hxxps://u[.]to/LNE2Ig

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/LNE2Ig

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
106	4320	msedge.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_1569618927\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_1569618927\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_1569618927\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_792860786\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_893091792\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_2108712719\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_2108712719\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_792860786\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_792860786\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_893091792\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_893091792\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2572_893091792\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879263732817172"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{02C2C77D-97FF-4C3E-B53D-59844A4C79A0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 1496	2572	msedge.exe	87
PID 2572 wrote to memory of 1496	2572	msedge.exe	87
PID 2572 wrote to memory of 4320	2572	msedge.exe	88
PID 2572 wrote to memory of 4320	2572	msedge.exe	88
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 2952	2572	msedge.exe	89
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90
PID 2572 wrote to memory of 1476	2572	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/LNE2Ig
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x26c,0x7ffd62b3f208,0x7ffd62b3f214,0x7ffd62b3f220
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1964,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2076,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3500,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4300,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5340,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6344,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6524,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6680,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3896,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6516,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6928,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6356,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=7304 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7324,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3524,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2900,i,3571116356477506556,6240520739718492705,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2572_2108712719\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2572_792860786\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2572_893091792\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
355ae32fa573e98c10587d2ea9cfe277

SHA1
0dd55b9b80e26ae1283d515b58392a31d87d7108

SHA256
72174e41de9fb2d6a44d2276e5503d01bda6b854d9b0a807240dbec56faf89a7

SHA512
cb19c21575c2ee1f27e40cb60b6069734096a11e4f59f0cb53f487e4041a7b648a8fceb4bb2aa9d66ff62ae92e72857d9eab19272751eaf24c9f1631a0025c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58aa16.TMP

Filesize
3KB

MD5
becdfd3025e5065b36af94305303f7f9

SHA1
d4c7201b928d5c7dbf73f512708501e94ad00416

SHA256
81ee96fdbd5a58b818b6e1021e224d0c16c4a5ac8a99304e2431adf2edd68c9b

SHA512
60819bf1c2dfa108200a8bbf4ef1072c5787b216dc2bb55c2b0a7599b8c01eba646ad5c717909af0438338f81fc353b6f4a3393667a0370bbd624c3c052faca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cac2aa1fae3940e069c5d79cfb892df3

SHA1
d968bec24b03a1d68e38452c47df662a6c71b440

SHA256
ea23c50b378bc4903469f433a37a9912289d7ae0763c8ddba55aff52d1444b26

SHA512
e224d124cca83a5cb880fdc89daa7f4b9a0f2a76b66b3722943dbbcb43b0fab8ee988dfc65df0f53f390ea94aa4cc5a345e94b322a66cdef06f3f4c0752164a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b1d6537831b68501ecb5f0e90e0c1819

SHA1
dac30993b3809c55227937ad72bd3d3c8e593794

SHA256
44a24ec15c1185f1c1b8798a80388c3b3652be645044e0d786b36aa6f293c391

SHA512
aa00bfb32819c89e3243bd441b01d3809bb2b1eae49705b3abcb6166618a77383cfbfdac43b78f547a02f38905380ec5f9709887b88d36e8904c36b8916156db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1d4b311c93e426da4eae9b4169fae66e

SHA1
672aae7a944c7415ebfe955641a9406916c7b1b9

SHA256
43dbd8a9264e27fe6691c1e10a82defae3a49cfbf59aca1a02fcf3bc34491126

SHA512
9a000950480f206c29bf266e53cb00e16b2997cf31130df9fdd71108f565c3d9d0de3331620c23c90f6e28a7d099507d58d4b1998868786e1e361c7a3f9f58a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c537f882fd6cc73faee7545db1f11934

SHA1
f4bdc356bf089ae9a82a53cee24811b21e9a41a2

SHA256
323ae4144a32905b6803b3075defb0cb59060af672d6810cef5e0a828b4f550a

SHA512
09169d488f5556403700013184a278dccafd7dc7aa5f6f65872e3365245f3ffb87acc2231976157cce4158e5894e46e405e07177b60b13f13327d17c96e0beb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a2425ad71cbc69a9582323a1746a11e5

SHA1
22824c8ee4b6264f155a897efc398772634d322f

SHA256
48d0a6dd8d4a8589be4d242ee016fb0cfc1dc9fadf84fcd850ab12ea0e1ef35a

SHA512
c02b14fe5b68565e9434c8ac8ccda1f02244444a303b70ac278f1dfdb876f7f83f7c257202b599db9156991cd03108a380bd4ecbb8994a15b457102df2b28a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
667a8bfd0394725ffffb82d0fc7b0f02

SHA1
1a5754279efd74896fc711e90128186c0e780caa

SHA256
b372e073ccaae91f75bc7597ec7d5b6e7896339967c699aa6118d366e745b958

SHA512
2a990afa8c2dee9c51b876f7f5a11e0eebc9ad61eae0b4661d917581d900d70335fc950688336c77196f75219a31113da5862d381028a5d2fc811cd3360dbe01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
832bab6495f8be7e07faa14c47e8989e

SHA1
9920db8e79c3e22b3ba85e3048c24838ce69fe92

SHA256
d0de144938ee32c7c14910f3ad7a2fe81245177d2bc5f7246602559503c2bedd

SHA512
73b707f30ea549c01107c0bf6160278808175d6f64b285f8ffe25445459ab54f4efc674f70f399a15db60047880dfcae187d3a82d9ebd52518b7d7d4ef2e9e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
23005f2030b13bd4db8c94fd9d28fd59

SHA1
ed19e59421bba35d66d0b7d1200c9abec1963586

SHA256
3493b879efca62e80518a01f1e291ac17974ba87ae920e2609988ad34602147a

SHA512
cb590b85b4172cbdcf4eb65f805851523233a92d63e399a34b14f64ff48adc3a94cf360dee6fc78524169e8b8d2ec561f5ac15c4b1cc30640371e86dc51130a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\8f95a38b-9b64-40c9-8802-4f95fcaef874\index-dir\the-real-index

Filesize
72B

MD5
22a5fa8f60158eacb430df4c20e9a291

SHA1
cdf060d621883ec2d81984e1f780eb8d759d5cd1

SHA256
1fc29b5d12c2e7c2a7524d2bfbb23dad6218e71e4f3d87a8d3d4cb0f5829a810

SHA512
0ce8ddc906491a45432906bbd496c3462531735b9adf9cb15d01626d4bf5d1e78d57c19bff3a415101acec48f52b0cd210e81e39ab2175e74e05eb23199f49c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\918f89e9-cddf-4122-8f8e-fdeb09460c35\index-dir\the-real-index

Filesize
72B

MD5
62053676e0a1c3b6ec26a260eec424d4

SHA1
87e0d5dca65ba904c3b14a7040f1ae6386e149b4

SHA256
16ae1957630bc1b78dfd2c2a25a3bb416126e582d3292abe93bc3b925c3eab44

SHA512
29f2f06d648a8366fe3833a2ca606bb1a98ecb46ff3e9a5f2204e2371c8924383166807b2348b928fed6337f0a0555bc15ca86a20dc28c5624102dbaf12e45ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\918f89e9-cddf-4122-8f8e-fdeb09460c35\index-dir\the-real-index~RFe5864a1.TMP

Filesize
48B

MD5
9256ca33ab31555eb867f1b9514f4b75

SHA1
764d0e24e07c67b8cc933943ce6985e0432f99c0

SHA256
0b1516a28f59cf3eab7737bde0ddcb7239d117552a79039e262c2de10d5aeda4

SHA512
4a3dd09e3d943d2eafc618beddac4ec49048ccc9b832fc97737d1979f130ad17f1dc20aadd777f26cd89387317c66202d6822783ae4790269271ef1e83840f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\afc6cde5-6f65-4a18-93aa-6991486504e6\index-dir\the-real-index

Filesize
72B

MD5
60d0c279514476b44e7e5f06d4f5a3eb

SHA1
84b8f54dde52e7ccdd754c9bc8fd2802428c4785

SHA256
0b511bcc10c5d04f174d8e7852a58e8c9618d6a38b835b04f7366f992a82ff78

SHA512
17b37a95773d400a8ba58e5d5b7b139591e85e7bf02a097663022d6949ece2cc8964b63da1c83a973099f15162afbb8fce2f3c8bf77e7a96e2a9bf6a27d81a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\afc6cde5-6f65-4a18-93aa-6991486504e6\index-dir\the-real-index

Filesize
72B

MD5
d199960d1dc50848ca8978ce50ed4c25

SHA1
40173cd63ae705704988e498ee3dc8a7ff33ec31

SHA256
dbad295b74e4245edc6cc716746b1ecf191c8a96cb251d70fb32824eb17d189a

SHA512
1f62a9e52e8b91afb6e842b90947c4b366b3afc09ce3a575cca8fa19de776451e155a67eb7721a4121c838f0f8bc58dbc2857f85e648ecf5bf941868b18d82bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc742e8e-8d86-4c2c-a946-d520a388195f\index-dir\the-real-index

Filesize
480B

MD5
4029f3a4338dfbcea97f4ee09fffd113

SHA1
77b91a9b297ccbc0e2f02fb4abbd6378ec831d58

SHA256
ef67b315eaa24350e73fe4828d760efb43f718079ba72092c25bd97bb5898a71

SHA512
2ca9efdefc8b2e561376cf316385ee1d7ff0f051ecb54755edf83bfff7c39dea1754329aa32345a28885b2db3e4a3608758e058c5e768cf96fc46527e2d047f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc742e8e-8d86-4c2c-a946-d520a388195f\index-dir\the-real-index

Filesize
2KB

MD5
e285a8b0c8cc87d486af0f6df038dd8d

SHA1
eb3b3e2f7e22285b306b7756b08176619b74730a

SHA256
195f1b4917703b789498ac3323c6d1b3d3650956e941eadf0fe4b8217877acc1

SHA512
9cf13dbe479dcbcc3c7e0b194e09403cd90c5ceb0d800820df1eb4e5f188a5cfdfd3a6aa51a00c7c204771a7c39f04b58752e5a317187f0111e6e6709c3f518e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc742e8e-8d86-4c2c-a946-d520a388195f\index-dir\the-real-index~RFe57a911.TMP

Filesize
480B

MD5
a93a1e4d3e9326e8c87e93cb229671b6

SHA1
fdd1bdcf4b7c9e59824c8cdea80994de2f0e0691

SHA256
8c13a8ad635384bbe563f07117846bfff3a820042c7987f68746087839282218

SHA512
5e4a86ee085d330558d72aa97ec5ec3b18f82c7d4cabd52825d1065cd9a2f206fdf4334b56c74764a2569458d03922be519a0ad80fc5958f2063436ea2e30264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
092819bdf956f17dd3364f6de76c99d5

SHA1
b3e760bed86f54e26a59d1b4bf5bb3aa24418ed2

SHA256
7fea411eac4c0e9cdd703b0bfef8e6be3ec0a85a685a48ad5c6694fd15f6fa55

SHA512
03fe7da9c002dceb8fb736e119e1a182383d1b3dba395e740d458c053e8af4eefa447504daea0046b992c8ca263d8abdfbd4e946bd7d4370a1cd198a87b3bda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
2f6a2bb7a29447a7ff3e76032b3bbf26

SHA1
b9cc3f20c405eb7d4d0b58f02bbd4a6f76154596

SHA256
bac63fd20280e4437f6f7ac338a0b0d4d0182338c91390975a60980ca05b3d47

SHA512
24ee38a5b2d5b35fb5e525de57cc459130dc56e0e001b588a00521820c1fe19807b88609665798412d143c128b4c51a0ebc00fe0797af47ef859a1a8705fb8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
937b7ce6043478ecb4e8fff055bc1923

SHA1
2d87eb468b5ce47c35df60d1592bcfa62a585f85

SHA256
4835eba0f53664275cbe5a08427864efa11565551bf7b0590545b4ffc24c6a32

SHA512
0c204a87196b703f795443eb73ab2ae0d1891fc5e117d4d58ef0c3531b88d344c628a436007ff69c0f7ea90395ee65b161c55d6d44713ad7a66da4227979e441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5800c6.TMP

Filesize
48B

MD5
0d80593246dea8eb507ed5393b06acb6

SHA1
3dba987fee2591ba327a6c10cbfbc9e0e53e3539

SHA256
9fba5f3789b76f13029d33ad25d2d95e922620d0ef50b051e3c167e3a0aa3cec

SHA512
574a060141941833f1df6441b286dbb9d2a4e4596e3a7fe66848da291e4f50c1b1a075bfe4da42aaa370b1ca02fd108bccb2e7f085dbecf976cb5929fe7254db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
329ea4773971414db16d4840b27f6afa

SHA1
328fd7320e051b0870446b3d9268a25235eaa190

SHA256
b989403eb610668d457053cc2b21d27b1c94e19d2e803232ac5f11e13cecc9c3

SHA512
63ccbc489408ed0ce86b46e5d365dc9f9393be7a8da11b7af03b53aeb860eb64d7aeff041bed3696a706bfb07c7d3beb23d34264f455981194142c9f8e107783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6754c15-13e1-4723-995d-0526d016d523.tmp

Filesize
14KB

MD5
b7cedea382543c3b26e96f3b5271c39a

SHA1
0237084a7164aa85d98043ddd7dca11a0e925774

SHA256
5072c90af3a392c1e0451d287ec97b4e149aa5ba51bf75ecc62de3cfac598fbc

SHA512
485c465b51a57cc9ad290ca21b4625ebf16149ba5d46eb20a82ae389f1fe8e384d58012ea0fa3a33323249cc1dbc4e5912032c33f3e71ab357dc79b8d7bb285a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\92fbbfc1-aa2c-4874-8a97-6efca7fea758.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
94f296aa1e49a38d93be144647807e0c

SHA1
e5723749d0a3b23ac021bab76331ba129eb72965

SHA256
94c3fd287f207b61a9bd2d49933373dcbfd6dcd60b9dd6b77cad620f5a980ec9

SHA512
e094641724e3a8d923d7b46d0c9beec90bdf0e6ce17a207b396d6bf69ec5039b7e2879e0f4a41c4cd99d6d1ad18e1c94ceec99727b4cfa4cdba9617025cb523a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
cc59e182454a2d5cdde94fb5d5357311

SHA1
cd35dae0e1a7d8a2ffa062e2edbd7fcec904bd11

SHA256
160debe9addc175f23c6bffbfa2ec32111ea3cb29146d271981deaa8ee1ce068

SHA512
9936bd52d23911cb5c0334b294fa772ba5d36a34db0e8267e8e550af67b670c7f18223fc72f2350611ad6633248864aa003411f70dc9aabae1222d4300ab7268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58482f.TMP

Filesize
467B

MD5
69ae0da10581adff02b7bd624083252e

SHA1
ea1af554ac13cf0e7d591470b9b760118c069a39

SHA256
1ae9c9dd4ad8b8b632236ed10dedfe291aed24bf662de0ea9d42d286bbbd18c4

SHA512
8bd0051c469c97d855747a1f9b4f9b46c4d1800be0a1b7630def0fe809b1f040efe85b5c8ba513e51d42b417814931e0653a9c467d7fd6169c68cacb78931de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
b033bd29322046ea816bbff312c81db5

SHA1
7a580ffd5db053a9537618810c78987448ff9ee0

SHA256
0c085898b1216be9ab8acf11126fe18e244eb1916aa65d64a88a56a9c65c040a

SHA512
2f45caf2631bd1d7d2fe81a7177e2ff57fc81f8fa5c6195d0e37981909f34ad86ebe335ba7bfd83f8ab605d024277e39e47abc2521c989e5d9aa5658201d3135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
049a0044e4057db5b887cf22803ee3dd

SHA1
652a216b6d524306ea39277c753018145cc3f23e

SHA256
4cb66f8218a50bec67f8d35a7de251028d45d9252c91098a76e8d015e86de12c

SHA512
485c499fec179b363add3f74b45ba4238109197bda2ca2ea2bf36a7bd72d73cb8a2f9b3cb44e0e1a8d9a417e8c7d1f3e0d69b58b42fc1bc401e1cb28b4faf386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
3bfe6ef549ca6ef75b0ee7ef679890c9

SHA1
402ddb170f58d9ea2e5be568af424fd614efbee6

SHA256
5bb6232c8f5be9193fe3bd07d1c649f114bc7e74fa18b6b00e5eaee47ec186c9

SHA512
0bc7f6c58b120f0b9f1b7357202975b96fbf96f8d09360040bf19df8776276934c1e24b9fb001c965545aaebb7ed6955926c9b417be3994608109e5c2c496212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
538206310fbc47be6f1474c0e8348373

SHA1
726bdff4af3f30f0eb74bbc530779f4799a4a410

SHA256
384ce960137b1b314efde334b0ad112beb713d430236469e06c32f7d8300d65a

SHA512
d0c0dd36e43c1a106b065906dc9354370e954273877fba78933e3ddf11c82c9e4c81ef0ff73452cdaba8156e6f98fa5ef02db85056e465439ce247b12bd529cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7d10bf1c9b0a62eef1c813938c6770e1

SHA1
731c295fb1e8440816582914215d12d4a9c693ca

SHA256
8a8a696664053e1ffb9b50c36bde5cf549f2a569aa13d34de0407874f31fe04c

SHA512
dd9273ac7fb88054eb343f7c201b6776a4eee61023f38544e12202ed334ffa45ea4754c12971f79ab69f386e21c778b61e6324407e2faa6517c8af6d3bf11d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d8536db7ffeb1691c42955e205b911fe

SHA1
de6408e0400d3a6f3d518b11eb2d070a6650f376

SHA256
cbef4314adc37ffc769b004f6925414ef3b58f65c67e1215afff087c82b0d397

SHA512
01e831ba7b7ff1c7e15b6a7d777fec0858b41a0f94145f95d302170474db22b13e00dc390113927a557d74bbcb8c80eaf25f3f920308b1bfc5ca7f6a534fb620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57e4d2.TMP

Filesize
392B

MD5
1dda65bcc26d36a87f135fc48073c215

SHA1
9186827b2558f3bd5849e6cebc7e256247759f82

SHA256
2585bbf8baceba0281f6bad47191b751b47e5a01c43077eccad1aa9ae63b9525

SHA512
a60441de60ae5f3c19571f2a2078c892e1b164e76a97ac8e1b0c4c625be143cf8e1d9bde92dc52ab93f8f7ded7ea407bc123335597ccd4a1d7669413b2e01da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
460642cb69d730902d96099ea28d9f04

SHA1
a87b84afc09f3bfdb433b3d4c4fff8d8905c31a8

SHA256
f9d975d10c56b558acc2912d5faa98e2ebaa031ebc10a6153a230e9b98bda978

SHA512
a22ca059a2308c1108af0f914581116240524b7477221959f5f74a6c0c93dc85e211c09cd75c96234300ab0e903d5e3b295e83f40769bf85a5fb4e7c237d4a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\407e8d54-293d-4462-b773-3cffbf790ee8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce1fecb3-a0db-4eec-9d2c-682638142391.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2572_1827947206\680b4c3a-525e-44cd-b26c-b7674b02b40d.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit