pandastealer | hxxps://fv5-6[.]files[.]fm/down[.]php?cf&i=yajmy9bhev&n=chaosphere[.]rar

Analysis

max time kernel
146s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2025, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fv5-6.files.fm/down.php?cf&i=yajmy9bhev&n=chaosphere.rar

Score

10^/10

pandastealer discovery stealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
behavioral1/files/0x00090000000243c3-1845.dat	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Pandastealer family
pandastealer

Downloads MZ/PE file 1 IoCs

flow	pid	Process
481	3120	msedge.exe

Executes dropped EXE 3 IoCs

pid	Process
1016	winrar-x64-710.exe
3732	winrar-x64-710.exe
3520	saqq.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1478960420\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1478960420\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1478960420\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\_metadata\verified_contents.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	saqq.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868811345161158"	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{98598E1D-BD8C-4C71-AE35-1FD86FF5638E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{34F60274-4C3D-4DCB-92B3-0AB9CFA70A4F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3788	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3788	7zFM.exe
Token: 35	3788	7zFM.exe
Token: SeSecurityPrivilege	3788	7zFM.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
3788	7zFM.exe
3788	7zFM.exe
3788	7zFM.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2216	OpenWith.exe
2216	OpenWith.exe
2216	OpenWith.exe
1016	winrar-x64-710.exe
1016	winrar-x64-710.exe
1016	winrar-x64-710.exe
3732	winrar-x64-710.exe
3732	winrar-x64-710.exe
3732	winrar-x64-710.exe
2716	OpenWith.exe
2716	OpenWith.exe
2716	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 4420	4356	msedge.exe	84
PID 4356 wrote to memory of 4420	4356	msedge.exe	84
PID 4356 wrote to memory of 3120	4356	msedge.exe	86
PID 4356 wrote to memory of 3120	4356	msedge.exe	86
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5556	4356	msedge.exe	87
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88
PID 4356 wrote to memory of 5540	4356	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fv5-6.files.fm/down.php?cf&i=yajmy9bhev&n=chaosphere.rar
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffe5980f208,0x7ffe5980f214,0x7ffe5980f220
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2440,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=2432 /prefetch:2
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5184,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5376,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5592,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5704,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5836,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5408,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6792,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6780,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7144,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7292,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7292,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7760 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7384,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7772,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7680,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7388,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8020 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5744,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7684,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5696,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8180,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8280,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8272 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6864,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8148,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=2100,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6248,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=7964 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=8372,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8300 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8392 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8668,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=8684 /prefetch:8
  2⤵
  PID:5872
- C:\Users\Admin\Downloads\winrar-x64-710.exe
  "C:\Users\Admin\Downloads\winrar-x64-710.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7636,i,3681470622853667821,4027651636586631323,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffe5980f208,0x7ffe5980f214,0x7ffe5980f220
    3⤵
    PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    PID:2092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2144,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
    3⤵
    PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4580,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4596 /prefetch:8
    3⤵
    PID:5852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:8
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4696,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:8
    3⤵
    PID:6096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,1398924859077423153,7402505590049465609,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
    3⤵
    PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3092

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\47e3882e23714755a01c45e1e96a3405 /t 5088 /p 1016
1⤵
PID:2752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5000

C:\Users\Admin\Downloads\winrar-x64-710.exe
"C:\Users\Admin\Downloads\winrar-x64-710.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\chaosphere.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3788
- C:\Users\Admin\AppData\Local\Temp\7zOCCE876C9\saqq.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOCCE876C9\saqq.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1478960420\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4356_1708333951\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ea01b6d8ed6e780d72b35341e2d6868a

SHA1
adbb3c6ee3317e44ee37e3932f6e24454ce528cb

SHA256
c734a6681f1eeb1b3ea4388afee9422ee7643496301cfbff461d1318c208524a

SHA512
c0b2157edfcb940b3238f4280b25ced63b87e7abfa3dc4b2f0af27f944c6c7c81f965068b93b2fcb63d4a50efe7de7763626c5ba3500eccc67b8c5721c8e0590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
1b21848be0baed46f08aeb20e7794d33

SHA1
0a75eb99846e67259ef0b87a4889a216f6ede769

SHA256
5447622b4f69dc221d55138c9b13b047c7aad28d00742f9b0febbb80d576d7ee

SHA512
b2a327b09c567b6b2ccdaf1fdea3ec1cfb553b2c2079746226cefbceb46e0d8386872e90d6fe67f6e5c07c9233b0c7a7d0e1693e2c402b9c081c7d00ca1652ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a93d2dd-4713-4455-b46e-d0659b6f6e11.tmp

Filesize
19KB

MD5
cfba199afa9461571261fc318f845c11

SHA1
4765afa5dd398c4a21e2ca0eb9e6de7f945576c5

SHA256
6f31523a7f7785c1f2014dfcd7993b211d819158fc5ad0832a2cb9fc1cac7e60

SHA512
d72241c9d4414697d6ca9955ded8ad9f82cf154affb93b5640a5e6b90b779dd6c3c8d77742c873736fa9e39699526330fbdc04b3dfe2efb4ce2d9a4202a4efb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
80KB

MD5
8d85abeb0aa7728feb7ab72447a77454

SHA1
c32eef71381ddf1a7316fb9547e9ec50ca26a870

SHA256
a25161c55b22f24d5cafd88c6e9b888795119cad4e79ced2a4b5fca3014d0da3

SHA512
f300495ff8e2648a580df16f8ffae0fabf2d64173688a3c95b2461101439f1d69950a68d92bb36cbe2607694c19e326c40c7f3aa877fbae5aa2f785318246f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
776KB

MD5
4e746c6fc7765f5ed60c9a2b58d3da32

SHA1
bfaa0030629d0e05b94f570185b015f5f8ffd742

SHA256
fe86a871c1579f4692e0497c76d595762337a5813782a5ca6aafef0ba073636a

SHA512
b78fc3250a21abe1bcccce1e5ca35909825731312d80b792d61c17525763e7c8d4556a61c06e64181b376bd5c7a5daa646eaa32d2bf7dbdcb500c42227063db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
dc9bf275b8cdc59b2153509072969eef

SHA1
4c5e4366619db623c1ea1272c112ea6f1b860cd1

SHA256
fd06b7a0fe26c48e34a67811a9ec6378a526520510a6c0e6c4d5d3f93f174844

SHA512
5adc4d111ae74ac9d9a0f2a187eb4c3549ded29bf2c7de04d3ff55945062b6571892d7dba3d21d611212a5ad8f3c5fdf6ba7adb3d63b62dd63b5516aa35e5749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
3747bacba91d8b0207ac050611105506

SHA1
03bfb8176aae0c6e1258178cebaff2205ab14815

SHA256
2fb01b3060334b92ffb02ced213c2f4b47ef8d3644f2b890447d3f6b5767034e

SHA512
2ff3a749ce322178659636621dbd1a27b3d8d6f174612b33d1738b21f205254fe35b50b146cf2565e216aea003616841fb8f813b9659892c1bcb8b68911c58d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
16KB

MD5
998f3558d691503b0009cda94d634bc8

SHA1
c8864c66ef2b7fa4239be2a5d4e530093244949d

SHA256
2cc86786acf2adabbc2e0bff84afa0fe283f10f92f9679c1d63f6fdfaa5f5bae

SHA512
3706fd1035354dfa6b32eefc63bc41f9a791a9bf612a5666ebb5fbfef2d68de903dc8e8c40f37380d525707df94ed8e71847174d2a3dfd92c2690f4d2303df49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
88KB

MD5
9468ece9cc8e2c4dc4ff09cace28d45d

SHA1
e7d3be5c27e4ac6b36190c43f76d6c01824984ee

SHA256
20052ec025919ec022cd4cc25e67eea10596707c407b92d9710dda433f64643c

SHA512
03b6ec364b0e4d02b72d7c63bc6d0d3a182aeb1d92fee6becb06e56b3b173c72c7ae4212da0c5a50bdda5d490e55b886c33e991009685ed37a09b6063c48ec1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
18KB

MD5
b2fb09ac8667f5773489a6e1d2b09527

SHA1
503d44f4d6d6965b3da366999fa719d1f4d6d322

SHA256
fd9725c320dd0d8ae5ea7f91e60eaaa6095b01a59634c28b6d3c30e1321f534f

SHA512
4c23a157388ffbbe54dc1c93e359e502d9ae75c0ea5ee4fca7a11852268d34f9df391a40b698a187f3c3f6ee08d89ab808b36e817c044eb83bfd639f70d9facb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
33KB

MD5
0d244c0fdd692e17c4f0877a1a515b19

SHA1
b0d80097173922de25e1784e7791b638dca5332e

SHA256
235dc2966357c9ae5b6bd2f692efedfb657ecb09a24823e3019ea66a0098ac5b

SHA512
249def8c1473dd6e036a56dc9b05fb01168fc53d95ed2c2e399188b6cfb4c7e2d0945ebfcf6621aef3bde8e9dc536d9a312980ecb76723fff57300a0c0e79cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
121KB

MD5
7723615fb879bb840df59e35baf1e02b

SHA1
93dc478b984b6c33764bc7a3af3d8c2ce8554a74

SHA256
4d52138739cb2cbc985507f2568efb51750e83683ea38d53a94c604d8ea5d3b3

SHA512
8fd33e5c43784933e271724046c33afaacd41d21bf6ffdec23be08c1d4b68563262421a0d5b6ee61d96048294e2c5c2e1fdb21a24dfa9fca5b908a6e8a44ea07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
22KB

MD5
7b4b22647743b62975a3e0e7e20ada48

SHA1
56edd116c2145300c1fcc38b882caab836bc65b3

SHA256
3264addc592242b6cede9f35b21d33a4a7bcba6dfb1093cc6370c0c29b9f9237

SHA512
5a3414d9ed82f81b22db678d2858e9a179386a95b4e23973997b4420a311813414eedca3c6831c6b58f7d9700afd360d815681cf1b3d80ce91856155338cbcc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
29KB

MD5
a87084f09b8876bb7eb48f51ebb76143

SHA1
95129bb25c1adf1ec6b0c13a896be5358418dde5

SHA256
da00010ada738d955ed28afdc271fdf018a359c58225c9cf6fca8713641b329e

SHA512
b775fe22df7c94fb4953bfe42d84d0d06e38491464a6228eb1167cb90e68a1e7db8c7cbba47621cb6eaf6430036ce9173191482f39ee206ac45f06349ecbb80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
25KB

MD5
5c3e15df203a202bcf17a96c3953f58e

SHA1
175c4a66cf41a50796f58fafa26bd065863aedfd

SHA256
2dc771c3db94d48feafd24b28ded5102a5470da316eeeeeb4960c6b899e624a0

SHA512
5fe33249e09c9510f78d532188c14abb4f977b38b9fed14d9714ff12b0d889b76b78e11ffed66036370e4b023b7e7f6225d9f6f28158200c96ca8470a4d1c729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e3

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e4

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e5

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e6

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
c5e1365d07d0dff4f0dc9d300493f9f5

SHA1
5012b5e55c2149e329a9b0f26979fdffde6f48dd

SHA256
d6ce33bf4df4f5183090f4f7c88beb7b38e23741642194f195e9bac05f55e03c

SHA512
eeffa6f0ec76ffb97a4c188415031f9f1761313a7f3b2c88638c06bc49136d738be6628caa28d037ba17eb0bc8f63eff7de37cee15ce03d4128dd58c4f2febdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe588fb8.TMP

Filesize
3KB

MD5
bcca4a15634981106d7706ecf77b327c

SHA1
f088d04d5fa141ee5d31d032e192d598cfed2855

SHA256
80eda26f09c12cecf0c2eaa32c3843320e650eda1a449e8ff6acf6444eca79d5

SHA512
a01ad2546c3761f42e95fdc320c6bb8d42a1109c43e3ffc09748125378716097281dc670ea13497b3712cd35dca5775949d63825f6717a8377115426ecd8e2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
c340d19046b00216f3157fdd7ddc1449

SHA1
fc906b1449adb172e1c39dab797f44aa3ca35d68

SHA256
22f59d74c578c1f262df930768e52d3920e2265a10a8a6638f6bbea24b9bf528

SHA512
85c67060033c1254ac74e20d1058689aeeee8884f7f7f7a355dfa110f58ba190371df0b8d19970baea3a2b8aae9f4fac6429addc0e204af159583c7c6219177c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
a5cfb93e280953f7560a6e6ebaf5f79b

SHA1
022f37130c776c12dd9d313623e4bdde1e4b06be

SHA256
a84b554f73822d55fb134c8b1744e30cd6e7f74f6a66a8bd31fab7c61a686386

SHA512
058ca37b594a5ec09a934370f9abd82d450b3094867d27d74b42ad10e3fef4d866b83f5b50d390f48d8ce38bc6d1cd4cd1ca5982dc8fb965ec20e24941db25ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
06b6ec668cba3d14645f22d96226937b

SHA1
8461fed7d21c522b20a38b0545145318fc667cb1

SHA256
abeb7012019b62b097592577418d700aef733de817bfc857f123e9d66da7fa91

SHA512
8cac21bc916f8c67c1e26bfb079dadc0621e3b2ffdf8efbe7292d16d857315868c2dfe2291832abc5ac3f8775a126c3347093e457840954d47bc13d7f1cf14a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
db88d346231d86af1c2234983923fd34

SHA1
27c50d10c38b34811a9f41b2b61b704d9a6f7391

SHA256
adbe3e923ee478947ca0314b02deef79212d619a73148093df3e9482c6319f1c

SHA512
933c31e2e57642e8ab9cd46a26c4d90d547c3a43a00f2e9843218c50f127b9d5ceb21216150a8b6b13c38cf18af582a5870ced73ad29df5bc57f453c756d669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
e98d97264356f2e1c74d38b0ab085417

SHA1
a8c75e97fa62474b0b1c40e7fe62d24cf4ccada0

SHA256
fc4988296a5e6db404cf4d8fcacc6b779c023604d022d7d0fcb3feb9e9d2ca0f

SHA512
dae7a79a3e237d709538cc1d49a06bb7b2251b16e85291285be3b5448f14f0302d69f7c862da24bb82c16aec166324c066c8cbc12f81fb83877a2e05ab3ded41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
209B

MD5
b87b840ffb5d751c330d66fce1756440

SHA1
226e9f1ac4610a27e48f366c61f7e68dbcf1d839

SHA256
b49dd35844a59506d189dcdcc50e8b048016e0c7cd7a895d019d891508ddfa83

SHA512
9e3fa5da63a85b1727537171e7dcc22626187fd2f2bbfb35c5711bb8c0f588a81c533063d23672d8e6a36eb3e5ab63c568597b5314433afd8f4ca23c7cae7342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
5482ce9dd98991d538ce669e3200bf92

SHA1
dee8b5fb0eab600a662a539f3e301b53e07aaab0

SHA256
80983a49ccbc19ea79fa26a29faa902cfb1726f9d3d59d7dcbfb46e47a4350b4

SHA512
668a693bd1e5038f043547464d033cc8fea2fc5d3140ce9721f183ad4de7a9845c86a7069abd872f373f318438d90254f7f51845a098bcfd943f983b04f2b981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
3ec2a72c0c2731172e38a666358206c9

SHA1
e10213143420bb4ce0a7b9b01bc7da66107e1250

SHA256
8dfa3c98a0902b4ee6fe8898a3275a2c88da912835495f968a9b9474cc6c8216

SHA512
fd938104d06faca6ed483e51caa63e72c8f9ba0f4924deb1337db88efeb3b4b49e84e4b23b058e87b07e7e46bcd1a130ee79e6728389960697979501f3718732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
320178cdb9ed3a29f13803be78bdeebe

SHA1
bec2dbdd04e3342124a20c8115624b2a8c54ab58

SHA256
abd1bb3fe84a1107ddc7840e47a73cba149f98766c5d8cc7f6d52d5d505a3695

SHA512
9f70fb7b96357b7cbadff30c58c20e2c67796a38f8c3bab26cbc30dbbe8a118277007e8a24c94766320d4965cda3758205442c3aa60b21a32649985df065c768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
63c0f7da4d780c7ff1ce0e43625320d0

SHA1
afe4850b29dbd7017918756c10b8ca38f695d9bc

SHA256
01a62417808cd51f94e0d1e4f59eff58221c1d80f52d458f1b58de8998f050a3

SHA512
f790779364f1e91a69c55e8a941570c16f3f8d3bb600c743662b823d9a2fdacde5176f86bbadd56e242569573242af3733507fcfa4a9ea386361681cc0e0bdae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
278b6e77e0d40228c710ae626fae3aa6

SHA1
3b2a670d9f00dcd8be42465a37ff46db3bc286e5

SHA256
64152d89b75c7b338646d7884548801ac4623527d81e8e214367de2d6dfbdeb5

SHA512
c706ea0107a3aec873d4b2465bfbf891c364171bb1b84830a48c7fdec145759f43decc38692c0fcf279b21c7b8113982055f427a0a1d2b14c0885db61a4e0a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
8d2006c842fcf59b5cc2b9d01bdf9361

SHA1
dce94b17478b38d7a99d88592417d322d0be9a69

SHA256
6be069aeeb367c2da7c33b2acb4fad17f7b1fb1ecf9165b2aba1550fe507be8c

SHA512
717e98fb0c63c37b5790f7facc0027184e86ebf9423a22ad6ce93f0db51e3daceae25e19cf4e6e429993b136d707e58075e5e0a4039d553c4207dfbba779cf33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
8fd409a1426de07749af8e28d3946b65

SHA1
f1fd6797a189709f3c2ba92ea540176317f400b1

SHA256
5dc4ec9a6a0d97d5b035c8e6d1993a98c9c2a00f865f4709c0ec90bf2d28e9e7

SHA512
c1efb5b06ace746c3d21deb9b034ce24b89a02d525839c2cab5b44d1a0bb67fb41cdb424224515938747ab09b419f2ca055a9e1d3a4b028cf5b2fea58385dc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
8d1a4077fcd495c87ab5c3def829305d

SHA1
bf3a671ea1461ab839e53ef0f0e1e9cee42a1b47

SHA256
2591995058948a8d81b8530113ca61c9fb3b26b8779ce64912c2363f5b9a921b

SHA512
8e1ac36dc2a181cb51b8097b22bf59d3445776f23cc65e48e14998b580aca5eb02aea1485a44e1c07ea1fc3a23e3bc226ee17fac27b30f6abc2c03b5f094ac67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
1KB

MD5
e6c60c60479eec9fea9aa61d72b8c33c

SHA1
d3a1866a436f50fb5b83d0d2f473939e75c6cf88

SHA256
84486e7cbdd9f3c7130d20c2ccd8f6f5a86a37bec0889489cffd333d3d80f1f3

SHA512
7f19083fa916faadbfef250e89567daac41de79b89b20bacd4ecb752c12bfb505be4b7670524d8db79a8b7301b3273f0571ba316810a402a1df763070103236c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
2KB

MD5
637e2fbbd328bb0928a7c62c751f87c6

SHA1
1df6edf9d305cc4257f2d17d7445c5981a389656

SHA256
42f2b52445b0a07e02e608ef5fcb29d516fb69c7bc90af675b2404401333e32d

SHA512
3093f54840cd6ba5c53b779734360d65f37aea377da09330a6983b3fb72505f0c011ab66bf93626e198a56674b5470ce565aaccea2f62a423e87801e31dd7962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe57ceba.TMP

Filesize
1KB

MD5
c7e39f04661c6958f0155e53a6448dc5

SHA1
2260ccf6c8aad67aef4b057a390163fd23ee972e

SHA256
f102556cbe285ee266d9e84dc6dd5b61903ea4092e921951e13a34b645509e1f

SHA512
29fcd436e1c22b5986ff8a002d6ad8d1f8b824c3a9238e270c5000809399a8515e98eb6c608a6098152cad6760327b742a7ce95ff2ce87ad4822d42b6a9b49aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
6cd62c6fe5c8d420622a33e32ae1bd3c

SHA1
01439c696c252e8e685e73a7eb6133a11b84e261

SHA256
9c806e8bb2006b1f7952fcc8437efc5fce84b6f2f01c5aa4a14c10deb20a6ed7

SHA512
73bd354d757273fc946ac17cb603ffe5e638643baa931d6952ffe5cc39dfcbfe080f7af09af8bb4ae58e86118e0dccb033cb1cb404060d896211b2c46faa7335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
4KB

MD5
8638abe6a19a9968509697525c487bc6

SHA1
a40a367032a047e69b51b287705bfe2e471644af

SHA256
6444ac3ab7d7c955fe122aabc421023869d3dbdfce610a67637d41893f5fc5cf

SHA512
c8f70575ccb0ac7dbfa8083668183c94e72cd1fae925f1945d4adb707a8a28967509a520bab4f72483b60d2fce71fe25a24c5d7fbcf0d4fe7190580879952a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
eec4f0a659614566ad5a19961456efb7

SHA1
228df873c6e89805de2f58f5a4b66632186b6111

SHA256
24301c496c46a1d2c478a122f51f9877a4f096bbc1a456e99554647b047ff15c

SHA512
67d92db4757e8ef7df37265bf6c8efbfee6c00ef79fb146b140dbb92e32e404da135edc68082daf75669ea23b71a326c055e4c82cf6f45f33c25c4b296a02b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6972fe9184c476be27a9bdb5f008a7be

SHA1
4a064b248df61946316b5265e9e6ce03a239f872

SHA256
8b2e879e50b6392d89ed13cbbd37555f6b2b1e7ef2e799202ec9514a00055d93

SHA512
06c787e0eb2a7a38804cbe8de934b70dd28a15c3e71cebd6be3ec5d9f01b7071a7d259ef8229d5e5b11cb0be9fd2f2b575415e9c2cf1569873896653574fccd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582268.TMP

Filesize
48B

MD5
367daeb448627596b7d5c89e0983386e

SHA1
c8639fd1c5167c97eda2d41ce2507bebbe617971

SHA256
39c6018a9f87f45f9b3cded53634b604a2b9cafc921d263ef9da787b16f42264

SHA512
4afddcef659141261f335b00eb5aff1ecc0fe7de17f21fad03a0a1faf0facd4a2cb7c1f42b12662b259573c62244356b281be996b914ebcb5a5e6aa14b4bc624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
460B

MD5
755df780c297937b25cc0730b9cb4700

SHA1
6ff063d0ccc3dbf292f082f3f884681786da7dd8

SHA256
652e795f729347b11085a2f827c1ac5ff1d3af97e507f09bd96470df58496e08

SHA512
bfb0afe894eec00bf9a3397b6743c8f0f97d7a6546e0017171fd7af09879bfa493345bf4769378d8ab0a91a5068b516e0cba2caa45c6f1b85b6cb30e8dd376d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
40bbb51284f769542bf6f901959acf36

SHA1
3980b4a23432f8e5a3d0890002a0d207b295b3a1

SHA256
6572f80b5f758aeb83c3aa1895d5bead60c5f9f7777da1bc9b9bca4404fc60c8

SHA512
2869886b1e5043fc8065c1c85377156677ff907836f879d4901ba6a934392e8396cf4f2bad26aa034f43b33cc9227842961a30fafa2fcc9ab0b4c778f7b017a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
cc9398d4bffe77e3f0e3f54bc873441b

SHA1
6419dc15792231822d0580d63302bb1f08e51014

SHA256
49a1be0d207049f1fc733e09ff9538a36b5a377809e319d2d1648c747b605556

SHA512
5f1653be23f6e36d789f0bc79f7fa8663af1b138d2516692d7ce98dc8e36473b65b67ba800b37e5ff0a0efe2de2447b81c318a351598e61e35bc143fc233fadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
37e947ecc32d6424f0028786716eeb2c

SHA1
2dfa670ec103ceb856b2b2a4b88b5127023c1bed

SHA256
811f24be0d835cadbe0d20f24092fe099a7df3b1aed9b67d8578c5f22e9c3b12

SHA512
fe5b7cf856bc6e1f036c228ff54b07763cfceab3b33b28ce4f839094c37e2138a0ff1800e91b3da4f8b013427e53d9f848ed9013335c766490a41e70efd33093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2b30d4759373729721b97ab9633ad3e6

SHA1
ff87223349d47690051b83aa7d5cd697ac74014f

SHA256
7b64885dcffabf02fa5bfc3a915e52984f31e107175b6b46b503889dcae486f3

SHA512
8bf28389c8ff192f1f146cfd9d647761252c8ca21114413bbc4132b641e1ff246ca0f46ccc7d3faf0409383bd89f6b30728ed5e2536f097b98c9b2b421e1a22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
b534a795b1b50433fc633cb5fe07400b

SHA1
4274c1a3480a982500e5fcd5918f6562980006bb

SHA256
aa1f0863e55b2561a8048c1a255fca8141223fc34bae57a72e057fbdd2e9e181

SHA512
d0abb471cd1037dc8f3fe2170bdce9165278e6647306dab4ad51d8987d5a2dd9c6b287f3427f01ad90092ac95e74f05677631e9dcaf52e2d1f4aaaaa7e0baec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
7321fe548bf54913fc7804e55e835fc2

SHA1
9ca1a6b446a7a1031bf8ff51f507ff24e931e974

SHA256
623986608d78dae68df97a98538d5f5d5ce63b046d815ebe0ba99ef822a57a17

SHA512
685098a9e39ddcfd332311a0b2ce7940f6cb2d453ee5812f44bf5099e5cf0f47cc9c77298fa27b57a9b28309e63c9d10cfc8f77584d456b2a3a2bcd27db62d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
9cd2d602ed066957f37e21d8045ab987

SHA1
c81c6e07182d680d75fec334d768b9e2c0c16154

SHA256
9baf7c895328040f94f6c9e2081607583eb83d33ccdd7e0ccd4abe10889a54d0

SHA512
860f39c9585665e845d0d0944b9371f1f07286b03d10b4c0f0b69f84e135cc7c6389bd5fc85a769e507ee169b06e95f8ccde03d9a820bdc90b5208c2d1e49fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
cd63dbe4945cf5b52c47cad0575337e9

SHA1
9e599fb2e0c4f57b6aa2e19824c3bf90a300f3fe

SHA256
34e38a1e21fcde46f580ea6518e302ab5ac9a92e634f311b51f1936f4851f692

SHA512
9a996acafbd6b623b98fc230626ce530aff8fd42116d111828785e0be9f2d0cd652ac69a17cc4ef7d59360163e16ba787ece96f2f795900a7a1a8361bccdcaaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c15c73f1d71293661e8b7bfd3e4fde41

SHA1
df30d323078884dd932cbb7a562b34d59a31e161

SHA256
c6be0475cb2a0aeaf78c907652d45387d2be80677bf6cfb1924a254a063fdf6b

SHA512
dd3d30508921d523f2f345db4be56c3cd8cdc5a88d1fa9ff6368b0d11c7e75ad40e159dd98cd360c775af868102b67acd93f10df87c0b2b14a1d11c891b6a0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9c08024beb6361bc53d66a226e5ecf6a

SHA1
c79e42297a88fa376c759f569859560c4eca203e

SHA256
b12f375d9125f7d0366713394bd035fe81cfc75c0910876857ebb314a018436a

SHA512
0dbe57037dea801a60d493e9ee7eebd86ef8021075edca52878ae9b9e8b289d7a570664a6e73340a3b1de0f952ed0bd29e22da877617da2d21496db6599deaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
6a4f0bec3523faecd43a4a4450325133

SHA1
ce993f77ba9d2f0cfcdea6514c124a21229cd0c8

SHA256
f077252e6fea1f92cf3e3270006c822cc1a915354ddad8402a6a4649d76b9284

SHA512
57709047a3e1337bb965ead96bff95480d5ab9a78963028d85b9a29c6f3722088106c9a5b3920411e4799784937f38d5124f175ce33b176adb6f75a168334337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
9c5840d443fc04035eb3ee1a5c31695b

SHA1
89266373c619b7a227de731e3e50241aa410f845

SHA256
d3fba057f8f00b10a787e5da5c05a89b8cd8424e458d5a759fd08aa8df341a1e

SHA512
27a4aec37a23650b7813d5ac716a28e7b26f07160c8b510a843cfadd7205e2dbdd2ea32418832d7999ee381d96e4cad1bad7e37defaf87a7922d16a603551788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
cf4ac00d09a842d807b473e8f63a1c9b

SHA1
738745e740b774231baa074b66f1176a4da6f254

SHA256
9557fec5475162d0125bf9261603dd77addb6a9d14c1b547220c56bdc1044c53

SHA512
3fd582bc04efd9dcf8c734eeb27892fee8b52705543b684a3797e3efb82c83b6b3ff0d4083e8ab60a1a6a54440b54df444561a24ec8e5b9982d74d4dfc00c747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
0e6a14c2554590ed1d7b3464c6526993

SHA1
01aeb05618d984237c43494f75f9f9bd187a6b4e

SHA256
f8da25f2a1b8413793428666d9bbd10746a0cfb0e96b867f80c1b18a2d62f536

SHA512
e5ee8f837eacd63ae8c155b4c63d29f745b47becb936473a259e71ca8b5be97787d1a43a4fbb324b535737c15fdd6ff30a382bcd49996b9152be9715e017e002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0f498595c787b717d97b06ecd95ee20c

SHA1
3f3ee01a897a970d35302a8e106c035890ed5799

SHA256
54329f7f2a77342ac8acc282425360cb9dadc0088eeef20376d5dc8ca49ee4b4

SHA512
735091a4e6b422d58944bfab8bd09d31c31eb57af2e8624456f758a5d4fcd93576812406e2aada01376dcda7512dab8df8ab120dafaaea29b14bc611902d750f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe580952.TMP

Filesize
392B

MD5
1aeb7ee952016ccc5916521a28f8c57e

SHA1
907ae505e2adaf1fa838c4ec5bd5f93730433f02

SHA256
d4e5118bf66b9390faf9e3c07b708f62b14365b9082cb335f5e808a20f8a481e

SHA512
66318a38d746e52028203e49e6d5a846ce3074e2ed7ad068e005f0edb4d7a0dcff638eb7febbfa8c81f72543b0ca760a8db43c31b083179173dc50ea6f50575c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cb420e9b9fef03047019a1a674b57887

SHA1
7f3a5638beaf3c84a4c2f4a20b64f738536c3e12

SHA256
c6721310cd95cf17ae0238d7103d40c69b1a80ca0e5793a3e8ca99b7ec8e3396

SHA512
152a89c98835d3e1a2aef81c88affd24220ffa69ddc09bcddfacf429771600de492a20064e9a7f2c61b78a9d16b8cfd08043d0467011a9f8f412b6f54cb8614e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2a05c8bf496dd4f8a67da97e3f8ee8e8

SHA1
30222d6bf8dcb92bff602a68fecff0083e144a73

SHA256
acce48b4fef54f2e5829a74791532a00cfc37227227e8439d801f0304a5fbe37

SHA512
413ed8ab96630a70843c3458230dae26c452bee4439c3276ed4b57313b818865038ab3b9ef9661affa9e08b8a51baf4c09a8fdc798a7595d25e81825de1f5615

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCCE876C9\saqq.exe

Filesize
544KB

MD5
33bc5c48bba5911cd8dd15376c3e3124

SHA1
d4e0c9ee13575f2cfb1406896c701fe45cb674f2

SHA256
4ebe4cc8227ebbf729200e811c396e122c50dc1aac789fa057d51982b6cbca21

SHA512
7ad8889171a8e8d9e5ad9d4acfead0ed62c704e3f37bdaaa3575407b42b264d8f5f0c709733690cf1726b5439d8b19d29f9dea85fe5df6e8928ada89d4161bb1

Download Submit
C:\Users\Admin\Downloads\chaosphere.rar.crdownload

Filesize
280KB

MD5
b08b297f4e2c0de9a0a8fb123aa8cf8c

SHA1
3781d67c30a787a64805f8714b3f083343c87d0a

SHA256
26f618ba9b6037843615ed81ebae5c1f0b6449e9cd89e45cb8c816bc084b463f

SHA512
6c9984e453827bebdcb93ea494a247d7502efeb94be127a39f86cf8cfbd8d11b6701b31ddcf0cf7e9b02008444548f9a5f8711804196cac0bc26faa4c3e7ac0c

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710.exe

Filesize
3.6MB

MD5
32595caa2a6bbbf58e9cc3c145e2aafe

SHA1
a85f67867e000d7bb3a074bb2b84fa3a143d0663

SHA256
d9fc9e75e174f309efbbb0a4fe13ea27e50c0d1eac65e0ddc858a80a3a4c49a7

SHA512
151748c2c0971d0c9cebc9e4cf3dc0f36e72d9a4f288fff1979729851e6e4ec1ba41e6c4e20f5e13448ac1b9e940a3aa2bc2b097800e9640759f442c95eb4017

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads