799d2d8c30edab552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1bb9f4e33c0cee2d1794131abb35d215

SHA1
4f29864a7792043776a2fd55f61e49044e83d348

SHA256
d15e00be838a4a7b626010389f1ac22fa750978a7c66ac65561bf1abbd6b181a

SHA512
b5f5a0f1029643356f8553bc3ddc17e1d512cd90a98712560310b8bb1f92ff3f295fcccc35aaaa214ccfde888a2d74632e8b594e4b7bbbad47f377bed92f45d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe587f1e.TMP

Filesize
392B

MD5
74000ff811eb6d1ac64e52a4a55ef8eb

SHA1
0d00b09ebb7f54320bed8851f9a2ec22cf16410e

SHA256
e8e2c228d05a3d196716b0c30a96e3659296f01dbb88e8ca9db3977a86f44de2

SHA512
303fa17346878daa684f6104d99ff036ce96d8240534a68502d25eddc588437824773ef5fb4f072ddee2fcd1a0984021aa2799935b0e6e5750f2a96d58cb9717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.24.1\typosquatting_list.pb

Filesize
638KB

MD5
c58dc6e76e524d25a1a8cf23ba450518

SHA1
26179cb88c8f3c2db96aed106844c817d8b08d29

SHA256
695140b50858ab3ff19e2519e0aff4b6a358d16e4cc110d5ca1bb6283b37be4c

SHA512
4d74793a2b91a5c307e6f23521622611dae00dbc8717ff0e7b93451ebe40313ace05cca8e85fc3b2e23094b07219040cbf6ddd88918bae7895ef0352db1af71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
363b0f118241acfaee4ade209d0dedda

SHA1
d92fa96f867e935a11380c403a2919b1c967bd4e

SHA256
28e31fc991123b9ff636878b48e7b269fa06f3a0088aa19a138af3c23374b123

SHA512
3d8c0ab8c13ecccc297d17eacab607a71f0d1e4626c1cdeb1f636f00c2b22922705bdf46a15da71ab38d819923f46d35d90ad499d098697a1fe9208f81eec518

Download Submit