hxxps://2ca180b6[.]28687e1d77911568586534ea[.]workers[.]dev/

Analysis

max time kernel
167s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2ca180b6.28687e1d77911568586534ea.workers.dev/

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
82	5048	msedge.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1745671211\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1745671211\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1745671211\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\crs.pb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{7D6E5696-88D1-4643-A902-B062C1E99DAC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 312	3140	msedge.exe	83
PID 3140 wrote to memory of 312	3140	msedge.exe	83
PID 3140 wrote to memory of 5048	3140	msedge.exe	84
PID 3140 wrote to memory of 5048	3140	msedge.exe	84
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 5152	3140	msedge.exe	85
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86
PID 3140 wrote to memory of 4408	3140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://2ca180b6.28687e1d77911568586534ea.workers.dev/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffeee1af208,0x7ffeee1af214,0x7ffeee1af220
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5064,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5152,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5244,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4764,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4280,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4980,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=872,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5092,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6988,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3992,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7160,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5580,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5192,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6416,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6516,i,2120765840584067891,7262439836334893492,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6036

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1483821520\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1745671211\manifest.json

Filesize
118B

MD5
38a783f9ed173a04e5bef70a52292fc5

SHA1
2329da12d659d33a964ce876541d3ada1929abc1

SHA256
49bd6d2f7f3242bc71f47eacde83a0a1a0e7310074f30810223ea2940238bfcf

SHA512
3ae1c4d0ba65528b9476dfd6035144215227c2718104ece92f9c00bdaa505e2c80d1d30f6e1556f1ea5cbbe6c4f2a2a085ca5b3a2e33cdee74d65e5ef81951f2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3140_1973971762\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3140_432022336\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
991dd8fbe9a0cd6dc3637646bc73b6fe

SHA1
cd33a4c3c2cea06b41e5388826af365691769de4

SHA256
7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4

SHA512
b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c30c757-d60a-49e3-96a8-d6820fef3e68.tmp

Filesize
16KB

MD5
6e75fa35f2b5f2aca829311901072fb7

SHA1
63b700a8750f106a764c4669c16d19291ef535a8

SHA256
e243aa0b27719938fc53d94644839f62939c6aa4347dfda97603174891e5e3af

SHA512
e6de401b839692c0c0b6a65e8af483871208f6026d585fa0dbae8ed9d035cab4b24cc72d60f7b1abb45ac06ac6932e80ecbe2780898dc9de361c59bf5752eee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
65ebdf9b9eef8d4bb3688b888b98af2c

SHA1
4b33e323a3153df3c97fa01a00dd9ae533a3d9f0

SHA256
bd4b8cb9369e0c76f41d3b76228e78336850c96e59bab53b96fbcfb772104557

SHA512
83db605eb0c10691460fa8292aa4c3f176a3d8cb42ba979ddd428b612e0a790e95b830306818b01337917cf0d675954acbd13b46441968484d8b0cc88c2c62b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
25ccdf8df7d47783c12fb6248110d04a

SHA1
5273712f059a9dc73d323583558c0fc8dc6ce1a7

SHA256
ac7566f26de64df4d8e12a1e3ca52e0e8b6c789b34cf3b309af19efa08f2e692

SHA512
60a02792e51d8f139f19be602584c7beb4ebc8e843c65d5ae0e3127f77a53554cacf4ce393855a113c85db03fa410418b43884dbaf9e49f9c2f08185f3421086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580b36.TMP

Filesize
2KB

MD5
8f0f9b2b2354338835cb86ce8530ec6a

SHA1
074b5767b9cf18714621cc649baeef61b65c01f7

SHA256
4c4a6d6afdbc65892f95dad5c6f32d122748a4d2e1061a9add70a9ded53684a6

SHA512
a39f0fc03785bbc2998fb718af2ec2c92c4337b6c27c2c89280ba14153ff3bc701db39bed8b82f391be161372bfc030494c9c20240072d0c5ec3e45bee94080a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f5dc49302c4c2ac9da1faef9eccd3ac3

SHA1
c6172b009f81a9f11d285b2255dda3cfd3ee35c0

SHA256
ac5f023a736f80656477b09b60e619626bc4e74e39ef4c2a98efd841cee7803d

SHA512
5f100e9ac7eafbce1fbbe89e7311d35a86de54ea23adb1d93c43fa335a569ead90768540b6ae6d0631d77baebafd65fa7888e98859ea735533ea445f517bca0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2530b071bc6ff95744b9dc7a0434b533

SHA1
b24737a7170f4d17650c9431dbc0ce1b12dc3214

SHA256
dbe129577f03f03a85d9cba3c07207886b07208fdcc7acbbb9bb23f1cd986fba

SHA512
f77101f3000b087a429540ea65f2f6b078ac046738881efbb8b114a2d201207346fbcd47f6843810140dcb9279ecab5d7f35bd3ad32d505146980c4d028a50f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
37130d637384f9c7fb1b103d8a4d5c52

SHA1
40ba656f7fcc7eec655774341fd2acfb613937c1

SHA256
6846bf1557fbd18af552cf63682cc23ed4f5cb57c3598c59c5af8688f50d7142

SHA512
d9b4e3d1b0806231d6df18038d08b85bfac45c3354125098d4e6933ecbd7cd3aeb1f1e50298f118af53359b4d54893b89623c5fe77bf32b48483abdabae2be24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e3572b8747acede49b9f74cd9ee790ba

SHA1
576af93060d571fbf737e895e1c8b43311673897

SHA256
40b7dac2a33cb57005c3e935408f1c6347ccd6d47879c99356c2ca8deca0a0d1

SHA512
3147ba7e665e3fcdedeedcd695e6e3a293c20a0bd03b8f415b19d547f5bc3a0ea17562fccc64791c061e255f271fb57b6985f42bb91a283b70a7bc47c0c1c4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
dd640ebdab0530b0eaf00a17a6a63cee

SHA1
56c74c66320f23c22d3eb390695cc8d95992ea47

SHA256
b1e619ae045d147666a8be389c455b866fe796a56ca2ee518d138fd85b3ad9b6

SHA512
fa543ce00f12bb2705253b24585f5e66fc768a105e74a36e8f40a042ed905431b1406edf7bebeef4f86b7f9b17818bb3c5d87f9be72eb5a247e132469ca4a35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\50f32134-99c2-4a2d-a67d-732838a8c13e\index-dir\the-real-index

Filesize
72B

MD5
8258f0df11bbaf438ad19d9d96c70914

SHA1
15f059527f3410582025fb168168fe20aec8aaa2

SHA256
98da9c5f2bb9da998a05ea8e34f3631c383cc44aedf1c777ac761e8a1278a289

SHA512
1dd6444971a02f765f4285c3f9ea9697e0cf55bf02e145be69689cdf52900f4cf67d2903d74a295bfe1365f221614b4d62d1a68629b1ecf347921c57154d2eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\50f32134-99c2-4a2d-a67d-732838a8c13e\index-dir\the-real-index~RFe59a07c.TMP

Filesize
48B

MD5
b9c0f0de601a9e158bc5b02e7c3c5751

SHA1
2990ec74b3addf1103026118f2ec065a2874e82b

SHA256
ffecdbc6987f384336a13e426b22f20cecc139b10c62c4cc6139da706238c4cb

SHA512
f7861a9af97c1303936a66c8381c19369b990d35e406081bbb22fb2377317d9410110fa786c92c5cb7813516757a21966367e1cff7b072ec7d59bdd126b3a965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5fcd888b-5889-407e-b48c-b5724ce3d5a2\index-dir\the-real-index

Filesize
1KB

MD5
b705143aa28226c25cd8e7f6301e0862

SHA1
e901a99eb43340557bbd462eca56f0f5123d693a

SHA256
4475f01334caf3e2cb71040a34c9993e75cc0359d45d0421b2e4ee52ab26b2ca

SHA512
7c2c80dbabd5026144edafb57b49f7de458b2ffd44934b7371f47eb59d7f6dfa677f2d16e834126adb43593555b4906e37f98d58267152ffd2340b1c86611702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5fcd888b-5889-407e-b48c-b5724ce3d5a2\index-dir\the-real-index

Filesize
2KB

MD5
70a62616da5b515a8d2177e8d4e0b5d7

SHA1
c804c0850e75cbfb61a75be25271f3b2f33e033c

SHA256
e411f5b46668b4efad58bab0a94c2ee2d2f4accaaa1b81cfa9f328c8116348f4

SHA512
912e028542186c26355c68133575153bb54c4206429ae7be513d0aa3d7fe65645242183d3711cb10aba8029b56d9178453dcf9f7e1b43a6517671e6777cdb820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5fcd888b-5889-407e-b48c-b5724ce3d5a2\index-dir\the-real-index~RFe5912d2.TMP

Filesize
1KB

MD5
c59a6dc4727b69cedb3d2c7c7b7c1d8f

SHA1
7a4142cdb0a4101489a70f7d07b2f4b806ba6638

SHA256
d4bd22fb8806a2c4e1b3b8afd10afd432de9e74509aaf6a9123fc5b8264e9526

SHA512
490253cd612125e9b418dd521c2118a027453a00db93c6e673465eb3ef8a974d363db4a90c69a43e16a41b61d9962f0c596bd5c7bfe6e6f4f48597e975dd286b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6363e1dd-13b5-40f8-bc40-32a233453843\index-dir\the-real-index

Filesize
72B

MD5
620bf6a1654165e55d1443b536d4148d

SHA1
c91192ba3cf638b79d8fd35a0af8cbc74a18c03a

SHA256
2b4437a573c4e6d086788b129d4e227eadbc6c405856fbdaa522b7f16a004b7b

SHA512
e6c57d43d834a384dfea2e2e454510aaf8f5949d7609254d39f6c4b2a4d847d34592d8be85cf32c4fd8fcacb82bfa4ce69df56268293a992c8d1314e4281ae77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
ec37991df86e7a425e1d5f47fed1b665

SHA1
ea8cc9405185f36095460e021bf38b5d295e2f92

SHA256
5d0c83eb8f7dc8e93ea360719312b8ecb79e6b6c2f1a30f97d91cada960cf7b2

SHA512
ef8ecd71b1e758da290c60a8efcc98cdd359948e90d71073655dea97ce29b6ac84671bfe68f63fab2fdf2aa5a1b519366d43076717f9102048d0e9a58fedec84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
ebda33bcfbdb9ce86c5e0e56c8656b89

SHA1
a118c698ca78063d566baf7827e5da412edf2203

SHA256
e71a1c702700af662bf977a148a6ef7816e34985d1c06e18175d54b2c0bc7d25

SHA512
180d84f74291038a352f61bdd7f91fdd13cd306a5a931963977235a3074d382852c7c6cf6f8eab5751f40e276182a03b00926f7cf17406db63544fd37376ede3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f370e1d0a3444821e4404bbd5f510e2f

SHA1
abc9714d4d05dff535b3e5bbf769cee95778bb03

SHA256
d8290ed8e8fbc6d11e5c1932800aa37c0fb5673655fa2841465f2a0e779c0497

SHA512
1661a883b2019703c858e03baea79d860d1a6864a6923cd2c9294248d96a04a45c08daca572004e8922d3a13a89a50d018efc282b84a6cc023ba3f8ea7b6fbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596d56.TMP

Filesize
48B

MD5
3e31916b794f10ea2f1b35b327fd75a0

SHA1
1c8c00e8e7ac3effcd84a0ab4f243e1ec8d4180e

SHA256
f4081eecd6770c031f88c24333855563052be9d1b2152b90aa43905ec4d25104

SHA512
988f91a8c3ed9e0b3d35be49ee3bb85ac6374e58cdbaf7d264b0e924d44796abc5c11c57d523cef819967b7d6dce1ec5d52e2445f7e180a07310f45bb569f761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
423b3fbaa713e2e1a340b7836081a0f9

SHA1
2fc632dca0190a7814cdfba0ef04912e7e480eb9

SHA256
db02392926b3d39d0ba2b9112b43feff57fac34f102bc52a0212464cce70cb64

SHA512
53ea452c946474d846a4d3081378b0abe2969c7901b1a36f0898c63a25a2db56d3ea940861576f3c43c538597e19eec7a4897523ae8796c44d9264525cc33061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
f15af10ae13188a9b7c2302409413ca2

SHA1
de451f80a3a4137278ea8b3854288f2db3b0fe3c

SHA256
bdaac833e40bc54a947a0a97302f40213c9ff96af0b12840308f3be1567f0c70

SHA512
5492c78fb275a312a1d8e10e31bd8c1032d135393fc7c711d7c490534d414c1e8891d1e6efb32938d90305dc43b464ea1e8c7826bfd750e1c1c5f28c45784590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
59c1210f462c103b4a48d907f5876fad

SHA1
d0e99ffa256b65493002e9bf43b99718e80f37a1

SHA256
12c501a7f79f184ec42219878919265d94356e626678620f1d288447e754b6f4

SHA512
1799d2d9bb88b0ac3e2ad9086852c1861aed21cc0ca21aae20b487e7bc67f94115a4b4e6198ece4a36987f1f1443298c36032cb0d5ef814fb712e506340eadee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
eeb5412e2fd21fc41af04d02c6c2faf3

SHA1
cf73d8da8b9fa65543519fd09430e2f8d7129510

SHA256
f2dbe0ee09d8b066ad7639d3253dba06997a909b6b50fb102fbb7ff3661284d6

SHA512
dd141968982759fa94cb2900812a4194ab65bfced90d3648438e77a357cad9fbaae5d1b937cc6cc0b01fe922cf3bdd9ad90081c46a20fe1b5d9fcba41207ec6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
b06f62c4242d041f5c1988f1d01cd8e6

SHA1
b96fec025df915ef1c89069bf01907f8d0bfe183

SHA256
1d138c98ad42f97a5d8d1bf71e4f96ee15fbc6b98bcef06bca3894068a6794e5

SHA512
d7897bce5e773a827c49825cb2000fb445f4018938777990ae42de4193daa75d0c6246780df0d67b8a9a5553a452d8d2d2a0c873c379740c5ac86b4a2cf8780f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ba206c32b37bed0bd15dee0e696a2918

SHA1
e848223d98dd7ee498b464d9f5b2c8c43292c8b5

SHA256
9b58297f81c187c9a96c0ca474c2f98bf1c00c974c2f16455c223506a1a22a8d

SHA512
1394c807c58f4757dec694f516a4fcf1fc564d89b1ee104a8ec30c22c27f16699c43b9159f8ba3dcc86ce8fff6a058eebc56694be809050403672531bcc3131e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
29aa923d91c37e712eb8936b4829a4ad

SHA1
b15fc2a6f752dd48847f68f0b915b6132411775d

SHA256
9fbcafe3030eb7dda18c5bff7fd6e6ea0f8b246bfc18b006912ab183dbbab4de

SHA512
e3a31b65cea1462fbd6fb72f4edb76abd6cea73d0e24d8bd71c94e719b635b0489e4f2b4a5b36624a43ee6d0dc33340834c70f2074d51f14dab44cc99682f077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cc7ef7a6b07a4703f83543ddedac5a9c

SHA1
3d1f3c79d1081cab0b6eff8ad3304a06647a884a

SHA256
85a3f23a711072eb581dcd033758d2fd58732f9378bf670c4e8e091840a7c3ae

SHA512
0e4ea7f9b9082e3b3a162912e382eb75ea0aab218941cf066b11e145c578aae5bec08d490a059731466a9ee46f9dcfb662e710bc9943585718bb6de7554cb77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe595431.TMP

Filesize
392B

MD5
fa260cf8c911d7f033fa0595d0b253d3

SHA1
58b6ecfe33704948016ba725854bd8dcb098a2d3

SHA256
ea7df642483203ad5306f00ad32ce236c20f8b46969feb38bfe425c627b42952

SHA512
33b37a6c1fd5cd8ed91a60e7cdd4f3c8e389914f0618376494b678b8166612728a1bb049c69874ac0ffe00a3d00c6d91383e5fc7751e295535ad6814bbed44e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.10.1\typosquatting_list.pb

Filesize
626KB

MD5
0104f1d6d013bd1e93f9d9da98366a4d

SHA1
38291eff21f6fb2680eab78418f54beda8e77114

SHA256
0060831feb8e7c25fa67fb62023111ca8c767e4c48ee5ba8d64ff7b9f88dea77

SHA512
35db78d2916a71e73501d7c3d18f3e7d655ca668863b9142ae4e4f99ec2169b2104e41991835ae3557c533d0fbbbe5474847e6027bc41808e18a4dd2cb3682a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
427f7af210e401550df0767fa04c4453

SHA1
3310675136561f3e3fb58e3e702e74eb6b92e4c8

SHA256
3c2be855fcd93b1ce0a50923327215a82c8b69c1652fe4479f29c2cc366ae987

SHA512
ddde7cdf6ec88ce03fd205cfe3e4aa46a972756ab01e1133d4b387f2a4780c9c7c5d8de83a46653c3f252f4ec03c4702114e6838bd4995a7f90c00218256a7d2

Download Submit