Overview

overview

10

Static

static

3

MirsoftEde-Seup.exe

windows7-x64

10

MirsoftEde-Seup.exe

windows10-ltsc 2021-x64

10

MirsoftEde-Seup.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    163s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250217-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07/03/2025, 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MirsoftEde-Seup.exe

  • Size

    113.8MB

  • MD5

    437e77a81f65b728961540a13564f4ab

  • SHA1

    141ef5d76fc21c8958edfb9e903a9719cdb3bee5

  • SHA256

    5ef443293aafe44fcc69d4aeb8a43ab7f1b93e3e0591c52f86ab66bde6dd8c6c

  • SHA512

    669955f564b94035afc9d748639454449de52c9e2630efde3f631422dedf07d1cb7ba69b999d3b3f4e2081f617326f08a297be8b94a29192cfbc06ff4242215c

  • SSDEEP

    3145728:P+vX0Hb5gQb2fL9qcIqX/XoUtrsRum+ETy43AkG+AKpqG33O6k:W87GSmsR6EdAkkKpqGHY

Score
10/10
gh0stratadwaredefense_evasiondiscoverypersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Gh0strat family
    gh0strat
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file 1 IoCs
  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 40 IoCs
  • Loads dropped DLL 57 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 4 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 36 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MirsoftEde-Seup.exe
    "C:\Users\Admin\AppData\Local\Temp\MirsoftEde-Seup.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Program Files (x86)\libcef.exe
      "C:\Program Files (x86)\libcef.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4200
    • C:\Program Files (x86)\MicrosoftEdgeSetup.exe
      "C:\Program Files (x86)\MicrosoftEdgeSetup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Microsoft\Temp\EUAB53.tmp\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\Temp\EUAB53.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2332
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1940
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBERDIwM0UtRTU2MC00OTE1LUExREUtNjQwRkJCNzMyOThDfSIgdXNlcmlkPSJ7ODhBMjExOTctRkQ3NC00MTQxLUE3RjMtOTMyODMzRDFDRjUzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0Q5RUJBNTUyLTQ1OTEtNDE2Qy1CQ0RFLTNGOTkwREU1RjcyMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDQuNDUyOSIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEyNSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzUiIGxhbmc9InpoLWNuIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4Mjk0MzY5NzIiIGluc3RhbGxfdGltZV9tcz0iMjM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
          4⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:1540
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100" /installsource taggedmi /sessionid "{00DD203E-E560-4915-A1DE-640FBB73298C}"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:848
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBERDIwM0UtRTU2MC00OTE1LUExREUtNjQwRkJCNzMyOThDfSIgdXNlcmlkPSJ7ODhBMjExOTctRkQ3NC00MTQxLUE3RjMtOTMyODMzRDFDRjUzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MEY3NzRFMUItODNGQy00RTE2LTg1MkYtREJGNTJEMkY2MEU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTgiIGluc3RhbGxkYXRldGltZT0iMTczOTgxNTcwOSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzg0Mjg4MjU2MzY3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MzQ3NDkzMjUiLz48L2FwcD48L3JlcXVlc3Q-
            5⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:548
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\MicrosoftEdge_X64_134.0.3124.51.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\MicrosoftEdge_X64_134.0.3124.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
            5⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:880
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\MicrosoftEdge_X64_134.0.3124.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Checks computer location settings
              • Executes dropped EXE
              • Installs/modifies Browser Helper Object
              • Drops file in Program Files directory
              • Drops file in Windows directory
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:1720
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff79aa6cd48,0x7ff79aa6cd54,0x7ff79aa6cd60
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                PID:1140
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                7⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of WriteProcessMemory
                PID:2228
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff79aa6cd48,0x7ff79aa6cd54,0x7ff79aa6cd60
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  PID:3616
              • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of WriteProcessMemory
                PID:2644
                • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff61a73cd48,0x7ff61a73cd54,0x7ff61a73cd60
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  PID:4528
              • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of WriteProcessMemory
                PID:1068
                • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ff61a73cd48,0x7ff61a73cd54,0x7ff61a73cd60
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  PID:672
              • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of WriteProcessMemory
                PID:2144
                • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff61a73cd48,0x7ff61a73cd54,0x7ff61a73cd60
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  PID:4576
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBERDIwM0UtRTU2MC00OTE1LUExREUtNjQwRkJCNzMyOThDfSIgdXNlcmlkPSJ7ODhBMjExOTctRkQ3NC00MTQxLUE3RjMtOTMyODMzRDFDRjUzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezUzMTUxMjFDLTNFMzYtNDg5My1CRUYzLUFDNjk1QTMzRDY5OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDQuNDUyOSIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEyNSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTM0LjAuMzEyNC41MSIgbGFuZz0iemgtY24iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjE4IiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODQyOTQyMjc0MzM3OTYwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NDI1NjE4MzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODQyNTYxODM5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA5OTkwNTg2MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYjc0NTBjMjAtMGY5Mi00MWRmLTlmOTMtODU3NGFkMzAzY2UzP1AxPTE3NDE5Nzk1OTAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YURuUVFCUWhsY1pEZ2tMUzZBTTI2eEFmVSUyYkE2cE5rMCUyYmdkUnRnSGVrcFRNJTJmUVVidWVoSDRYM3ZWSkxOWE1ZYUF3VVZKSVNycXZodnJydiUyZkRBdnhxZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3OTUyMDU2OCIgdG90YWw9IjE3OTUyMDU2OCIgZG93bmxvYWRfdGltZV9tcz0iMTkyMzQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTAwMDYxODQ3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTExMzgxMjA0NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTc1Njc4MDU0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMxMiIgZG93bmxvYWRfdGltZV9tcz0iMjU3MzQiIGRvd25sb2FkZWQ9IjE3OTUyMDU2OCIgdG90YWw9IjE3OTUyMDU2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjQyNjUiLz48L2FwcD48L3JlcXVlc3Q-
            5⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2688
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer --edge-skip-compat-layer-relaunch
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Checks system information in the registry
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:4996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.45 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=134.0.3124.51 --initial-client-data=0x258,0x25c,0x260,0x254,0x268,0x7ff895a63140,0x7ff895a6314c,0x7ff895a63158
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1984
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3492
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2728
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
        3⤵
        • Executes dropped EXE
        PID:1508
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1332
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:2
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4400
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4492
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4476
      • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
        3⤵
        • Executes dropped EXE
        PID:4960
      • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5148
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5820
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5984
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:6084
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2332
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1460
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5668
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5388
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5400
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --always-read-main-dll --field-trial-handle=2204,i,16867970754478963694,4830419192570581650,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5392
  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

5
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

7
T1012

System Information Discovery

7
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\MicrosoftEdgeSetup.exe
    Filesize

    1.6MB

    MD5

    6488f42e7cbac0c674942359e92ec4bb

    SHA1

    fd5df680d286ec05937c83f9af3b43a79ec8b45f

    SHA256

    95550d9a0e0cca2f447f841a0522f6c5273162941db7d56d41605b556fda8b1f

    SHA512

    cb687f76bdc943a1b0dad4c80ad8e959434fc1995d7bbb95fc054eed05acd8bf275c7ecb09860d945f11d01872a03887a108c6fecfa43a86d21f539e85f74353

    Download Submit

  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9B0FBED5-2D08-4BA2-852E-FFAC3E75C9DA}\EDGEMITMP_5633D.tmp\setup.exe
    Filesize

    7.2MB

    MD5

    913fb6340d755d6c33c304c60b5c7838

    SHA1

    16d70344bd6d74ba611a57c59d6c227fcf1a3a9f

    SHA256

    8500967b53304d83c3a12f92b89b45d804d73de9d9b3721f1efe09f000ede789

    SHA512

    370473b6409b476a3d9194a50d21e53d359e40fb535fa68354bdea23c47ccd04e08b9fdbdd7ee030ac507b358b4f2b4daf64637ad0ffa89bda2bf862449e34ab

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\d3dcompiler_47.dll
    Filesize

    4.7MB

    MD5

    bf904d9783dd7708d21b00b61f4d6e6e

    SHA1

    5e92173880c225af36de28cc43f5a7343e988fd5

    SHA256

    01fc329632d32de5684455d5cd4786a58e4b962f22077f98bcf29148e898b239

    SHA512

    046f8c07afccdcaa32e535cfc3dde11be138ac6217c5de01ebc2b467b3612865dd6ee0296d2513a0f7aa6257cdf03e5324c9259538922ffdb33769b4e0cd6f54

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\libEGL.dll
    Filesize

    476KB

    MD5

    5bf3a21b3ab0103d393eb5e9200105eb

    SHA1

    57cfe7fc0b653acdf14d9c45589dccb4cfa2631b

    SHA256

    f61b8e3e3024c6bb718d6449bbeae7c901c81ff54201f899ca425e9d92c0d1aa

    SHA512

    72b36703b4609062851a4a8675bfad136be14f89f573b171a841497b4e29dd40e7517fca6b496fc73d4aae8f1fbba5c57e8ee3728bd371c73afc450680caaa59

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\libGLESv2.dll
    Filesize

    6.6MB

    MD5

    27d55db52adc647aca18b0ad5849023a

    SHA1

    ba941783d46e528dcc45490fc4df1c8285002973

    SHA256

    b351d82a1dad8e3655cc3ed180a079b1514fe959b01f9dba3d50997454ae884e

    SHA512

    0517efa415344078345685e26557aae93f05f910ed4110a6865624e670433a474c36c964aa0685044d2fca98b88ba9d9256818e43695cdc0bc67b2a27bb7072a

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\msedge_elf.dll
    Filesize

    3.9MB

    MD5

    5f267442f5912a7583ded384d472d075

    SHA1

    5986232ae7910c3ca22ecee9ad9a45b5f3866e91

    SHA256

    0bf2501cc01e62dee898c0a7a8a9e34fd855c04c9c2cc87d95e51f7e3a0d7f37

    SHA512

    8598a56905f017070ce12ee4be62ebc86d76a98fd3b9255226e5fb47a855a63fcea73e1ca36ee0e0b9127be21b7fae83a3d74c83ef808e6ba122839a8169df68

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\oneds.dll
    Filesize

    3.1MB

    MD5

    b93b1921ff29b53e80edc063e522466d

    SHA1

    a6b2043d211ba20d54f3799a8ef88a34d6bea1d8

    SHA256

    8d00c516b47af509de304662c17db92351a9b73723547234963768303230d57d

    SHA512

    ac28d97d7ea6d28a1d5417044d75d541f0a9ba0d2b8fff92e95a6bdcc3620c07b4ca527f226ae53e35cc4288c973e6d578895f1ab99900241675d4849b3e6a2f

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\telclient.dll
    Filesize

    2.0MB

    MD5

    7a5453cdc819bd6777bd2fbb22c7713a

    SHA1

    4ca79ecc145eba2251648123f65c2a3fc84c4ec4

    SHA256

    e38cc8836f902b437698d0c7f30f30cf51343fbab5c8280ecfd7c2b802dfeefa

    SHA512

    3e8b6e7d2284b59fd7ba8cf476fe5a345932cf3bee3b2bb7a57226527d4f04fc992e06c9001d3c0ed29d19b0eaa0dd1f492e2cd8593a827660585b72770b08d7

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\134.0.3124.51\vk_swiftshader.dll
    Filesize

    4.6MB

    MD5

    6dff0f10a02119f18ce15622bde9e089

    SHA1

    7e53c5c99f81625a536b78c7a93d0ad990211339

    SHA256

    feae19bcf7dfc41ec4fc15ffe08c16a152e136b2cb7a591c6e8a800c93a82ab7

    SHA512

    2b086b4700d40233d9936b441a30277036dc05c21d208166d6c3fea2ced13336ecec7f37d3a4fa9f68788bdb033afbe9935e9953c6292e031fd6d1c4f4ade445

    Download Submit

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Filesize

    4.1MB

    MD5

    fc5a44d0487090f0ed2e7242ec727709

    SHA1

    27099df396bebd53327d1790e526d851c194c027

    SHA256

    413cded1c937279ca05617e8e7236bee298281124f8e373a607787189b574d1a

    SHA512

    be9d3538250ecbef1e2a4aae0461f027c79e3e1439556703e75c101324d521a673d829b70b8358a2a581b32beb0e5300c078fb884d6e37820ac61c9b98612cd1

    Download Submit

  • C:\Program Files (x86)\Microsoft\Temp\EUAB53.tmp\MicrosoftEdgeUpdate.exe
    Filesize

    201KB

    MD5

    db1acd5625c82435c72dfe120e0fddd7

    SHA1

    b8cad7b3f9efec8b4ff3c8c344481ba509096021

    SHA256

    f8cbc120b6d4536300838ffb510b0a4dbff19086065d0ddd015386a73bcb5a09

    SHA512

    13c8cbcdfb72f6a220825d35f5bc0d1a31046e32fb2258ae55f6538e4b0779fe20f2b92c0ad264256d9268f24e0480468e7f90985a5ba3e8c2a62211e760a010

    Download Submit

  • C:\Program Files (x86)\Microsoft\Temp\EUAB53.tmp\msedgeupdate.dll
    Filesize

    2.1MB

    MD5

    396fe7495ec53d354cc4383e3590c296

    SHA1

    22f1c3b7b21a1f80f8d53b0e69e7df740e811bf4

    SHA256

    66dd98d249287e7707b8f1ee181bfb7ab1e2d1d96a5a8a4605d2cc4065a516ec

    SHA512

    c9826a18b5e4e8ff60d9960835c513d82c84c9fd864fb9e5ca99b276d32c88d1362beb870f3d7faab36009b7a430000d603483b1e7d4f124f87e366b0455ec1b

    Download Submit

  • C:\Program Files (x86)\Microsoft\Temp\EUAB53.tmp\msedgeupdateres_zh-cn.dll
    Filesize

    21KB

    MD5

    ceec929905877773cecd70ae48f77da4

    SHA1

    139bb299a3dbc71d4f3aad86f6c4aa8ea2526035

    SHA256

    fcd455c3983f3f7ac233c02170b1fba2d4dc93b34c0169176b4c92bd34d4527a

    SHA512

    28c946b6d342b2301012c480fed4a817e220c57a5e406448cfee6514d723567c1f5e33eabc83370c53c103e4c8b8adf331492b43b3d2ef0bb6a4709f572c0aca

    Download Submit

  • C:\Program Files (x86)\libcef.exe
    Filesize

    440KB

    MD5

    71efcad545b463046639217a13374130

    SHA1

    6dab64e59b94adb4a76984e0b8364d352b2566ec

    SHA256

    7d411b417c49604305ce9661da23b49a3a3e1ed1bd9d4c5986b4bf5e5f6da5e9

    SHA512

    b9292d619dc2638a1df252371b100bc25ea52eba0316577cb299c7456875d629e2f8de4abe99cc77e17479665b50d1627342a712f7b7350a150f4628d27f99f2

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    315KB

    MD5

    92de0b4971d630556554c170f268498a

    SHA1

    e1365428b3a196bb05c9ffde55b7ef454dfe0df2

    SHA256

    e2bf9613457d6003897af339deeffb70e949b8b157df40e6aa64f0fca0202e1a

    SHA512

    6ebaa7d4c6cabdc1a66b8714650b2b3b217f3f7100be0787b9270ffaca9e9feea0d623932cd0dfd916e28d9a6a0963016076de2f390448ebb01ec93b71c4e50a

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    320KB

    MD5

    27a7736df15a7ef9aec3aba5b625d0da

    SHA1

    233c1a552af07652cbd68e16ab28faf2f61b5c9a

    SHA256

    b7941fa1bab2b11565a33984a16ef85cc32d38bfaea28e728e7fe0a5ad0af3d5

    SHA512

    528ed99cd83fdef958e26d6c6959ae51af28186713d0d5d9157fc359a8a46dc659de070aa02937ec42937925886946a4fece83e091cc5ddadc80e9b1ddbee098

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    327KB

    MD5

    5adde3bffa34d6f734b93faf81b4b45d

    SHA1

    9fdbf3dfa1c248ec9780f1c07d465f2b3986c54a

    SHA256

    bf4d592b744600734e66fe74b28f8b2f24d9b945e185808ca11731f2c8e9684c

    SHA512

    eced9217ed9c02ab6d5b5feccd7775f9658f65fe7646bd8e58303c84e90a6be90d9df2d4706785b83261e855e64c7b01bdb5ca3bcd40281d53f76bfd8dccadad

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    334KB

    MD5

    503845d8fd466869970693fde926e3b0

    SHA1

    f84ab3ddde7934528ab91569c02d1e7759d3ea35

    SHA256

    628ef1806d9e1918734d91ae46511b5e169bc126be65145c805f09c6fe314044

    SHA512

    255f711abe1f3e89f37f0907fb2f9599cf15914117c444e948fb69e5485c942532d77128aec4770bcdde7a9a2b9551ba816b1aad70a12c68e5f28e6712532669

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    404KB

    MD5

    14ebaada74043ae7ed7b8c4509f7f894

    SHA1

    4233c9f20c175ee7865cf4dd041bb2ef56a164e5

    SHA256

    61e726edef204a6feefe69ced39049d5f3bbb85eddd33e4a54ed2f66f26c30a4

    SHA512

    17a05cfeebdcc4d366be20001ac3033f4269fc5c9c64db58c94b3e9a0654367a7b27d46aec9d58c7ce8ca37223115c1f475f4e68b1cf85f0e019f23e562fe35f

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    410KB

    MD5

    1df3758e99c957373d63b8654e98eacb

    SHA1

    c64cfe260873eb0206b9eef37b6087cad5dfc682

    SHA256

    854d8fbcff63e9f056c056000526a81760106e24f9d9aa950f7533609672cb98

    SHA512

    3a6a071ded34c937f37f80b1edfca02724d0f62c19c6fc7b149795adc3ca39fb41baab73701bd25e748685e6063031156b0346f6b6cbf2b9ef0a53ae0dfe66d1

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    Filesize

    2KB

    MD5

    53e009a8591b1ad7c646eefb68311de9

    SHA1

    e6ba588432650708842f933049ef3feb28a1eacd

    SHA256

    be5c7cad19a42ce192fba78c364ea2a8e56941f703dba8cf1e75f258d5f10051

    SHA512

    670121a28b7426997810ee74055206ec2ef2f5fdd68dd05d9b1805128eff38535562b28c52ac3fa78ded7003f0f4356dbe887887a19ff29c7c65c6017e196b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
    Filesize

    280B

    MD5

    ebbf282d2d05d7defc9c9440379c9b94

    SHA1

    ea8882bb322a1c985b46c4de3cea66dc9b2d5972

    SHA256

    05857d8105dc714dc89bc7f4ab490e25a16dd53843a307e0da29f8d27651bdbf

    SHA512

    ad342a9a6529a947faa918e8928f2c20da38768c71d8975fa78b3e3d7cef74feb029a82c97b6e8d8ca0977d0bb1f3d85ddb6a5b420ec5a3d0f6d3c9f065bfe9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
    Filesize

    280B

    MD5

    73eb9b3426a57da4d53faf9ee66ba24c

    SHA1

    0a31175dd8ab78b9f96c37f872d1bbc63405e8ee

    SHA256

    c5092a93942206a3bff864c5e62e311ba20aa97f402b3edf54137c18606c847e

    SHA512

    39d037bb8e5f2aab8d969a041300b1563613a23881fb4c98ffc5f72939b927f392ddd55216d47cffb914d4889f3fe80b33f5cb72189ddb5924381b0e9068aa6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
    Filesize

    8KB

    MD5

    cf89d16bb9107c631daabf0c0ee58efb

    SHA1

    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

    SHA256

    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

    SHA512

    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
    Filesize

    264KB

    MD5

    d0d388f3865d0523e451d6ba0be34cc4

    SHA1

    8571c6a52aacc2747c048e3419e5657b74612995

    SHA256

    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

    SHA512

    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
    Filesize

    8KB

    MD5

    41876349cb12d6db992f1309f22df3f0

    SHA1

    5cf26b3420fc0302cd0a71e8d029739b8765be27

    SHA256

    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

    SHA512

    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
    Filesize

    2KB

    MD5

    833fd899f7b7cb3620c181a362b701cd

    SHA1

    0e2c725f0f1550c738ff779f5f7818803e04bdbb

    SHA256

    e7875ac1a72ea8a87d3331626ab0eea7b00003645d9e2b0cf2704daf3aa85fed

    SHA512

    574c199372903c20c0b3a148d641d919d7c7d1ab9b53318138e83b7f1dc10ce8758377c6be30c365aa1ed5520c32f30a4f5593fc510678b6372837a0f59c0277

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\7c5547b3-9c54-4a13-8dc6-e22e7e17e533.tmp
    Filesize

    2B

    MD5

    99914b932bd37a50b983c5e7c90ae93b

    SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT
    Filesize

    16B

    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
    Filesize

    9KB

    MD5

    3d20584f7f6c8eac79e17cca4207fb79

    SHA1

    3c16dcc27ae52431c8cdd92fbaab0341524d3092

    SHA256

    0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

    SHA512

    315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
    Filesize

    111B

    MD5

    285252a2f6327d41eab203dc2f402c67

    SHA1

    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

    SHA256

    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

    SHA512

    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
    Filesize

    36KB

    MD5

    d736b35db15165be930f484920fa4e64

    SHA1

    6300d6fc76c80e8a8291920eaed04a3ca8c356a0

    SHA256

    0a0b7269321b957059283092b07b6ae2532e2365ff2d8092274bebff3a037384

    SHA512

    b03c0438c1f113f625758cd2871f4842567688294a99e7e4095d2bf09963ae334b68022562cc15f724b2931143aa9162edb1aeb0291c33b06ca9295b3ca9540d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7133e9a7-6961-4ff5-9f4d-f5722e0214bb\index-dir\the-real-index
    Filesize

    72B

    MD5

    f43076b8af78f32671fd110f1ccc4a38

    SHA1

    9891579fa14ea0c470d051fdf144f757a6c55232

    SHA256

    657e70cc8a6ab8cbe5b56b8a665ec61009b44b1977a2986aca9bf541742e7ebd

    SHA512

    55140997220bb5688dcb67e466e4b64c6c969cc7caa0aeb0597139eecba3bee45d133a943ff0cde4d9c7c40f4a1b834185c13b37b6da2443da35fd0744e83794

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7133e9a7-6961-4ff5-9f4d-f5722e0214bb\index-dir\the-real-index~RFe59890c.TMP
    Filesize

    48B

    MD5

    2b02d54b6d39e0f8a0d9c4aa24dcee6b

    SHA1

    5ff83a7d3b802dfbbfa0b7d4f04f605a66945e81

    SHA256

    6c6fd5a39bc543f3fab69ee525aefec0e27d36f767a07b271a40c5b95954fdb6

    SHA512

    782d0e447a6e84a348e4914c2877e150102e35638f4e44982be202419947339e711a20ccf412519be8b552acc846b1c961d5e0d701b79a9c220c06d76c2da07e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7d29f4b8-13e9-483d-bf27-ef82aa990935\index
    Filesize

    24B

    MD5

    54cb446f628b2ea4a5bce5769910512e

    SHA1

    c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

    SHA256

    fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

    SHA512

    8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7d29f4b8-13e9-483d-bf27-ef82aa990935\index-dir\the-real-index
    Filesize

    2KB

    MD5

    909e4e8bceeff807c30fd6aed84be143

    SHA1

    e5642fe90937e0ae2feb847a3fecc8ebaf648f8b

    SHA256

    cc1e3bff885b5d8d414b2fed5e0de0ab6052c2c3935fbcbeb1ad3bf14560080e

    SHA512

    9e76cbe1f9d97b6970965a259525c1cbddad3b077d04b0f3b8944b3b617c3eb14479ce34a5e358179dd87c1fc46afd2b0e8d15d0d918bcdc1723fe333d41fb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7d29f4b8-13e9-483d-bf27-ef82aa990935\index-dir\the-real-index~RFe599ddc.TMP
    Filesize

    48B

    MD5

    c482e9492b67b79c631a800d47c70e26

    SHA1

    cf51c707376826d5eb31cb2ad017f348b35946f1

    SHA256

    0cdfd7b559767233754625c841388a22840bbb02dce21b50a4779b949c86b1bc

    SHA512

    92c99ef9f265d641181a8528749527b7ca24f2d04b6a7cf21f541b380d41b08d2566ec2f227cefbfaf2121596549b60f44b94e281786daea5435e4ca7966dfac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
    Filesize

    192B

    MD5

    3122696995b7d77325540bb8f9a38f58

    SHA1

    d19a0e73be7b0255dcf4c8069a586a76d2da3a43

    SHA256

    9a13130a406993a3226354aa9e25bd2629a3a3cd4a796c084ab8ed3acae0d612

    SHA512

    4d236f331ce25bad8e8396dc086b81eced1f56daa0b07d67968f547802d44c6eca45c733fef035525dc21df7bdafb983b3658b3f7b27a71d28578fe9734f8312

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
    Filesize

    257B

    MD5

    01ae5fa5f33eda695d183243f0abcdc6

    SHA1

    7e3998f780b667991c4d9d1c00350e6125f63c86

    SHA256

    189e6d6897ea9795ded605d297e24605d025dcc27b1042b296e1f8f8bf5b73e8

    SHA512

    2c3b9b432663824dd3d124df5f85de4a2ff5e92d6732ba1ec69746fbe917d3e995ad6216649328d54d995eb7079cd6bd4d4f6a8f3aa6d7006474ce2942e322dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
    Filesize

    253B

    MD5

    b930fa36ce3b77af5da11a87c1c5e1f4

    SHA1

    9ccf71ff4d017464b22462235e52050536bf0273

    SHA256

    fbc2fc4ae8e18fd4077778dd9e3184b663af998f30afd8626df16e5f72f6655b

    SHA512

    136a75c459f4f9156db8b8f518f2562b79784ec2dc219edf55b49e15536fbb6cd57fabae22b6a52d98df9597c0291b578c4611caad3aac9528c97d138849aa7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe5938f8.TMP
    Filesize

    119B

    MD5

    09e2d100073e645ed83b1b24f7399d2e

    SHA1

    5257e64a42526d46b6266e1e193b9ac5dad8fa61

    SHA256

    003004ff0747bd279c34679a58b60350aa402748b731000cb880e9351872b0f0

    SHA512

    6ae1dfed5ecc21a88e75f3c68fad87c475dfd606893dd24d555b7191dda550babc02a081ff1871585a6ad983caa8ab3b0c030c933d986f3770d55501d27a4ec3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
    Filesize

    41B

    MD5

    5af87dfd673ba2115e2fcf5cfdb727ab

    SHA1

    d5b5bbf396dc291274584ef71f444f420b6056f1

    SHA256

    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

    SHA512

    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
    Filesize

    72B

    MD5

    960ae4371ec3147c1913592309a6ea8e

    SHA1

    957f3d4541c5bd3eb287521d8185bd0bac936f02

    SHA256

    cf3edae27a43a196c96da68958d0a54b626225e06466d7bd88773a27c37a7554

    SHA512

    820191175b64487ab90f0c0ea393f80b73454427eafe174733dcb34d4051ab1a5c4e1a16b559844ed6add259516c9633775aadda10da63c6e43c47d951ff3c84

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598a35.TMP
    Filesize

    48B

    MD5

    20574df98536983bd5eb387d1f6427d0

    SHA1

    7cee13b45c2ef035016d863069c7ebc9ef5fbb3b

    SHA256

    7f2ab8b7b28ceaea6060e9a7d0e310532a13ded81863c2838cd2073244d750f8

    SHA512

    99728fc4ff76ea8c5d7fadbfcc48c4fde64d567d7c740780c584e3014d0dc5f5dd646cc52789a0ce5a20f4b6fc5e701a632a1dc572693a77ab61e368ddf33900

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
    Filesize

    849B

    MD5

    1b7bcaa75162e6636de470d018ccbc50

    SHA1

    f9c387b005e7f9cee3acd637a131a35144d5b130

    SHA256

    2de59632733473d11b84ba20a2c0a87cc93edef9be6d7c7b381ec6ae727ba1d7

    SHA512

    d38a76310b25df67801a122daf43466ba5fc1d46f47e14e2992a637e7096a1a90a4e19c5c758145b05a871587f38836d05a5fdbe7f1575e5e9c5082f7741e45c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
    Filesize

    1KB

    MD5

    ad15c8306ae8f8b9102d03f60960cd69

    SHA1

    da661ac5862d93df6a183e793ec26439151b4876

    SHA256

    f0c4005baec87815b9d6f2dbc7747d508f953d05b594639cbef44e4d3bd4590c

    SHA512

    c16f5aec1740d2997a3dbb3bf36913a7cf6259c33bcee681b1efe7555530124626c1ed599bccd30865f5d855b4e86b390256d856f9f19fb420ab0a4bb5edb6db

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e91a98c0-a991-4173-87b4-b4ef40643f3c.tmp
    Filesize

    14KB

    MD5

    0f56d6e0381470acea1777f0cb98bf08

    SHA1

    a0d3a18a52231f82b2bf24aa9014caa6354eb71a

    SHA256

    e9f144ea107090df335acb91a8a52feb3995cbdc6355f8e480322acb8d3f84b4

    SHA512

    097392a7d61f8e62970faec381f14035b9e920b5889d94692add4864f5e072aaf23c2444f118422600e4ea154df0dadfe31e8df6f1bdc6fe76d7bacefeb88250

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2
    Filesize

    8KB

    MD5

    0962291d6d367570bee5454721c17e11

    SHA1

    59d10a893ef321a706a9255176761366115bedcb

    SHA256

    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

    SHA512

    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
    Filesize

    3KB

    MD5

    b34315c7f022b6f6542771adf3b2f56b

    SHA1

    dcefa4a714d463bc6efd0e546a2147cc0388f79a

    SHA256

    9ff2b88b0aedb80fbd9faf317099590c5adc15184e75ea73c0ecee4f17a9973b

    SHA512

    0320983aa1a38a2b12caf95cce0ca97ca2ecaf387627ef7b055608d7b3ac8e50b3954883d9166492c68b9e68105ab27ea788e30efdcd384a389904721afad3d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
    Filesize

    5KB

    MD5

    637220d7718b0a6cf1b918dd6e363693

    SHA1

    001ecd434b1a817ba214a59409f0be1efc9168ed

    SHA256

    35a733e6574638d3b30a2ff70ba1a9437a6df47c34c31d299518fe2af76ae8f2

    SHA512

    2b91320b61ffb1bba3a4935de5851ffa873fa2dd41e3e356a03424105bcc88552461b60bc89cb45273604649bb86012e4c8c36d0ffd98044e1393201ce93ff0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
    Filesize

    5KB

    MD5

    5c12ba67665365ebee8b1911078fb3e1

    SHA1

    407b77f15227cfe39c18969c36cb8cd9b6e4baa5

    SHA256

    df4184ce0960455772239a246d4694063234bd20098580cfc5b98ff79c2ba3d9

    SHA512

    bde8beee2c74e845ccf9087b78d3fed151afa7922fb0f628fa1150f49845167a0a60a64f50ab980507f1262e5e411b7c2c04ef8cf3efb2ed44b1b742d8eed846

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
    Filesize

    21KB

    MD5

    4c8cc4d1232e542094b190925cf2089e

    SHA1

    5824d84ac2811ded3418ac5b4bbf72234c15d92c

    SHA256

    4b1bd10a28efc05b3cd0f1bfa5272b117aa72f9a413c21ffacf4557b2768d17c

    SHA512

    8b59f4a8c0e5800425c427e837e5540bf32d4891d18690bf0380729ade9a83695c13bf68c62997bf9d691ed11f96852a3570e2c0c6a06086c69fc6d873a4792f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
    Filesize

    2KB

    MD5

    3a9638726c37902460797fa0fe2a0be2

    SHA1

    8dee58ce7ddc6d572cc655c1f59580393c47ca04

    SHA256

    fe990b014954498d43874dd45884491fdb4ae7b2367d1cb675157fafa46feaf7

    SHA512

    7418b769d15b420552595f00ca7611836c967b596713dafb7c0f57ebb4d3ad695f0b3ffd82047351eb782bb455cf662878eb32fde1b8bfde5dff2bf1c3d0ff93

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eb4d343b-d2bb-4cb6-97c5-41ec176c907f.tmp
    Filesize

    1B

    MD5

    5058f1af8388633f609cadb75a75dc9d

    SHA1

    3a52ce780950d4d969792a2559cd519d7ee8c727

    SHA256

    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

    SHA512

    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

    Download Submit

  • C:\Windows\SystemTemp\msedge_installer.log
    Filesize

    72KB

    MD5

    b7219a0045b85ae504a441cb3f9b95a5

    SHA1

    c5780091a0511f67a44b6ffc630a6b3d5b1ccedb

    SHA256

    aabd512f80a0f91124d289a8a25c45a5bf02ca21a57a6edf7813d16091d0aaa7

    SHA512

    cd538f47135691ebfdc4d8f30cc00d45677656ff5943cc22075f906faef36db01fb721ad7579383f335699fb729a01430a0ea07a16fa0d21278925cf1d46ee20

    Download Submit

  • C:\Windows\SystemTemp\msedge_installer.log
    Filesize

    106KB

    MD5

    d8e5a87f4ed62c1cbe1cda906b9bdfb0

    SHA1

    f9892225533aa5cefce37fa82ea059d021d8939c

    SHA256

    029957e6237708a7cf9564cc9c98547498debac515320562eda9938179e2b32a

    SHA512

    f283db8190830b344115d6bc605e8f928923758621b01fe4576427c3da8c7521d55da1c21486dd8276c54cc291dbe5b63f33817aa58dae09bb180fe31f2cf41d

    Download Submit

  • memory/4200-32-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download