9b541fcef44f395d8fe3da9c6f4afb95dc25d33082e58d2e2541c418ee8b8d07

Analysis

max time kernel
4s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2025, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe
Size

807KB
MD5

528d138f078aea724b85f07e4c4a3670
SHA1

3428fcec32a3820febe48efb2f65517819f82476
SHA256

9b541fcef44f395d8fe3da9c6f4afb95dc25d33082e58d2e2541c418ee8b8d07
SHA512

cc668f9d59756270fa1f52419dc0c2b39650d559b00e6fec9ffb3871697c039ccc8ba474e89db3ae4587b3d328e282cca6c3bc43d75c8ffafab8ab0143c3a6b4
SSDEEP

12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYAU:u4s+oT+NXBLi0rjFXvyHBlShCZa8

Score

9^/10

defense_evasion discovery evasion execution impact ransomware

Malware Config

Signatures

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
63160	bcdedit.exe
63168	bcdedit.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
63176	powershell.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
63184	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe
3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 3044	3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe	86
PID 3260 wrote to memory of 3044	3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe	86
PID 3260 wrote to memory of 1712	3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe	87
PID 3260 wrote to memory of 1712	3260	2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe	87

C:\Users\Admin\AppData\Local\Temp\2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-23_528d138f078aea724b85f07e4c4a3670_avoslocker_cobalt-strike_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c wmic shadowcopy delete /nointeractive
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic shadowcopy delete /nointeractive
    3⤵
    PID:63148
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c vssadmin.exe Delete Shadows /All /Quiet
  2⤵
  PID:1712
- - C:\Windows\system32\vssadmin.exe
    vssadmin.exe Delete Shadows /All /Quiet
    3⤵
    - Interacts with shadow copies
    PID:63184
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c bcdedit /set {default} recoveryenabled No
  2⤵
  PID:1332
- - C:\Windows\system32\bcdedit.exe
    bcdedit /set {default} recoveryenabled No
    3⤵
    - Modifies boot configuration data using bcdedit
    PID:63160
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:1424
- - C:\Windows\system32\bcdedit.exe
    bcdedit /set {default} bootstatuspolicy ignoreallfailures
    3⤵
    - Modifies boot configuration data using bcdedit
    PID:63168
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c powershell -command "Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }"
  2⤵
  PID:544
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:63176

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:66984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\AdSelectionAttestationsPreloaded\manifest.json.avos2

Filesize
1KB

MD5
c8cd6bb3097a5852f5d7ab1ff7a84ede

SHA1
3c5c788ee851c505e99893e5d980ba4e150b3321

SHA256
3d99bff485a0599f9680de63a0772dc30aeea7cd04325abfff5c4b097a693dad

SHA512
5a8ed593b826646a7d40a4a679e27f322449d42ae5efa2ba1923f0ddbd5767e4266aa7087c4a0568cb9a74f9b7b7b3106e0dc2aed189cff6b1550191056fce53

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\hi.pak

Filesize
2.1MB

MD5
0934869a6f6204772ca6618e50db1ada

SHA1
319b1da1590c7682b1d957b318a1e7094d32f60c

SHA256
aa2a99ea614b66af6930a1f62d123b2debadfb28bc542cf38079bd862a4760a6

SHA512
d6be4dd485abc4d4b4418fe3609ede3926a5219f90409bebbc7bd42f7125b5ab0c03b32dca73a9cb5f7678c384238b08ab5a38946107ae6a662a403788dc479c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\msedge_7z.data.avos2

Filesize
4KB

MD5
7abcbcc9037480203146b5b37e513efe

SHA1
91b3fb1a7a80258327b599753b26a91df1c6b9da

SHA256
63a5f4e7342172fb630434d3e995b666f5c78fd541150f2ed699a0e2aa34a80d

SHA512
4775793e1f27e4a5c2c7bb92c0bdd404e97076b63ae2c82427bc4a8fd60c9f9ef9bf316fe1d5b54b0dc99510126ca072ece7f8c739c6364da9124a6c2e5155f4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\AdSelectionAttestationsPreloaded\ad-selection-attestations.dat.DATA.avos2

Filesize
1KB

MD5
3febafbb081342aa0f17a3803b217457

SHA1
b20476c0f4a3eab216326bbbf9472820623bd8e5

SHA256
e3a6e4ed76ad9587161dc130538aa502bf595b4e7636f6f90ccb008d61317e39

SHA512
282e5060b7cdbd0fa2f6891fb80b4afa70f13e5987001c75498be11b0dc8a936498a747e0a8a58b9efd2d149ad57bf97d3dbf8bbeeddf1fa728f14a6c6685af6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\AdSelectionAttestationsPreloaded\manifest.json.DATA.avos2

Filesize
1KB

MD5
1a3085ed8addbd78e8871dbfb9cfa3a9

SHA1
d65e4392dadc2e042701604beb27e672ce7ae9f2

SHA256
756f16693d64cee34994f3ff0e9b510781e04aec3a74e82bd4f617d7394eb947

SHA512
a6ffb2ae761b82442978dee2d0ee86decc2e3cbe5a08b86d337e0a32301cb0cbe5b1566eae322f832637fcdbfa18c0fd67b0bf5ef04806ec4806700ffce24019

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Extensions\external_extensions.json.DATA.avos2

Filesize
1KB

MD5
45c7ce212b3d0562d80c8113923e261f

SHA1
3820ae4dc9af061995df5788cd050babdcce3697

SHA256
887df2fbd71d2bbea534c40457d3bccbc9c6ebdb5a97b8409620aa23e7905dce

SHA512
af5d914289411b13f300f616bae7befb301a4f963ce26d8102f6b6df6ce6cff97cd9764582728718734bde8fc7016f4d3b18e2f9fc8dd263e1f8d0b8ef998b5a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ro.pak.DATA.avos2

Filesize
1.1MB

MD5
0d7b4deacb998d3898ba624b200054b1

SHA1
51d555a3fdab6b8d3f169947ef1eb32f6929cf26

SHA256
fbaf9ab157b1be084442cb043bf1d1c0f7dbf6429f2ed901271808b3c4c035f4

SHA512
b4085add77b0bcc79d6e5a0f9a70e711f3be898071a2ff1f60faefcf068a563aa2838bb9346fbbcc5f76dcfa6ab032865ef6f7058318dbe53480ed4995b6192f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ru.pak.DATA.avos2

Filesize
1.7MB

MD5
d2bd922b89f741110b3b42b646970c03

SHA1
fb8f7b6b0aa330b6feb3e43bbd025ebe499e7a38

SHA256
f35844a0fa2367346b6c543338d32d32e8c923c62ab946e541d4710db3c1d4ea

SHA512
b9c1ee9f855e1d2eb23fb50db54c63131986e689e52a0eae54d21331d6fbf2c0837874f6d9f05262d2e07a88d29e3e28b12af27315652f9e39714b7105b55f18

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sk.pak.DATA.avos2

Filesize
1.1MB

MD5
f81637b5c7a7de8562575ecb8bc8e8f2

SHA1
ec715dc66400fd9bbe6efc7f8242978d3117d573

SHA256
9c05d9294b969e9f2db845b1d144af16da6a23d478381aa836d54cc92f71b205

SHA512
ce70f622255fec6c8e2203bb58baefb6c5433fb896a04c6f416d3d26c3ab62b23d2ef3dfcb2e56250968bc1354908eee3b55c84bbcb05050e9e8c8679e93bb72

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sl.pak.DATA.avos2

Filesize
1.1MB

MD5
e408078ace3f20ee6f2d1bd00e62d631

SHA1
00e6e4c1c1c2902598eaf207f32b0daf615ca707

SHA256
3d0f6ca58d03932c7dd9820a9a88589a7459844734432a90608fb6a745729e50

SHA512
3f966ff127f65fce015b6521238cae100c880979b65d2179b4fcb36fbb8de686772eb5cfcb4954133cc9e5805c2c536a365cd7a4debf2d763ab64517bcbbc44f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sq.pak.DATA.avos2

Filesize
1.1MB

MD5
6f119cac3fd97f661d6192d47bdcc954

SHA1
7b34a8f312025ef425e24d8ede923a0dd46b38e3

SHA256
f5576d3746ecf1c59e633270a90009a062e4dec1555c157dc24d7898c8719cc2

SHA512
3c7c1355c5dab4e93c096b5b00150f1b3526d3a2504a03782cb7f81f46bc6c2b58419472096b53082860703e8853af5e8a65b6bbb3c9e9ce6d048b32d6727570

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sr-Cyrl-BA.pak.DATA.avos2

Filesize
1.6MB

MD5
aa43a138ba7bdfce3d5444bd0c324165

SHA1
a3a497b9966ea4b652feebda28d59522c62c7a1b

SHA256
9871de49588da1c379b4ac9b8c6e484d833549554cd9adde23833eb4f167517c

SHA512
6a998afcc5cf43cc0dfc4984be6f198e07bbcb294b8669f2e517d4d42f41de0b6136a0600d5e268c1800e62badbb04c2fb73dc3741b85ee65132b580092cbd95

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sr-Latn-RS.pak.DATA.avos2

Filesize
1.1MB

MD5
a685870b20b6d01d3b63997b76def100

SHA1
b3cd35a23631757c10a6d98d7625562be99f3e53

SHA256
be20144a436e4162ab96021352e4022e20bc71afbd1b38a61e5eaa9fce5a0412

SHA512
69d5ccd54b6966c469640b16738f83584d2a33bf1590d7577dc940734a7f3c85371ea943a2c56cdd4a44beb38f7e11456d6ff8b12dde696d751f7095e39e1b0f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sr.pak.DATA.avos2

Filesize
1.6MB

MD5
324a24b8c70f087c1b89d2b6efda73f3

SHA1
811502bd3de1b5d479a283a4d81c87be5388580a

SHA256
ef2a580baf772d2e9a8caa7711ba18147783a44736df97b0080a6effa222b0fc

SHA512
bab2ddcc0d131b3a9f198eed6063cf45e1bd7d72cc488c714c2e563e22f92a43e4dcb37894906eda72ed275e4e99368d7506c1c88de937f45ed3e0b593e8d167

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\sv.pak.DATA.avos2

Filesize
1008KB

MD5
6398099ba3e2f38c9d9a976fa64ad06f

SHA1
66146157900ca5d76cb8e2c04b4209ec8d4e9c4a

SHA256
db85d1c85b605fe67e098332ec469b0c7c38bef01ef78fc5fe731dba82bfe6b1

SHA512
f2f2ab986dc575610318f7fecd830a26da38cec966f8d07c650ef76e5341d2a403e95f99e0964f2fc995782cb41a3a26730b1ecb177cf6d7e372c92e470fdfbf

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ta.pak.DATA.avos2

Filesize
2.6MB

MD5
7051c6d8adde570f3b4ef58c665c0c75

SHA1
84c2dc81090e6636ac865793ffa5e0ade2942ee6

SHA256
347d32f69af8e39efa0bd6c08158dff6043558664009a9c5bc7d5ce6b9bf7eca

SHA512
6e9a2d439f6429bdfb0ea4e6c1c2247facd7fbcdbf6bf3469fb9812417605c619b9f014c680ab950c8ea87836ad62b81e7037f562b75641dedbc82983bb9b946

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\te.pak.DATA.avos2

Filesize
2.3MB

MD5
db848cc6df31ed39006167e278f25ff0

SHA1
a2ab8a1786b1fafd94cbb7415c9f905d1a02fb64

SHA256
50846140106f7f065db36239cc32a1598f6485100bf3e3d2d68e751715345708

SHA512
2fc4f627ce1c97ac751b9c95704d34707970eb582e32eebcf6a323f77f977343d5b28650a4e42b739307e01a452924b9537e5c5e7ef5a6a9c83d35a4f9d9aa3a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\th.pak.DATA.avos2

Filesize
2.0MB

MD5
900a14415272a20036ddf3683df8e26f

SHA1
02bae0ed9098fb450e72735e7198ed3c03669540

SHA256
54960d85fae9cf57ebd1f57cc6da8e54e260b661464c66dec5098ef4a41ee98f

SHA512
9c7393f32735ba38c605ef4d5e27f01a5c215ec0928802fa0a9a02d4ac236be57add5187bd433367d2f33272f91e351234483ca237c2f9b5efab6875b69e0b5e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\tr.pak.DATA.avos2

Filesize
1.1MB

MD5
63953fce10ad2b33abf6f7f1851e2bbe

SHA1
d2fcd48208be9c702bc56de248f3b15c60dc50d1

SHA256
d8bd9b6675288542ae063bb9fbb8214b730e815954596cede08115a15c1e3aee

SHA512
abd625cb1e3767981af85f9e027dd12781a4f8eee219cdd76b12e2b577d02f5788c25814f9ea0b4ed99b81ba3c13340e56aca7e632cc55d11588c3439427d3a0

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\tt.pak.DATA.avos2

Filesize
1.6MB

MD5
caf11154dd644af832b57481fe8a8833

SHA1
4afd293bd039416dab391d39d3a72abf9e23bd4e

SHA256
868ee6b0b4a08b90bff88fe9011c509295856845b5c531b061c02b66ab83c047

SHA512
cbd61f1921af649aa3005c3cfb9294cc65a153a1c8949f90353f29e08ce35c745e23be19f979cdc7e7617f9bba032814b111700e3397c579abbe34e352c22671

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ug.pak.DATA.avos2

Filesize
1.6MB

MD5
4007acfb5908b05513df3d114bcb91bd

SHA1
076c691ce15d9ea9365a2ddce8cee81b1189feb1

SHA256
2d8df957c0aa8d540fb1c27b0b61b5d62235a8f7a75c18d5dc21a55240f564ad

SHA512
fc181bb61a4da7b8d3982cb28a2e81d7efc8c20affa19a5d4756187ae56e13806790f3f6be803a1700740fede9637b2bc4ad07e5b5ae63f7c6c29553cc77b298

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\uk.pak.DATA.avos2

Filesize
1.7MB

MD5
0f7e4b88eb48852d79073491ff3ad918

SHA1
5d3cf2f0398397e4063058a4d959da6986728805

SHA256
822bc03baafc4570561b560be9bde5f7ea83a5823c7ee3173a1fbc04659c4773

SHA512
255592db1f41cd08f28187f6ed1667aba7824ee755f065c178b1f304322cdea1c073ebad333ae61ad495543ddf1ca8eee140064596f875270643e3de404da70c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\ur.pak.DATA.avos2

Filesize
1.5MB

MD5
8a406d170ebbadbb4628137adaee3381

SHA1
90583c3c03a4874f833ebb3b94a0e012a94a1959

SHA256
b67da35432a81fbc648e9a3c278c2490c74a10920dd8db659d0c62938e271e86

SHA512
cf303247eaf7c2e9c27323716cc3fd8e47fd6daa83e9199e0048c0a8f0988580425b0b8fc7694d734619d50702ef54c787da44c55ddd5752dadf43b46a5d1189

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\vi.pak.DATA.avos2

Filesize
1.2MB

MD5
8829c8c32f001089f1b774c0f69a5591

SHA1
fc95709126cc7a920ed1ba728d10d7df41758991

SHA256
47b6aa978917b1f8f153e5c2c6732086741874b063f9e65a5c4b15b5701baba5

SHA512
a663f06bd3e4ffc5bbbaebad9dba784868b6aabed13379f37fe87302720aee0665a192098af2c8572cd84f1891cd954c65aad56f1a1dbced4f66270fe5bd893d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\zh-CN.pak.DATA.avos2

Filesize
866KB

MD5
53e9ba2a5ca644d618b9c38c8beb0b7c

SHA1
313e2a6142bb75d83a71b529455312d5853c8012

SHA256
89d8904f4c1ff1215fe7a1940fd49a218b8143bd1b6011e8021f2c6ab37953be

SHA512
f9e7f991f2f51721258ad2f9028bc18d084b654283024fbba32f6ac09096e287c97ef5a538a07ce91db1f78301300f3acae9c9dc3243c702c153223b4e8532d2

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\zh-TW.pak.DATA.avos2

Filesize
894KB

MD5
c8f498a4010a33d2bc9de54aa354e834

SHA1
728e46ae8446fa737f0d24c337d6e66bfe5745d8

SHA256
a79bf144574825c78432388689bce2de8d389d8d77eb9ae87ac42a3ea1d2e73f

SHA512
75caf5496c8ffb77a13c7f6893edda2c7b674377283a8d880be7e241bf5f8d1ffcb6dc514cb367e9a4d008412f33890e946fff5d6e21098a9b70e0a510f222cd

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_feedback\camera_mf_trace.wprp.DATA.avos2

Filesize
25KB

MD5
c8caf590db30ab68ddf4dadbb202d100

SHA1
28110360486ab19012f05a41b9918e6c15ae059b

SHA256
479f7de927483e040cfee3fad975d7fe50fcc5dae99c5bb95df965fad1f17155

SHA512
e071a20aefea8fe1d502ac0e626eaa16fbd29fe7f7f8110775bf6b27e89af9b7977f01fbccc6171d539d7d625e2c24c2bd740b5be614ca1486133e803209f2a7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_feedback\mf_trace.wprp.DATA.avos2

Filesize
13KB

MD5
514cd4c4aa905fe649bbb29fbf99a82a

SHA1
4ed6e277657b38c8911f18c56d8e566c73ea9975

SHA256
6e8cd552dac00be7c61196dc0cdfc02bdff53752dcc51ffabb099cd4c0cd6f86

SHA512
612afe0ed79b8ddd982c2d3d2269127d0c1ba61abbd11d0272844f423582bed312ca0ddfb34b1946f174b2f757b8e5bb0b04fb7339bca92627e3e66cb9783b4d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_game_assist\EdgeGameAssist.msix.DATA.avos2

Filesize
1012KB

MD5
75d4de3d7d35106bc67363301f78ed84

SHA1
12cc28d570df4994f6b0eb8dbbfccceb2b281be5

SHA256
f0f1d261643b613ac443b5bf3b04b26b80e6de6b535d592ef25c40d3e9b76027

SHA512
23601a35f73a16548cbe525ff5d5d8d026c08ea1befb18495e7f173b2091351b9a82c0039986a96a2637e9e4ec55a56e4efe0f4f79e6c359ebbc57a212eea861

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\edge_game_assist\VERSION.DATA.avos2

Filesize
1KB

MD5
b18156eb92d482221390027bd993911b

SHA1
cc7a181b2f3372794be331153b536d568234c6e3

SHA256
823c1efb6bdc4f1602dbb4b8e60fcf7b149610308bae5f53735663f4475088b3

SHA512
408da57b7c81ef45b17061040c282eaafbd66d8a4e57b9597a4b83a7972abb21e9c574489d7aed6b1a0be7390f63673eaa6dfb2ab5df70d094aae98679bea8b8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\resources.pri.DATA.avos2

Filesize
4KB

MD5
f7d9094205346407e09b131ba5e0157c

SHA1
2fe558e1b6dc2a106174e9106b90d73b6ea49c2a

SHA256
793cba54f1321876c43885f014f9e222cb7fae308bbd3f58c9b4b6e05ff7fa09

SHA512
0f283e1bb81d0282d8768496e11b2e96f671aa4ade9011396fadbedc7cac14a22817f8077fc8b0b8fc722cb3f3134ab16f9937b128062c393cc0511fb2bfe1c4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Beta.msix.DATA.avos2

Filesize
54KB

MD5
d69fcd8972fa7edf7b886c7f7673649d

SHA1
22de77d959e23b0366219b4ab8f02084f5b41b87

SHA256
70561e102a0ca6a4945faf959be904c65eb795388e706e94184e441e291fc970

SHA512
7363c4f14d1233447238bd4759617011e7c77ff2b790b6aa141b5fdb8bb6bfa99b961250eb28eb2c2288a3fd8dc6e00da05664194cb395ecda9776694243e388

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Canary.msix.DATA.avos2

Filesize
54KB

MD5
3b67818da0baa1cbc50b829ccdb6baf1

SHA1
92816f8532fb42cca693912c3500e875aa87199e

SHA256
d32f6b7ff996d3ee21568b60f8898f7a917fb74a0d27c7e05d591fa7691c0ea6

SHA512
17173a2d5612fca7bc5e54d6037c15f8e6aa7f1b1697c9822dabcfe17bfee7bbd2bac32c48573aa08af73e70cd0c933af3733de6da7d4e61be4f0458ead98478

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Dev.msix.DATA.avos2

Filesize
53KB

MD5
d6d2a82f535543d0c46eb7b537f5ed05

SHA1
beee6b13db86e0b7966366cc147f786a00eeb56e

SHA256
4ff83e580c95a53c39bccf6165d723ed737ef26ea0bb581d2113d343a31f9cc8

SHA512
bf1e2e5f3a74c83230bfe02ab5a0c0b02a2c3c00f694e7535abde3f28343ee30f424a95e1f07062bec6ba18d858cd639c92bdbff17549e8870ac8fa47bb1b65c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Internal.msix.DATA.avos2

Filesize
57KB

MD5
0dc88b037cbbb452e8a35381e4c0d4ad

SHA1
13a0aa00b70f0d5336369b152bb68a724177c3f2

SHA256
de93a1eccfe8bb7e2967d6466a911342d5eb67f3efc7807ecdd8467e427e0f66

SHA512
81007b6474e749eae9dc7a2e3a4aa56d86cb1fe8734ea2207492b2954476a9ae5d15665ff6796620cff22aed2fc6502d52e1bcca15f05b6c34abc2ec7a0e4d8e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Stable.msix.DATA.avos2

Filesize
57KB

MD5
b105845e7a34439aef4bafb98fa620f8

SHA1
1ce6e8b00c29389c435caad982ace9d7ac587fa1

SHA256
5c8f75161e2e8e03cb149a75fecfeed217e8491b115b32029e1b105f94bf1c9c

SHA512
8fe109ce4425c22b4e2305cd4dc72084858ad08fd0f6cb2e1462a580952b1d75e473763400df921691eedf01cd095c2ca8cbd4a1021654db97bfd79704950fbb

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\identity_helper.Sparse.Beta.msix.DATA.avos2

Filesize
54KB

MD5
fb0b2b719ad3bbba88e894b87201534b

SHA1
960d6afb3689c661292d855e1d60a1f67fb77b9c

SHA256
11db9bc8662a56b7eb589f306e6300fafa2ae54f3a80d6495a2c472a00522b65

SHA512
412883cb2badef2647eab03df1a485bc9509098f3b749db73c8eda05b8e370a7a57bc5f987ed758a59c4810d04204b240ceb68e9e2bc88af294badfeeba4d832

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\identity_helper.Sparse.Canary.msix.DATA.avos2

Filesize
54KB

MD5
34d8cf08929d2963ef66b1b067967d50

SHA1
6a93f9768645a6a4c92efd7477bbb3949148741a

SHA256
1c952109895900025475ef2cd4cc50f3758cf4bb4a86a23cbb725a405753f2f6

SHA512
7b33e43a7c331dedf0a2786d1bd1cae6ca49b29983a56c560365bf8d929d026d864e8e63bd4a1deaf93c37fccc60b80dbc92050d2a814a103ae7a017c22d83dc

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\identity_helper.Sparse.Dev.msix.DATA.avos2

Filesize
53KB

MD5
248b1eba865f91c4b64f0415f7f0f63a

SHA1
dbc2b17e52a1eeaac50c46520157f3dc7ee1d963

SHA256
8adca32e0bbcf8d66fc55f0c78e9714f9f5f2dce902e6eba0c719f55b5fb3e2d

SHA512
ed55fa8254be7a92f9e44bf202681774e7b20a65c3da0643f06b29168eb1d3fabb13898f539402d87241f26fc5e1f83383afeb868ded661bc8a02d8efee86442

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\identity_helper.Sparse.Internal.msix.DATA.avos2

Filesize
57KB

MD5
f2f090000d5fed597555891888e0d6a8

SHA1
9e687f2847d6ae64ef2137c16ce8893e0d0b5fcb

SHA256
7dfb01c02f4f8802ce4e89e573bb743b4999c61a4065c1b393d010b82b9fbe0b

SHA512
1107ff3e81f32b953b927edc7f2ce77cda026adc8f283b6e786ffd00b88ca3e63815113f022aba6a4dc4a91b1733298e64c757f0af36fb442338d5ca377dfe4a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win11\identity_helper.Sparse.Stable.msix.DATA.avos2

Filesize
57KB

MD5
97a4470b839ab89536578739cf214afa

SHA1
c9649acdc5207348986aaf977271229f490f47f5

SHA256
9407dfaaa4f491f46fcacfed1c5ca5175359c7c06cb188904123eb77c1a30db3

SHA512
49172ad8b4423e548b9514185c62493b14a20f2a46e6ae07f4238ae14985bfaffd5561caa26e4dc2f0828da552a48e43b16d747badb8c54a776b7801f08a5737

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\canary.identity_helper.exe.manifest.avos2

Filesize
2KB

MD5
19853705239fb8e50829cfbfa6fa8a62

SHA1
bd928b0def73d9f2e60322e0dccd9f034de1c79b

SHA256
3123a4570ca164de44220ae2fb151e433853cdd9c197acf8a24eb707c48251dd

SHA512
4f1ce2d596afa441104cfafe627523e4e363d1c095e4adbd62ad5c94f22087d4d360649d8a202e17ec80944d386139ba2c6e96059797171bfbbb1837d12ab94d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\internal.identity_helper.exe.manifest.avos2

Filesize
2KB

MD5
a26e9e37634da6ec2c67eeb408bc32c2

SHA1
809a3ab15ef9c23dfd2443eeaec6dc36ddc32363

SHA256
b35cd885087df66f232b6b33a424b64a2c0496987c839dd8b66d2ce6a926bd58

SHA512
4556e83878b03a018dacfc053e11a1a75bae89030970546eccbde85e7a431930a64a991e217e38b17e3d91a06c8cab598b3e8a380263dfe7defd96dda143e91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fc4ydaz1.0cs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/63176-17393-0x0000026376030000-0x0000026376052000-memory.dmp

Filesize
136KB

Download