8613121040c7cb9e288b2ba33cbf85987c8ff0ab0a847504891bbe287bbe05e7

Analysis

max time kernel
342s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mini_Client.exe
Size

25.7MB
MD5

6c62113d5f442159496d518b4aed8bbd
SHA1

1c111fd5826fca0b63bb509fdb02b3a579bcf92e
SHA256

8613121040c7cb9e288b2ba33cbf85987c8ff0ab0a847504891bbe287bbe05e7
SHA512

66a75550f906811c15db9e5d082224ba9345c7c08564440ec1b02c2627ff980ea558923c138e6eae7c6a0306d1755ccdbb784057a40e1b3dd7dd1c7c4c30471d
SSDEEP

393216:xuaRjE0jPp9v2/XlXyE6KVlh7Y3D380rMvUeQ4zNrXL1DcX+NXfFdQKKa6dAePYt:YeX9vqliE6yQDs2McGJ1SCXfFdQKY5f

Score

9^/10

cryptone discovery packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
behavioral2/files/0x00070000000242c5-671.dat	cryptone

Executes dropped EXE 4 IoCs

pid	Process
4720	Mini_Client.tmp
228	client2.exe
4224	client2.exe
3868	client2.exe

Loads dropped DLL 8 IoCs

pid	Process
4720	Mini_Client.tmp
4720	Mini_Client.tmp
228	client2.exe
4224	client2.exe
4224	client2.exe
3868	client2.exe
3868	client2.exe
1116	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2135311755\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1570952170\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1733908653\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_855576147\sets.json	msedge.exe
File opened for modification	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\unins000.dat	Mini_Client.tmp
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_141187502\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2076228272\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\manifest.json	msedge.exe
File created	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\is-SBBRK.tmp	Mini_Client.tmp
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-sv.hyb	msedge.exe
File opened for modification	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\plugins\npswf32-11.5.dll	Mini_Client.tmp
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2135311755\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2135311755\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1570952170\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_319423535\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_141187502\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1733908653\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2135311755\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_855576147\_metadata\verified_contents.json	msedge.exe
File opened for modification	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\node.dll	Mini_Client.tmp
File created	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\unins000.dat	Mini_Client.tmp
File created	C:\Program Files (x86)\7Road\mail.ru\БУМЗ\is-0LS3O.tmp	Mini_Client.tmp
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1570952170\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_319423535\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-ru.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mini_Client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mini_Client.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client2.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	client2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	client2.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	client2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	client2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873687762376932"	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient	Mini_Client.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\ = "7road mini client"	Mini_Client.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\URL Protocol	Mini_Client.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\shell	Mini_Client.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\shell\open	Mini_Client.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\shell\open\command\ = "\"C:\\Program Files (x86)\\7Road\\mail.ru\\БУМЗ\\client2.exe\" \"%1\""	Mini_Client.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{7C45CDC2-7C08-4430-97D3-0610318D39EC}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roadclient\shell\open\command	Mini_Client.tmp
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4720	Mini_Client.tmp
4720	Mini_Client.tmp
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4720	Mini_Client.tmp
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
4224	client2.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4224	client2.exe
4224	client2.exe
3868	client2.exe
3868	client2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4720	4148	Mini_Client.exe	91
PID 4148 wrote to memory of 4720	4148	Mini_Client.exe	91
PID 4148 wrote to memory of 4720	4148	Mini_Client.exe	91
PID 228 wrote to memory of 3588	228	client2.exe	102
PID 228 wrote to memory of 3588	228	client2.exe	102
PID 3588 wrote to memory of 1116	3588	msedge.exe	104
PID 3588 wrote to memory of 1116	3588	msedge.exe	104
PID 1116 wrote to memory of 4504	1116	msedge.exe	106
PID 1116 wrote to memory of 4504	1116	msedge.exe	106
PID 1116 wrote to memory of 1156	1116	msedge.exe	108
PID 1116 wrote to memory of 1156	1116	msedge.exe	108
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 3424	1116	msedge.exe	109
PID 1116 wrote to memory of 5032	1116	msedge.exe	110
PID 1116 wrote to memory of 5032	1116	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\Mini_Client.exe
"C:\Users\Admin\AppData\Local\Temp\Mini_Client.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Users\Admin\AppData\Local\Temp\is-A0JL3.tmp\Mini_Client.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-A0JL3.tmp\Mini_Client.tmp" /SL5="$601F8,26221100,748544,C:\Users\Admin\AppData\Local\Temp\Mini_Client.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4720

C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe
"C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bb.mail.ru/gamelogin
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://bb.mail.ru/gamelogin
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffb57b8f208,0x7ffb57b8f214,0x7ffb57b8f220
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:3
      4⤵
      PID:1156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2364,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:2
      4⤵
      PID:3424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2400,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:8
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3524,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
      4⤵
      PID:3192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
      4⤵
      PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5024,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
      4⤵
      PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3992,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
      4⤵
      PID:5092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3980,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:8
      4⤵
      PID:4964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
      4⤵
      PID:5852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5636,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1
      4⤵
      PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6292,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:1
      4⤵
      PID:3840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6504,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1
      4⤵
      PID:4148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=560,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6704,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:8
      4⤵
      PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
      4⤵
      PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
      4⤵
      PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3508,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
      4⤵
      PID:5676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6180,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:1
      4⤵
      PID:3116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=5168,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:1
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6572,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
      4⤵
      PID:3856
  - - C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe
      "C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe" "roadclient://http//img1.bymz.ru/flash/Loading.swf?user=1302875320&key=68181e0a-430d-4249-a087-6a476a7d6b5f&isGuest=False&ua=&fbapp=false&uag=0&source=&v=10950&rand=638785028863115556&config=http://Game1.bymz.ru/config.xml"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6332,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3340 /prefetch:8
      4⤵
      PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4316,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
      4⤵
      PID:3632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
      4⤵
      PID:3428
  - - C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe
      "C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe" "roadclient://http//img1.bymz.ru/flash/Loading.swf?user=1302875320&key=bdbe2071-3313-44c3-9877-eafdb6995399&isGuest=False&ua=&fbapp=false&uag=0&source=&v=10950&rand=638785029555526190&config=http://Game1.bymz.ru/config.xml"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
      4⤵
      PID:4480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
      4⤵
      PID:1388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2976,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:8
      4⤵
      PID:1704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1028,i,6204557881520597717,6720942839141284225,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:8
      4⤵
      PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\7Road\mail.ru\БУМЗ\client2.exe

Filesize
2.4MB

MD5
8deeb8f9ffda878ea0f60b630fd85e0b

SHA1
2b1fc3d6d139703f1b211b96c16a6c86524691ef

SHA256
d0bbc74f8a7bd46842363789b8cfbb2e89381b1971c1db7054cae0c0cc3b4eec

SHA512
0c1b6c3832554a4abad1e4a990349ac748281d7ba237bab9444254783df1ec48f8f8529f40c501fb5ef3d1672f56bde5e119a435d6ba844c4f532b1bf870e92e

Download Submit
C:\Program Files (x86)\7Road\mail.ru\БУМЗ\flash.ocx

Filesize
18.7MB

MD5
88fd7dbf04bcf75123d02009aea3f7f7

SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d

SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

Download Submit
C:\Program Files (x86)\7Road\mail.ru\БУМЗ\node.dll

Filesize
20.8MB

MD5
4bca043113cbc24d9166c5dc065eda20

SHA1
c9fc71e5f537a3c6f505300993548fd767cf695f

SHA256
b4b38d6c22d678f88dcf3dff62c9eed7961e6e813768270c56ce3ff09ca14936

SHA512
c09058ec4fc1f307531a82b9b71b2ed90fe3fc5ee3ff4c32d5a63a3a931cb99025cdb3eac8f5e81a1761791347d9e3d59a47eb1e364e5225c7aab1ed2d7587ca

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_141187502\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1570952170\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_1733908653\manifest.json

Filesize
118B

MD5
3004ab7c9e3747e5109246e7f6b3859b

SHA1
ac4c574c03611b8bc675e878a1be8124bc32fb48

SHA256
1cb88f273e7906a853670161b6c75fabdd67f67c91b96a78171e2877b88eee96

SHA512
f81e8de5d3010bce31b311de7545353b72a9befd01249cca99e870f141090ba66913991c458f4b5cdfb80902fd116fecd54981cc0a0f4049102247c273f905e0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2076228272\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_2135311755\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_319423535\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_751821876\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_855576147\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1116_855576147\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4bacae22-394c-4a3b-af85-c0f014c600db.tmp

Filesize
49KB

MD5
b8a9ba0e6afd964f0891bec265c43513

SHA1
d7e36b1ccc68727e99385141f4d3e06df2841c59

SHA256
71d51112f8f027e88a3d32655c93f691e15a576346dffb26852f9e7690941b0f

SHA512
24520a7391be4b8ecc87b28da738a83678d973facd581b0e9e60730731a165ddaffe090355f410fdaf44cec203dc480faca3808290b772a68cc051c6f345f3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cd06aa71c71c7ffed962fb5757e5dda4

SHA1
8dfd8baff8e753e8138f8c6c598f021052d44475

SHA256
fa5e227492fbba5ae95c41ad932c41d298d2a7b301d5292356cdf79f5ccada0a

SHA512
8fe2dd0cf1b9886cf26306e4679e5dabad13dac088f88abe01ffbac692d928978d7ebc72e815162c7d6c9ee592c6874afa11a06cffd3f63f3cf1d15f0841e811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
acac96625c01054e286c9582a5aecfc2

SHA1
5848846b386dc5b016c48340a05088d16973ad0e

SHA256
f57a578ea8b8dd97c36c5facba4f3c5bac67cadaf91752191e0f3650ffa41b53

SHA512
527472f87c713e29396b92d09be3e3deebde17aa3d9c57d3876f390958736ecaf0fdc9a955de4c999f68c7db9c47391bb1d04a471d353f0ef6d190c838da1ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
357B

MD5
e5c15c31afcfe9ee7eea19be25115191

SHA1
ee63befb40def3b6243a834666ae0eec54b08539

SHA256
96883f3f134fdce8e6ff9399f4a4a96a647d2e3ace69e85d806ba9d7a986766d

SHA512
9aba691834b00ce961a67c9099bbbf7f5a95b654bb12945060b764b41ef7ffe3a36a5df023ac4e3771a8c0a25dfd09912903eb9b6ccc24b599afa9de9d4c324a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
268B

MD5
634fb068af91b2f5843185842fd36ac3

SHA1
bca6b7aa51892f06a31fce85ec3c4d4df21516e8

SHA256
f27868f38d0e27ca407bd8e52378f7db30a1ba5f0f10a466a2616e81026b76cf

SHA512
e78eb206dd2139c15fb09043b628323646ddf4c308713c644c43761c3cb8df739442c73e7a929ee57a72b0cbcd13c1d37dd93ead674a26ae76a8860e1065c2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
221KB

MD5
86040793f7b890af0a57a16034773547

SHA1
db74ce9ec0d2a30b305e3ed7331586783cf1c569

SHA256
0dc8ca1d1df525f77b157c99ea6cd94510a75863aaac0df565c9ac63014d6f94

SHA512
093c8c8b4591048eaa38f64f0c7d35e6550b6d608f89904b4ef345be9f857c287cfac8261b03d71b97fe206d1d881096a7ea0bc36f2161ddefa4fdb77bd877cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
46fb090881d16c0fdb4182d4fec19a67

SHA1
dfbdf29535385368902b72de8d33b31c232d28bb

SHA256
a0c04f5523c382474046b032cfa3cd8ca8399886ad9f2e646cf0dbd833bca0f3

SHA512
cf8bf2a84d9c65cda77171ee06265377b90803e0393b8d52f121c9f5d69d4bf9c523725cb6d17ea320fb2e3dce20abd31bab84806976664f42d375e0d431e263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
29bae5062d4433641605899517ea3d54

SHA1
767adb40c2cee388da483574dfdea167023169eb

SHA256
dc040267c731d500889bef425d3fc8711db65707cb7416cc65d1508f6c03d0c5

SHA512
fa579b1d9665b81c84ad0d710b187bfc98d74a61199d383d52e8fca55bbfabd8f88ab5dfc349d9d9ddcb2636a10552df7b6a269562e1d56a6d33f1112b608329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58848d.TMP

Filesize
3KB

MD5
158720a48f4984d5073031c856fb405a

SHA1
11ace2114a6aa8181b0ebb52be50dfcd96aa0f95

SHA256
dc85506b3ac75b2fd4f101fa389eaa61602575d00f3b842fc655b9642f1e2c99

SHA512
e3fb35dad05cf82f4ca5b90b7fdb55478ec810b1f014297338dd8f57f151c6dcb0a638c36791bf639414a49515758da4237379deb9531fd78c535baa93264ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ef49222d187e7924f34d8074a3bc954e

SHA1
b24186b93e4eaaf1e66a19e44f2bd88d9b0fd5eb

SHA256
b1d019ce7e36a000c030813fd1108fb26025ab5ec3ab41ce9900da7ce7a86201

SHA512
43fe85015d69036c388c60354cbab0bb9443061a2c896da9389cb2b1705460a6998484af66d949dbc8416e77054206297df2017dcccd204e50c4796b5156bf19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
13a4fa60ca4b7433d6c81c1ca14f4310

SHA1
e00c800c8c64c8da8352dec0aeb91f0d6216710a

SHA256
2c521fa713c322b9e030194a48b854d2f9abe8c6ec8f893953b10f359aef838d

SHA512
8c3d7e1d7deca9a0379140d779b44ba4d78afaf318b1d55dddb9e71aaea25f3036d33f5b7eb1553c15b714470e7725a89da6ed48a1e026cdc66c86874509c92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a9b20367c3bb7ca672a3bc65326375a9

SHA1
71b4718e07c1e52eec41374bae1ac6ca0d5af543

SHA256
912765e859c01738f2d145bf3ed4427fc0914de5512bfed46fc99fc8eca2cfaa

SHA512
fce778f13f0593ebafc6b21f93efa90efae89ea30e5c40b8329d548ab9aa7399dff94925316ea9b7a19800edda369c38e24f03c802886c23ba9de5c882bf1f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c4e95a5edc161b7e923603462285d91b

SHA1
a294b5502e1e710e5b9452fe0e6f81b201c5f8d0

SHA256
ac47a9a15abd38eea1f18829d1a11055beeac435c8f923c400d76368baaab989

SHA512
518c44b85e5461e6cebfc45bfb25104c31d78aabcb361aae0271e0d3f860b906d4a324d0388f8c6f1a27b558b9cbc6a56f678bd316708178419138667356f1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8d2453d10448f0ab50454d4e1ab570bb

SHA1
c172ef6eea595f0a79b77d927590645b8b9c0464

SHA256
868024e3d376b8c8e082bedbdaffc524053baa6084916b0487e8117db278c586

SHA512
91793aecfe38760af4bc3c5df511e85374d0a7b0aa34ecf64199ea5b527d32bc386398c85021b117337296c4f962209aaac55362bbfbd01a38a102615fd5f1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
5f5d3b3aeea8a2c331be58194b060b62

SHA1
419e98a2994654f120e31696801308172b6ff503

SHA256
c21c7c025c9f07c354af9802336c4957cfdf7bda057a508893dceaad67e4c2db

SHA512
93e3ad36fc847bbaf347cc49281b4d61b480b4bc8a5e8728e88cb739d0277fb280a6795bafb51b9e566943d13bdb446f4eb96a4ea64b5fb7b42bb35bc0c7b393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
57828f59546f783cd1d5daf8960debce

SHA1
08b71166780a088a35c4ae5dd6b6e31054facea8

SHA256
8d7ab58a7c9135b96382864985bd52d131490bf60ef9b2898b9f1a3ad39652a1

SHA512
c5e41c90f5d39dd0797ae42f5100806cc9a95e1e481b1aa9cb57f7fb680fba6f16970920389ac6356cf983b26dc173dd0864b066d549e67979509f334e6a46aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
a210a84ca509d48c689a8502503df8aa

SHA1
031bd0004377f73be1ac696c513fa4cbf3f58b82

SHA256
de920d4954a3c06d29d5ce88a8688d44c80aec9c532a27c90df8fe66f3d53014

SHA512
ec06ca8f76918995430aa305a52e78e9620638177619f81a364cf110e9bdb00b6e12bd79e95641e84309ec85e003ea0228658b16d57e2d99ec4c469e290cdf76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
3b5a9f6f02cb472dcc7041eb5699f272

SHA1
efb84cb0f4078201457e6c1d1db37f2078a7b511

SHA256
8f851765960d1c6429062bea490c0cefabe5091f7427d8f880b5bea4187cd690

SHA512
aff7ed202ba73a0726f818980e68bffcf8fdb09157e8311f9d9f56b5e8a10a1137b7f613c1c2a0ac97c1c427c7021e57ea22cdecba6f29cf4a8a4fb7df8396eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
1KB

MD5
5581f9f94fa9c5f7c453fb839abaeba9

SHA1
2165f0750dc2c61164eac9fc1483c1931e52bb69

SHA256
8dd0da119dbc4153969d344d75b53a94e0e48d1e52752c34b8608ec53a263056

SHA512
05e54b926451f76cfb837757a0085b6a46db602779bd6088cbaa57294cbbb6cc94be0079a3deede4e937eafa70ac5d36c7f09a27d19410e8e60019f2b78b8441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index~RFe5c5f3e.TMP

Filesize
1KB

MD5
057a7609f3601e90547ecaf3de471066

SHA1
a40ffffdeb24f8d90871dddee8cbc41c5ba12fce

SHA256
c4cc874d2c6e5433d723b65b1f8bd229e0947dfe5912625fbadd1b33652d3af2

SHA512
dfcd4e735970e88f64b29009683c82962ad408d3ee54c2f468408b71cc3f3a622d3220ba000ffc97264606313afd5005e83607dec5dfbdf1e5c7aeeef71c3b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
4bcc5472effcce0b0cf38aed8501a352

SHA1
7b5bd12acb1d0e479621c523bca6e1a410f67ed8

SHA256
86947613b1662088beda86c34b3c153037ecb750622f7c44052df71ea2b86ca6

SHA512
2d24c0cee3fa86f937a7802c4fadcecdab087e939faf4479c4c8cf6fe5794c88fd218bfb14bf19fccf387c3ad6f2188a5f661e32d3b94c0c945f7efbfc90bf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
d6725112b9d86e565c7ba21ac396305d

SHA1
4e089bf3856f5dfabda1d80670b626bb4e49f9cf

SHA256
6bb8ced3f2dcf639feacd7c77807887649693e7473477b00d7b1f8673322579d

SHA512
f9a8d9fde2a6f697d927a078201eb206b4a2517e2e16e7e43c3400bfbb0ae77bf64f1a6aa38619416e6bec28bbeb724b68b5232fe2a33c3736ccc418403cfe2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
8a97a2c24fcf1f01701d566e08e5e262

SHA1
ca100f190c544a196977ea3e8ba20125da63b718

SHA256
fce7c3c65825c0e89d0f439ac0252d7d6bc724e863f57af62aed77da31cba8f3

SHA512
429a7bf07c3665334d4973042b1199f945b0a6c18655ff8cf045607ca9c2a75dbe5610ceaf53f2bc7251b6bf5a8f0aef3c6db067d6b960bb110fc75cdd45fbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
7c1879bed9852e16d832e163ddd5a130

SHA1
4ed825b6b08d0ec0952edb083143cf01400be4bc

SHA256
2e324f039a864f61209c63cbb9c312e8195530e351f8f3a107825b458a8236f5

SHA512
2c9a1efde69c92d4d22c30d6b3041694385d67104084552c59187ed85a7957983da2b3dcdf63acbd837bbad3fa832ca4c911106d1d474ac02c8244905ba22e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
e195b316288e8fcebf15fa1e34be91e6

SHA1
dc5f7000a18a7c49556648c87dcc55cf56b40b9c

SHA256
5a17d05cc0542cfebdbc18c1d593155696689abd6bf2ae5340b0b2c740ce704a

SHA512
04e1e523cbaf61f2c05cfae103e7c5b24f443c22624af8f1ac4fbbddd009bc1e82aae6458deb31bfb228031519c4a24e4b29059024269029968c48589cdefe63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
007a508b08c547e30251d5e7627124fc

SHA1
ed6fcb48d29aec2ebdf313888b53fe3a532d2b26

SHA256
e7b85d6bf6169a2f3496c3f5adbf80c7b64ab09c8ef089025b587e17dcacbd81

SHA512
3ebc1db76c992504d8edff8336c3a6817b3faeddf670c845549856586f7aea22f13e83b4430c8887f0c99121ba1b5095385fcc677023ed9cf154cfa1c23ce30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
6343780f904a14a9c01c7f8e1f91a729

SHA1
8bee11b4757cabb1614ec3246b63f6e8e20335c1

SHA256
95ee6859d89298df2e3a8b8ee4bef748ec0e35a1b0f5d3af039c07b9dbf4d847

SHA512
a69569af1995821172e18ee1160f950a6f420c9362f2921dd84ae54ae21361fe4179bc44c0a2a81c5855884c45d1d1f38850d1b1e3ebf6a48755647d6dfd9c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1535bfbf7efb103069367be14d4f6e34

SHA1
e76efc80e661f04a3a406c7fdf92bc9694b633cf

SHA256
4c04ebd973ed25da86685d714d07361b6b12a3583e186cb67ea918569f7da15f

SHA512
651d21c59ee80806fef80c4eb2a15a2bcac6dc45538db3c8f96d4178079e738f47bba0e20b42b9f6b84fd8b5dc764447e188de29b005135f6e8a81aa58e51787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
343accccd3f9573d3d3f008de8f66462

SHA1
9eee0a5879704c87d232bf19dd98ed387bb708ec

SHA256
1c486f8624156150efac8a28aa8fb8c3b5bd39e95180cbe0d7deafbb9eedd513

SHA512
226956f3fda34ff8e64876f6b8d40e8bd90d94b520c5225fe042805d67e290106bdf7be380242309adb2c106959e54fb5ff1ec33ee914c72f331fcf5f601fe2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
2c3646d9f0edd7a2dd6cdc22dec1b0a9

SHA1
50accb6f56503833a5d5e22eb47f1af91158dfa1

SHA256
cf71086749671e9a339d9d6bc29fdd64f79b1e5aa80d1dcffddb4b8fd2be2d12

SHA512
0dabe17451e15c6ec52a4cbc1a50b3a11dc910766d64e0bd16592422024426d881aeb5afe66323a4700ad2a05433ebc0fb67b229d1c307ef3f0e8b975fc4fc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1c728ee6001710848a419b901d243b9a

SHA1
0dc74d2f1da3318e0df3e8bad7ff36181486df7c

SHA256
5a95f8eb3728d8f64595fb555a7e99b5f7e11a6f6d164ce4a796bcae9791a5cb

SHA512
466d1260c6ce174c2447d77b6984db65ae63453296543c4b3157a46af413e0603adc640efe211a09b995100e82efe7bc29ed28b664ecb4300ec6a8cd1a025e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5973af.TMP

Filesize
392B

MD5
5b5bdd796587468155aa6c01f82bd9ad

SHA1
ec89ac1066b4c89c3defafd7b14d02b0776b120b

SHA256
8ce8ab305ebf1a7cfb700254d85a6b624f4f68f5e952fdea28ae5917915bf789

SHA512
b78dec48d0ee174d61f4a3fdffb5590fe8c1add8fb2eb0de78715fa2f8f9e154b8448bdccab0460edf3bbe284921f9d20e2cfbcd3b1a967c885cf4b9ea41c8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.25.1\typosquatting_list.pb

Filesize
628KB

MD5
c26015b2460d1acf6859aad730dc8f4a

SHA1
9c772753b62eaf995e39ea5ce1ef86454b58f169

SHA256
5d816db5713aa5d2fa0c1de5461729250439d7609d95bd65623c0ea62da192c7

SHA512
ef72f6e7a4ac1eab4c59ef0d90f884e29880a305ca262869b87a90462897d182a45b38fb074d704205a422cb886214c05aea6d0701715917b3092cb15559a6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fc0602a43de065dddbe11a85b40120cb

SHA1
f39d80ae5be803a2e7cb3d215a541d2be9535380

SHA256
69994017064fcf9ab6bda373e778a3d0045fde1d6852f85a037fd4fffd58e6d9

SHA512
86b0d4e85248b7b430349d46fa7a8cf292fd23eac69f82359f471354cd79185a6a891f12d629600e57a6dd40209acc2466468ea3d6705d2aace5480654ad59df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9W6G8CB5\config[1].xml

Filesize
456B

MD5
d1ac750365d1a91bfcce565fc8c62367

SHA1
31d9159c06396c28bdb54e735e1780fd2aa4fa86

SHA256
7beb8da726c433ea58eda2006d566ca3572d8f9561cc8e84d46103ae7f3047b3

SHA512
a3503b3c90f81130187dcf6cd05e8e6613821c455a6a8922fb3cfc3b53a16f14adccf066d526e4d3ef7454001936c453b6fe040a4d042f06992bc731bbc86a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-32JSG.tmp\_isetup\_isdecmp.dll

Filesize
23KB

MD5
77d6d961f71a8c558513bed6fd0ad6f1

SHA1
122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

SHA256
5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

SHA512
b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A0JL3.tmp\Mini_Client.tmp

Filesize
2.4MB

MD5
989ad149451ad17ebb5ede439c66f092

SHA1
bea71b7face1cf0525b255ca1b73c84105d615bd

SHA256
67fe07649daa32e2978def5a2d25e12728038d23363357d07362ca7761fc9614

SHA512
f4997f40bb4149d63c3de23d54e66903342d65bdd5042138cde078b63084e2b2d3e0fd1919f8162c8c5f2925765ed1f97c919b41b37cd6e899f118a822ebc60d

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Filesize
492B

MD5
25482f2d048cfd7b3a6fa832910f7767

SHA1
4378365098947b625741bd6352ec80906259f835

SHA256
ef21d8719f413217c4b6f892a7abf2345b2ca0b19c29e4f58419fcc83d1036dc

SHA512
45d7598a9ce3a3db4e7ea7bac83e5c65ea6ed109a227543f01b739bc028fd949bf457a7217be252392ddefbb6b2e5b4790c92293160bac0f667e4c6cf9a7d779

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Public\Desktop\БУМЗ.lnk

Filesize
1KB

MD5
8e0c6d5986f1048505e384cf9f255a38

SHA1
6b637011169b97e8047fee3eff0b210b91da632f

SHA256
4e7cd753f84dadab02b61b977b86a3afb668ad4146486b52e519179a1ce5d72d

SHA512
b631ffdfae3c7b1d9ca5100edd006de84ca7a2c6addf4fd668d7c6250048131c6beef1c4e24fc54dea649d4139d910e1c55dc121fc7e6d1544a4f83013d6909a

Download Submit
memory/228-46-0x000000000FD00000-0x000000000FD01000-memory.dmp

Filesize
4KB

Download
memory/3868-858-0x0000000015980000-0x0000000015981000-memory.dmp

Filesize
4KB

Download
memory/4148-13-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/4148-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/4148-0-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/4148-41-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/4224-669-0x0000000032080000-0x0000000032081000-memory.dmp

Filesize
4KB

Download
memory/4720-14-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/4720-15-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/4720-6-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download
memory/4720-40-0x0000000000400000-0x000000000067F000-memory.dmp

Filesize
2.5MB

Download