hxxps://onedrive4business-my[.]sharepoint[.]com/[:]b[:]/g/personal/bernhard_scheller_rulandec-gmbh_com/EcGEL0qZo7xPtfjg6HizjiIB8WIKhPh057M-9y4JpMdIPA

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive4business-my.sharepoint.com/:b:/g/personal/bernhard_scheller_rulandec-gmbh_com/EcGEL0qZo7xPtfjg6HizjiIB8WIKhPh057M-9y4JpMdIPA

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
136	956	msedge.exe
137	956	msedge.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_788171274\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_788171274\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_788171274\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891019422622357"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{3F997383-DD6D-4B14-8F0B-107EE8FEA409}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 5952	636	msedge.exe	85
PID 636 wrote to memory of 5952	636	msedge.exe	85
PID 636 wrote to memory of 956	636	msedge.exe	86
PID 636 wrote to memory of 956	636	msedge.exe	86
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 4060	636	msedge.exe	87
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88
PID 636 wrote to memory of 5256	636	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive4business-my.sharepoint.com/:b:/g/personal/bernhard_scheller_rulandec-gmbh_com/EcGEL0qZo7xPtfjg6HizjiIB8WIKhPh057M-9y4JpMdIPA
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffe89f8f208,0x7ffe89f8f214,0x7ffe89f8f220
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1948,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2348,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5188,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5352,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5208,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5580,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6496,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6572,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6976,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7092,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7124,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6908,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5940,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5196,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6720,i,16323780424708026892,13298435740779710533,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:8
  2⤵
  PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2936

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping636_2146580164\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping636_730990431\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping636_788171274\manifest.json

Filesize
118B

MD5
e17033475c5d0632b8142e61eb70b2db

SHA1
fcb918489b441cb2b3239bd1fd582dc0fb55d939

SHA256
0f4cbee2aac3714f6be3ada73202950f897f18c1cec7e23cf29931502d1c1e98

SHA512
7a458be534f73d273f8c2be6258f4829e9c6924e9c58a51ef60a27989223085bda87d52e36e2a5fa9bfe58e54dbec3c245ad456ae232548ad1e6dc23a8f2570d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
991dd8fbe9a0cd6dc3637646bc73b6fe

SHA1
cd33a4c3c2cea06b41e5388826af365691769de4

SHA256
7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4

SHA512
b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
39KB

MD5
b397888de3382d6c47cf14cb1adcbe49

SHA1
fdaa81cafadf3413b273ea2eb2b74d77891cde6d

SHA256
1ed1e9aff52d51721f30409b31a771532b62e6e0f0a0fe0daba042ab1cad81dc

SHA512
17900d11e1f4f3275c58bad01913152b8770a26a7ead0c6cdd57569c3a7f3b4077ea88fd1d49ecd6855bccb3b4bc21f91e3ad1e1dc05f9971068150086f71e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
20KB

MD5
cd6f549a1f8e53d640e06d4b27a23fe5

SHA1
71b71b7260c5fb5a8c96bb7740dca66f1d1f8a3a

SHA256
5cbed04ad637c341cbf45d933a271fa8c9a9f4b5dc49b46dc664276a5f628869

SHA512
e06e2633408f61db3421314edaf7d7a15a3d6411a9f893bdfe17ec2019d3690382e3b2b44b3649fcb5c97395522337478c43d974071ff5646c132b25f692fe2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
17KB

MD5
9affbb4df8e427c82160ea84a58c4f5a

SHA1
2b4659fd380bfe4a0bc2ac9c5a556850d2cd563d

SHA256
eef83dfeb17712faa657a4f15b6b6614e1aaa68aa92dafaa780d2da8563bbac7

SHA512
e3f4f866695a03bd90ef1992ecbb7b1f46b2b76f61990b14711d31c5f6fce6b81f90c4b33c3a9c40c9ce6d95cc7f0429d45584e22322968c0e2a07853ddc557e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000132

Filesize
21KB

MD5
3121eb7b90aafbd79004290988d25744

SHA1
5584f1beb7b9e8ca11833035c9962b3ddd54f904

SHA256
6dbe807b8da91d549a49beec3330d795601ec0f272ea232e91121f3ed703dfe4

SHA512
ed25bf0b7c12742a7b71bc271364970508fb03a5096f42eedc360ce92205af5be0ac4eb0567585882d34629d179f9cab287839247c81f61d894360a83b28aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000133

Filesize
25KB

MD5
b2b60f1c7184b15ebd6cb2a213c323c5

SHA1
8fed557ff6e49376f3a4bc56f95a548d6075955d

SHA256
dba7c93d3cf4806133d8fe211dce32aa12041fb82acc4591f464052714878fb8

SHA512
e1a4bb4afa8fa8c09e163ba9c0d264425378c8d50f212e2932a2b21cbb6983b566180657bb753681b960d02ca4dee73a5504d433c536e64da979cdf34aabb8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000134

Filesize
35KB

MD5
a729d45a65e2b9849159e08ef6fd5f12

SHA1
75a14f3e8ac5d4eca6ade8771c84f4f5328301d6

SHA256
11980ecd03e02439a6300eeff5dbf9a48bd52eebf14bbcc246752b0ce5baf223

SHA512
89460bcacbedba68cd7fe67e675c5dfd76e6c43d87ed13d03eebf4a66bc298c85f96605306eb879d4ed89bfe0e53699a11a09bba866226f767ab97203395a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000135

Filesize
35KB

MD5
e243d03bb4bdfb80fc2b9c40863299c5

SHA1
7abeba96529b293239da5536d4260efa1e797ad9

SHA256
a8283e1b2cabd16be04a6cb0a292e532d5b74520123e09c2cd9deb9eccf2d1eb

SHA512
7bda56879f1873647edf1b3d18e468430fa9a03ac88e8ac5209e834de13b7c0fd195f684f7afde8e526b4993c1debcdf6373357b925b423afcc37d76ee5c0f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
70d04fcdc060ed936d07189a954a9e93

SHA1
f131d280e41f89df3750b32ae3c40a1a28333ba8

SHA256
393040f4572cae74860ed1c7e3e2fafee49cbb014a875400e07ae92d0b008cda

SHA512
0f90c0165d61508418e81f7cf997d302027ddfd4b5653e8c7c9fbdab982bcbf7f824a4dbb0076d10627f412e214f7f5dfcb6ad2e548b58da0674b258f1da1807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585251.TMP

Filesize
2KB

MD5
4686ea5e6331a2595f16d1401f8f987a

SHA1
841b2d910e304e2f1a8dd4e780fcb8bdd1ce52c4

SHA256
7d7af6be46e9f75e70a6f8761b791c71b11a16f8ddd685b2f74bd4352aa572d0

SHA512
e043db1c1ec78607a1145b10918f47831ce6e0ae6919fa000e0339db43a4123845baaf6e1ff5d6d251ee7bc0b024a14539470710fbe30fd6654b2240123e6d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive4business-my.sharepoint.com_0.indexeddb.leveldb\000004.log

Filesize
2.7MB

MD5
6ab7bf1b0a2fd1d51af06f549faed777

SHA1
101fc1792993441fd1aad11b7c4f68f4c949f043

SHA256
673d72c07746fefefcea0a47286f4699478133042c4b7526cae6fd10a09a53f7

SHA512
d37f440f52297e9b21da70120de841b3e31972c057471edd53cacbb844eed6fb791272978f4952cbc2a3f687daad03f5dd46d3f069fd7ca8763ef9d7a0466da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive4business-my.sharepoint.com_0.indexeddb.leveldb\000005.ldb

Filesize
2.2MB

MD5
4ae7c6d9b3e039e71488d52855d2ce9c

SHA1
eef74beb4ebf419be982f450c10ddd69e17c9e72

SHA256
df15a293b964cfbc3aea5e00d24b4e481e5b60acf869a2f5589f43a891c8013c

SHA512
e44dd8556bda78063e49b3df94f06d4a2fdc4366749d69542027f86829f9b024da19ad2cbf81dd53521901a2ebcac6fbfcc15d3893697d75ae6f039773caf505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive4business-my.sharepoint.com_0.indexeddb.leveldb\LOG

Filesize
558B

MD5
46530c2bb590900cc44ee0305db9e5e3

SHA1
0d051c5a4d2b2d6c91b561a0fab0d68ffd6e2188

SHA256
2e2cf31bcecf9e57e3ca99982de7c40593953a3e57efd4b56a3fb616e74a20ce

SHA512
238f1e7090ac1d2fff370ec0b4924de02ee002ab2720a28834873859eb88cdafac36198d0353fa4b12d0f7a8141e3e9c3c14e2ad1af322944e1f913b1dc1f330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_onedrive4business-my.sharepoint.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
223B

MD5
e61ad3b041561ca659888daa382a928c

SHA1
b16444a24e90d3c86860587d6ae8b889f5a415f3

SHA256
2b7f22ad6996fc65eb55aca8ba5f4059629b949b0e35fa16dc37f9838cce395f

SHA512
ee7867fd46e0af0d0dc37f993a8c7b22834f7c3ca3fb04fcdeeb8a941f207c90317ae374dcdfb59583c753422a5f215c110f193b70390499cc2113970a2e19d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
013f18c79219563bdf9d2b212652c563

SHA1
60cfd6fb53e910d73582609cd3a691ad5face896

SHA256
d9f87bf143747d781ec0454e8ac7252ea7704e456838ddadc2d612a35f9d409f

SHA512
2ee1ca2bc20397efd53a1163570b77d74d47b1218f0d2d3d201fc928ce18a71406d70ee48a4afc7b8f465f1c7459580a43fe4984ab4692e9c7758cc8168dd407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5620ff45965c20db2f953adf60d1288b

SHA1
413f982536536ab5d5a462c77cb4c344e3562dad

SHA256
e03a344e028bd129d6861d00a9b6ab17d18f7ae5bc6671e868fe62df3cc6312d

SHA512
9ead872219c6286ec020b778bc51cc3c91a8424a5097b5d5b829ed6e2dbffa757d1c745c255c5a8d41caec5e1d4974e99875f4666326515f3fcb9b57ac510e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a4284ed20a83dd40ed89f90878b7a504

SHA1
b8af1dae22de9f6f0961a68e2692e6e1e21aa34b

SHA256
6ce426cd594f4564759b7e682e205a322f15734c3227ead4c450c509fb8b8ee3

SHA512
6bde94ca5f87f062bc13e011fca2700ebc87934af3361fcfed036d90ceee2414c5b098bb6b16ff1ad68f4c629e44e7dc3ac0c966e3bb03d194e28584768ca807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d7b1d8e31c8f3f56ce8ca09b826e4e40

SHA1
b1eca61bb82b376169e432199917db201cff6023

SHA256
15db81e305f94e307ce90855c718b48143dc7c28375892d63d0f01bb80a64166

SHA512
2155680a15e7f45f313587ca0f78db0acecf46b4facceb37aa8f743cacb481d42841cb76bfdd6c0113c6a7932f7935c7bad68553d8497f4d77f7f96c4b8cceaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
69ae1306ef133c153a940d5e3353a851

SHA1
de33751e8f9bd5b4c987af1176a4560e88ad5d20

SHA256
ff0ef94439a379075849b8f7f6a282b1b2e51280352e1a244ccaa8836809a97e

SHA512
bc0247b7632c3903ddf0674e194e59de6b45e7130965ca834fed13a7b712eb8e7482362657ebc7bc20196d12dd586f139e23ce866f9857fc99ea74d53126eb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
3c00238ee4d838a38e41834d0c2640a1

SHA1
b7d3976d2a58b70ed6d75fe119442fdb12a9e124

SHA256
331e1dcd4c065a1abb64e4ce1dbba04ce18b71584bd61ac7ed5a60735fde899e

SHA512
130ae22363945449493bcb58285f2ffa209ce3db1e82db5847ff368afaa760652e37559f33e07e302a52a12965f283039e2ab3681e3aaeb7f54971f4278f2f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\2f82a41b-be6b-410a-b298-6b0ef6cf9973\index-dir\the-real-index

Filesize
22KB

MD5
538b10f0314219affb4ad3386a01fd6c

SHA1
6ff5c01852ff5bfbb94c3fe26c8d9b7f847a6991

SHA256
587c5700140e170f86d27c8fcf6e8957a4a0eb4f9288a5143764c4291dc5981c

SHA512
82e85c4e88b2238f00e27dee871e6e9c20aa5307f711b5138de7bab0ccdb67e3622ecdc7afc47dde03552246ba146f5c3c64425171889355a2a027711ef799d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\2f82a41b-be6b-410a-b298-6b0ef6cf9973\index-dir\the-real-index~RFe586963.TMP

Filesize
48B

MD5
e44215f0efd26f64b52b829fd869d4c3

SHA1
5e518220897f579ba89f6765d3e1170ee013b13d

SHA256
b9f085ed1e146ccfe372cf609311faecb56815c9d345b6556a600cbfeb7d9ced

SHA512
9390298f635398b2afe54b528251b4c0d8855eef70f09f999fd8616fcbdd9b83b003b0c3ee02a2fcccea8a2fd206f531d22eaa5825b783bf39550b11752558a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\3f99823f-7184-43c0-9ed7-0e8259e74856\index-dir\the-real-index

Filesize
120B

MD5
17c84a53a0058d84754a031a3a774468

SHA1
8098ccbb0fc06c1a8d2aa2ba21782dde2c5fb26d

SHA256
b740ba1d156b29ddfd5373762010363bcb3183d6a59e7cb16ad0d1e6af24ad94

SHA512
53fe32b8850b1888b6e861fa654eddaeecb1612e17524988810d56ef7a52a9bbd51dc2f53f198c75b7140eaf9184a9818593dec3ee78f97fc6a6019776f3903f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\3f99823f-7184-43c0-9ed7-0e8259e74856\index-dir\the-real-index~RFe587133.TMP

Filesize
48B

MD5
64b43a027bcb3dc048dbd7879e0447d2

SHA1
615e9079a5a33e4a62275b1c0c72cadd9daca7dc

SHA256
a9d5cba1b85c5fbd57c7e8436fafdd80789876a95c33550687932239ea960830

SHA512
c4d6cd14c0115f51245cc2039a22febb07f0b7578ec2207b044e350104abd0d81426a13cac59110c2b6fd9f1bbcc6b741a6d2f57410e6e936711d6066aea31e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\ed816c2c-4acc-48ab-b41a-6518bf48dce9\7a48c130a6a40c0e_0

Filesize
147KB

MD5
6f6067b3bce961aeca498cb5c40c9d2b

SHA1
108386da80fca897ee0d2e3dbc9ee0afcd9a86ab

SHA256
5f0a3fcc5711e53d878bd428961f9e18505704db4794643a33f49358adf1f39f

SHA512
4f483c49e87da625c6689a66fce61bab90144b1fd764e9e75abd8b4607deef61fae423b9770d306d445c57f07b00d2923c81c7a0403469a9c8412067f49acbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\ed816c2c-4acc-48ab-b41a-6518bf48dce9\a4e5036f58e9d133_0

Filesize
77KB

MD5
23f3f2e5a56488a1c1c4af29aba7b02b

SHA1
c2efbaf19f35547272af49d7ca479af7d9551748

SHA256
27faa88648e5bb5acd546e11b3db783b49e9661feb87140aa8cf5d2e8e1fb917

SHA512
9d00e88a2a48baa249d49c530e27f0a2703aabbb2cf6794f554b14a9371250b0ee82e31bb8a0f027b5d6dcd5c0bafe2ded3ff43e79af33fd94e99efcdf2b7fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\ed816c2c-4acc-48ab-b41a-6518bf48dce9\index-dir\the-real-index

Filesize
768B

MD5
da82659aaa2be830c66a865979218d4a

SHA1
e16b3e60d487dba42a15b07cacc806492b8d4ee2

SHA256
f1804644e841804721987315d20724c4364bdc510b4f344bf1c660dd92079122

SHA512
5a07ad25b9850f93aff6e7f50e063d59df4497f3caae7cd5f2a68a01fb0c9a0b5515c1222ffc9df2d2686c5b8e65dbe8e557dad2e5b1435dc7819e717bd8e68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\ed816c2c-4acc-48ab-b41a-6518bf48dce9\index-dir\the-real-index~RFe58724d.TMP

Filesize
48B

MD5
ac92357c7ed2cbbfa91dbc3c82466d59

SHA1
58de9cd92bb9fc52e21f6861ebf074203a37ea56

SHA256
0a2f3d5e2b8e5ac75fbc3c730510fcd26a2ba68da44edf2293bd4240d190983a

SHA512
207510eaff76d07b5801f16da932d5a53db62ddf78a16055edc78bbc7d56a0c96841c053ab68a28f6f5bbf97ede5da482e423f57a94d6baceb20730ac96ea72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\index.txt

Filesize
254B

MD5
ff35a9f069240a683423e6838e3f9e89

SHA1
4797d6fc996b2c1bd30e1372f5c4af2becd6a113

SHA256
d3db2c6c5b06e8a80749889da55cb4509a57b469fec453591d3d5859c82e28b5

SHA512
582226a4b04dd52333db6eeb3e09dd10b7cd6a7f2bb9fdc1099d025beefaa0e00e551b1e3edce619bb78d08a0bdf08b3db866e7662d606c1b1114ca8cc13ceae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\index.txt

Filesize
250B

MD5
4ce8653a1307ba732dd9376e45e04716

SHA1
21476af5a32a44fcd4af45d48303393aa10d310c

SHA256
c4e5ea48d02a7e3e1930050e0a8855d8d519e0239a63acc54ec2803128b57b61

SHA512
95640bde3ff4bd355a96c6634aea2ec2aa6386b2f7838d3bc645111edd45b5c89378fcb7ef521ec497586ab89cb99e2f66ad613583994f62ca80ae34abfe6053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\index.txt.tmp

Filesize
320B

MD5
2955b254e4fc4f835f4ab4cfb909a168

SHA1
618f64d70b3fb21971fc7e531bd81945c7c6ac6b

SHA256
e5cdf81095ad9a9596ffd5c269d59bcaa635d566bc022ae3792f11a5ba6fc798

SHA512
b53bd3346b9ddf34dfdb6c5deee4395abca4507a44c728670fef053cd3554ade0ee12408a14a1003201f390ff5fa10f3b16bd53cc5a30859f3d7bc304d8670b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\46c3e03caea26df0baa9e55e1d2059c796a5b7c7\index.txt~RFe581ece.TMP

Filesize
183B

MD5
46498d9b7cccf7180a07c4db3ccc9633

SHA1
ee3d92b71ed2dc3689dca9b674ba4e9226149354

SHA256
3988c4e7b42d173661edd8a81015967627ed8c06271652e7ddc402e3706ca99c

SHA512
75df7e885319410aae6a57c033e3b428408c828b45afd5650812d9d37d3f4f57338b41d344bae58d89b30e31a84286c08daac44f91479924af9e39fdf53f655f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
f3f494857cd192784d726957b341b849

SHA1
efbcecd269adec4ca7ca69041c98e44269eff0be

SHA256
7ab0890e8899b2fc7df51c32f856ba611c2351ed8889675d7f3aa5aa280361c6

SHA512
0b8a27ec2621f2dfaed79201fcf6bb57521b4c70d82c2ae114bfd29f81c56ae363bcb6364a268ffd5731ab122baeadb3c435f38e8a137d20eece7950a2ad4ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f07a.TMP

Filesize
48B

MD5
6a55b726a50e3e434b90cf9174bd45a5

SHA1
7e2cce38710f5a83858000f912779ca45eedd206

SHA256
c94f02d3e8324d52334b5ea34fbf9d9fa2d76ecca6c0c31f84865e99e939e065

SHA512
7cbb8ee83faf9ccd862cd54b5a4262da2805241ba727ff826bed26bad544b9b48fa095fcc289d8b4536bddc98a08731e8f52edfaa7fcc54d6f331b22ffdcd4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9a364232dc6f47a5ddff7d62cb41bdee

SHA1
a93af30c9d5dd61ac0aaa446878c401ee63d798f

SHA256
51c2a8eec8ec9a429fab0dea2a9d3856cce61e69ac43f900ea3a38d591b09b3d

SHA512
05a6823a12b0d32ea8e3c479107ed7ea72788286d6df5a141f72cf361ca91a18cac846cfdcadf80a553ee97d0b3603fdcac3f95a5cf9add9d605005b9adb8fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
b959125e3f4b7367ddddc23a92801b1f

SHA1
5de8383b1d900a898f63e2c2c57bcbbeeda3f47b

SHA256
3891e68583d9951a257f0701d33cab3297c28f2a9cfb3665c22b5f175653b71c

SHA512
10e50abc557e0769b35f3a89ff48ed9fc1725c1a37eefdbd718c26961a5321ef41bd6a226d63f0b16b336914c5d63dcccc838c422c52978fc57cb28c5868d751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
517637afea5046cf6d94f8d0a99a6e8e

SHA1
b39c2ef4eff5144739438a6e68beaac28af12568

SHA256
9d2ac3f48225e87863f2642aa5a2373eae47b1a7b76bde128f3a6539a129e044

SHA512
2a13ed3658cc7971d623ac2f588654d1d344cd692312146840fc43b995de2114168f22332b277a65eb55d7c65841d470742f44fbb04228b06a5c8f67c2c4f1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
1d97227fd7419bd156f2c98899181257

SHA1
afcbe8a0b96c34e132abbc418bc2cc08fe42e034

SHA256
38cac583e070526c87033e1e26528b4d3bc709f6791f7efeec5554e1a597ae23

SHA512
d65e61efd4b8ab5574500fd8cf39754eae72c1225bf471de79004c843e4d6d7c991a15fd435378e0c6562ead42276195428c9ccacde82cdb9598f8bf001a556c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
17f643776406103d00c902c556bec326

SHA1
9343460f054497e6357099c7be552492d3e187ce

SHA256
c67929950d9e58409df6078c7a5a0c908a3bf70c222ad47b49cffab2d8cc8f6f

SHA512
05b3faf90b496ff236dea1f72e2847012f9c3410fc566ca1c95c312f6f67e661395c09d581ff62b0f66c67db6a77927c343c0e8d24059428121d78874ad763bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f3457e7030c7a8d97671670659181bbf

SHA1
595938f63b98157a5a0b81f4ccc25bdc7c91357a

SHA256
8eca432d685e29b0f65bfbafc1b6914a88ade699bc6fa0a02513bda28f78f3fc

SHA512
519cd26d7b61f7557d7ba3390ea239e2e72c44ef7207eef11db76646fd6d4ff8c291deeb546f5fc1fd9a0457f9ff5677006e3ed9c0ed80870bd21352827688dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
0d442bbb3c52126e00066d7d4785ea77

SHA1
0824ec64e3f85ff5efacb62ce730a8dd5b7e2833

SHA256
f7a56da2c30d50bfe85c56fe41a83f2ef845244e8a224a862cb920d9b5aa6355

SHA512
fdcd9612fe39ef556de497f10b51ec69c8c21b2b3988b41e01a80334d740202ef81b81f2a5fe6f0e578821e2434b7979337a0e5df280b6bdacd594b378275b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.14.1\typosquatting_list.pb

Filesize
626KB

MD5
cd8f0547b4d0459fc40caa32edd2ae48

SHA1
f2a2267b07c94eee76441654294d4bee793913fa

SHA256
b7ced53d106f852e82076b850fe7794ddeaeaf137818339b95a35ffc170277a7

SHA512
0f1790dd996e27dbbf75a6520279941dcdd002429595e02646ceddae317f87fe34ca01049735ed753904ceccc1ecc24080e22c34ba6343ebb155c8e7a89085d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fa6effbe27eed9f14eca313deaa24ae7

SHA1
baecbb66968998a75177c4001a30dc8a0cc8fc0d

SHA256
6301205b6bed7bf00dd4793083687adb16e30a4a482555862aadbe010d339187

SHA512
a7ff577980b4220f9778056289d67d7d6518c93695555e80a8caa909d1d42579fe22cfa03c8909ec28d55e94b01775970283aef180d2cd358ba4224e5a5462f4

Download Submit