c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xerav1.exe
Size

2.7MB
MD5

72cd201b0337aa38fa3f1ea09185406c
SHA1

c7f3b87cc40d2a50c2b54668a2cf1ee73a88d001
SHA256

f6575d9c6353c6d94526a2fb912087c0ca13dcf3938cfa9752bc4fc0b61a684f
SHA512

53d666f300df08d2f510f7ab3222646ae278c384b90fc51e8e55211253693f0ad6974e650ef6eb238bb79a11fbcd2339a39605c16ecad583a402724e39ea2ed7
SSDEEP

24576:OejiBEv+aBZ/Rm2w+Yt0c+UF2UTxj/AVURxgr9f9aOEIxfDHRgOmaEopu02:uq+yRwIlwF6B1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
68	discord.com
69	discord.com
70	discord.com
71	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2073555981\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_185157822\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2067294296\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2067294296\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1442768246\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2073555981\data.txt	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1312_993392107\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1442768246\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1442768246\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2067294296\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1910008481\_locales\gu\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873848296479141"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{501E0B6A-78AF-407A-AAFD-41B423A8471C}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{2AB7F57A-C205-444B-B1BB-9B979C4C46DE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1312	msedge.exe
1312	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2628	xerav1.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 4708	2628	xerav1.exe	93
PID 2628 wrote to memory of 4708	2628	xerav1.exe	93
PID 4708 wrote to memory of 2352	4708	msedge.exe	94
PID 4708 wrote to memory of 2352	4708	msedge.exe	94
PID 4708 wrote to memory of 4964	4708	msedge.exe	96
PID 4708 wrote to memory of 4964	4708	msedge.exe	96
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 5036	4708	msedge.exe	97
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99
PID 4708 wrote to memory of 4988	4708	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\xerav1.exe
"C:\Users\Admin\AppData\Local\Temp\xerav1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/TzsNVCW2Nw
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x314,0x7ffa81f4f208,0x7ffa81f4f214,0x7ffa81f4f220
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2620,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:4988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3596,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3588,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4876,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5168,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4312,i,11482350469624201103,4131034747404654887,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:8
    3⤵
    PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffa81f4f208,0x7ffa81f4f214,0x7ffa81f4f220
      4⤵
      PID:5796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:3
      4⤵
      PID:3100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1992,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:2
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:8
      4⤵
      PID:2920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
      4⤵
      PID:5688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4608,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
      4⤵
      PID:3744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2984,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:8
      4⤵
      PID:3320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4516,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:8
      4⤵
      PID:4852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
      4⤵
      PID:3484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4372,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
      4⤵
      PID:1304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3664,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
      4⤵
      PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4820,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8
      4⤵
      PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4352,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
      4⤵
      PID:2748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4680,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3120,i,11312597414115907340,1340880016616442400,262144 --variations-seed-version --mojo-platform-channel-handle=3156 /prefetch:8
      4⤵
      PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1312_1442768246\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1312_185157822\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1312_185157822\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2067294296\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1312_2073555981\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3d22e8bce0595873e528301bd5163e15

SHA1
ce63362ccc46a22e6a8127348b99516cff221cf0

SHA256
033b88dfd9e570f133e6c4e906d032d071f2ee57526e18d863eb71806a5233f4

SHA512
f8d7e9ef353f289e8a0215061750fb04190e77ade759483230e8e5a6a9ed9f39cb6e4a13a20a13cb799fa3ac821d6dd213f6e10649151692607f7a1d2f6f6432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3bc0436155bd4b0f599d7b9daa80c781

SHA1
ba5c8be8457c91fd3952df4ba8bf6b7367e8acca

SHA256
8c913248538f622dbd55e0409d426d0678acac579da0648280fdeb14d61040f4

SHA512
3c75014f0b08f629d02213dc9c297901c1c53b3d91b58bc90202159b07719909443cd6f1572e9b1295c350084fd69d86e4771677f6c2d787f1629f0644fe173b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e240c2cdb56dd48298c139311c6ece2d

SHA1
3339dd0b493181c33ade54bda972a0dabea4f7a1

SHA256
46328c9cf4a5ebf4c2cca1d119f39b2b3ef4d2806937b8f5aec8391783d306a7

SHA512
ab4596a612cf4d65553fcd2be2a41e695a91805da2e5aed71146cada461821d677128b539422848ac4be9bc8caa7be286ed7afd09e2b53228fccc7926dec0804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ca7a10f0219f0dfefc3f1d01a56b2a7b

SHA1
17cf94962dc2c41c4d56559cba6a92e0616ca50c

SHA256
a16f5b52de6a79edadc22a7453c69d678c2a7181497aef5a0746433f844fec7a

SHA512
7a9f15d9bac303cffd9fa610abc39ab2ae8b19f284faa488905c3aa4e44bd0212c2f0ccaa4a2da690348771876a432461775e3d7c9e633ae093d885f059ec8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
ef1d7e88c7f534a3b1eb3dcc6d5db0ef

SHA1
adb3176033c32d0ab08da4f7ad412b84011529c2

SHA256
2128d2dab015662df97882a329efcadd08e0639fdf90e333a8142ae7baf4c0fb

SHA512
41f3700b503a7c6ae5a497070d62edf6fac608b5c9040991518ce034abeffae89da87dacd5f6c80187ca3b585ce849d52dc626b1522019334531f9ce6931ed4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
198KB

MD5
8f0d68aa54b4beb6c3a2e99ab4213782

SHA1
823b776843912c5423a9283c2941dd0a287c9d85

SHA256
6d42bccc9417113d7037f99f4c3c94d154d4e101bdc81a85f65ec185a1f7eb82

SHA512
ae5671d31e6f539f5da4f764725d27958a2ea987ac9004a18b2d777bed9cdf14c186356438e6695d9ad52093292294924caad13058e402f87f7cd1035096be81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
236KB

MD5
8262633b1433e0a4a83b4816065975d0

SHA1
256efdc4835f31d8703bede57b6c89378bf406e9

SHA256
ac6b4b440e8bcb53e6691bd2015617f35ac78f9841ac1d3175960df89a15231d

SHA512
680921cbf3c060cf6fe5683d55d50f1557c1b85cc3992864d7acf3fd817c7a4fcd1029707d0e41f73f8401cb1448007a71d3bace06f0333c7dbe979f6a23d3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
3.3MB

MD5
791aeab900b2e9d63f7f75106007a63f

SHA1
d7c4ab37c064b75c0947d17540c4754a8ef8edd1

SHA256
f8244ce176b564a259187991f9f72d437462163a213d952eb1f28d1847c3f9fb

SHA512
32211ee8458ab3b2931f4201be1d4582e848d6699ae1222e26da6bc5f62cb73d804a1f3ab8116e27255811fcd59962e5c4c93196e74e7e1f54d792416bb8fb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
42KB

MD5
281bba49537cf936d1a0df10fb719f63

SHA1
4085ad185c5902afd273e3e92296a4de3dc19edd

SHA256
b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

SHA512
af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
081c87900e003920aabe7871a59dbcda

SHA1
99710082b61bbf94f08ad4a841721b55f16838a3

SHA256
9c1a34616a85bbb96ec031d5f887e9b889625407f4e11c3aff2eb61055cb839f

SHA512
8ab69705514105004c002bce101c7841d2b763b4cc15fe6c1745a30506f67a1a5a6e6551ee76019fe8fcd1eb50bb341a2f3c6c9ab269996569d4b30e1182908f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a299.TMP

Filesize
3KB

MD5
e14b5ddd4c96a52b7ecabbc0c53871f4

SHA1
bf28a97664bd402b46eadd989feeedea7e4ebd23

SHA256
d666dc7bfbaeebf618881edf6cc1210bf01c6796cafb69082f56a954052c2c27

SHA512
a3d1774d017960d830c9c07e6e540ae59fccc1357dc471f04ddbef70e837bc2308650ae1195fa6945c5fb90f5b82e6fbc7f52fe0a51637a1761f6698b54ee376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Consumer.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
0d47c23b664fcb1d9f711e3487662b4c

SHA1
524d2d5bd81d688b0e2de7972545686e93f567e1

SHA256
e0f23e88764cff6512446e5987052f2034ad07d15deedffc599866d025e6f6c2

SHA512
df550e5f6d1cefe6c5d985ed552323b3e8a34a1d3e254d62330ffa6ee167684900d60e7bcd85bb0295d7942d08e59f3ee3f2833839a7431ba4cd93474d09cd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
d328d7bc2af9a007d5348f5e9c9be0fc

SHA1
bcdc0bd831961cae253067754cee8b277ca99fa2

SHA256
00f6ddc528f8f5d777019f0a089dbae739342941b25ddc667a050314ebbe602f

SHA512
3deeab4e9df394b94d10e20151ebf94d688d35322bb1c998e1f0d181b29050abf08cc242f964e4e5e595da11a2b7fc4225e5d98269a8e22e458e6d6cda00cba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
dfabadb86c006f5668520229020594c1

SHA1
1264e097a81b5ae2a6d53c14fda464584ca7ddcd

SHA256
edfabfc66bdd882fd3cfb5e1e793dabaa86d6630acfecd9fdad0953e4be7253e

SHA512
286b5cc72402a069ab3ac8958d82015e3fd425afe4b09f9a4acf0902c8af0fb7d9ab92cf856991ae126b697543622b6a980118c970923a654abf0a910523d239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
4KB

MD5
3225e493aa02348f6648487366bac68e

SHA1
3668fbbaddaa55eb895d5954600d303a0151a68b

SHA256
4f6e8df2d07679a91e3342659e5b7a1e3f99d80fe812fa1db3ac889dc21e0879

SHA512
f265950ce716601bf880e6bec695be22eaee49c040510467300011101f9695096b7c309e54defc5653d4b90a11a32c848c6d288f517cef01a45d1a0b2547fa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
cd4d1e32ed8692bb67c8db6d1c1fe45f

SHA1
8d345a9e2f83fd963cdc9f7f1742a0d45e57e817

SHA256
55eff4bdcd2e79ad57f8e29daabde77f8f990f2b973f40db2ccc6574349f254b

SHA512
e2c252c14e112dc5e8488cc77d60cba833300937c19b279d1496ce2704165326b4402f925c42083d8bad90bd2a6e2e2e418c50176bf7f9fa26d15c99ede94bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
1ec00101fa9091933dd986e4c934ab80

SHA1
698589d478ab6cae969906d6c0a7679096b90164

SHA256
e94b2af5c4a57ce4c8e359d757fa248017568bbd74ef09ec66fbbc07c54963d5

SHA512
5a5628ca8a150686213ba7b67ef20df3aef20b70abacbdebe2887307ce94c8ba67a865c580c42063fdaa12f292b0ab406100d5c97d653b7daed889878091b94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b6abb7006a535e9ffab5d331344903e

SHA1
9c1d3e5de457dd3862b2c6ebf953bc97ff43ddb0

SHA256
10166e7fedb64e7dc6326609495a381b36781b621b378507557af44a2fb3c1f1

SHA512
fa8e62fcfae598970aa4ee0a0da9c9be33c04d9627c43ce8fb581120a090b337d84b21e0b39c12a75208d2c18c9f1ba37d9d90675bfa57d6176c8e0f8d3420b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
66af4e83d6fa56ddfd3c64560999a5b6

SHA1
a550ed4c537d2fe6d8396470768bb5191e9b797d

SHA256
48d57b0739e8bdcdd307120a6ff15bac7241b24642c59f087c257cc6f4342d6a

SHA512
f3f63d3dfaeacb3db5928f8c3fcc5a7b352569d1e0c60b5eadce986ba65bc34569a04affa92ab090f8bbf4f485e7b16f10ec1eab08211b41d0391bff8e316541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
eacb52a26112cd61a149bd57f8992561

SHA1
5fe336afc8ff17c08c6a5fbf712d356b012b0f5d

SHA256
0e837495372682974a8845d8311c0566d586639b7af6ee73fcd53518379ea457

SHA512
a763df5e1fa08bd1c45a53e92f89c7ad305fdff1895e9f7bb3ddae794658e6d7262536f14af6a9f274a9a02a985638def63f96dc7f3fa9152623feba04511e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
351B

MD5
dbd240f87fe0b5c6c2c7db14bbe0f851

SHA1
878a0ddd134f827641256adf03c8a6480aca8800

SHA256
e2b34d700349e120ae6b88732caed5ec9c74be512d9b884f65e8a74641f8adae

SHA512
2b64fe9bf26995942ab0b6e3cf33f69af1ea1aa7809f0c064db77d4f1563ebf33c46bc190e66c1550e1c1baa325963cc02381cb0f77e04932e33f7fb393a4f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
82321d4bfd674653f214f81c6153b512

SHA1
e6c59255da8e7900a81ea64b658bcce9ae13662a

SHA256
b4dc2c78a16ea0c9446d4b97175ade0cfb970b657a591dd2cd66dfb389011824

SHA512
7a09f222ed46608edc535948882558e565c9675cddc5400d41d10b83c24485ee2e9e08337d4cedb0f416337fb96066b1a9f9ecd08e065dd3907115c3a6022d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
4d9d8818d021b606c6cafec5b42320f7

SHA1
395e1bf43c985e15702d90976d50d2e7d9188ce4

SHA256
44725b88536231db1af5f428b3a94e8e0396ae82bfc13669fe6ced261ebbd2ce

SHA512
1d25d2b4c898055dd1735a6151dedf57bf43341394972e6b3262379a6c78fb94b39c58d58eab4f73f4f4f159b68a645a0124616aaf7713c1175f6522223b4ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
25da02e82088bdc0ddc448d434d3b949

SHA1
3d6f5a7f3de08e7bd6dfe9e6d6c42ecd38dd6af6

SHA256
2a1cb247fa7f56e04b2a75404608e3a94aee5f8d5e9b51a4dedde8bf16a7a269

SHA512
ae1510bba2ece504e6f0b9baa0674e530a4eee56ade95e34419efca866b562ece985ece439abf74226783585461771e32191c52b7cd87ccc6d6bc6c64535383c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
dd751a0b219589011b0e6dda6ea9836e

SHA1
10712560d9a360c6cbbeb4e5a456839679c57098

SHA256
57f0b68225e353c187cb7ec174288132421169f26972481bb63a22aee2d5222c

SHA512
9c884f3f5a7b1b59dd4bdc42c3e5f5ac7b8c9e8a9f380bb30c70f91bf50b1b3117ac04afc796853bd6e09db99ddfac3f1386db712ac5818333ab15b51a088d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7ca8d8afa245e9f19b3be68c935cafd3

SHA1
c1ca4acf2ec0808c40810421f439353f682d0e68

SHA256
a908dca909bfb03b10f4f2a238965d71a451c6efe0e62b186a1ae004c03dbace

SHA512
68d87747c3f96f84faff01e530a168d4ca806040fd24ef306413b9fa1bf60536d6de75509c07cce6826ac2e107208fe42741fb77113beb1b21d4511f47fcf557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
24KB

MD5
04e6431b812b936c9f1167d4a9802bbd

SHA1
e5f5c16a2168c06a28000cfd961bf6b784c89df3

SHA256
abc9692d3f8f14fbae91c561149d6553b98d3caf720cec419d3706295d3716e0

SHA512
64e6a61c5f4d5e80f3640810d36e794a32a7f9deb4679c3917f448b23ae5d015102b84dcf5ea4f000f5c53eb5d0796e0d84cc4fafabbe110eb711d2fc2b70405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3e7c0c1bedb3f0401776cd31eab5cf3f

SHA1
dc82dd1bd8beeb3e84341f7bd6a66c7d560d27fd

SHA256
1152021f2a481dc6b2ca4f7f2ad331e28219f5ab5934bc22f83de7619280f2b3

SHA512
d81775c09ceaf9b050194512c90920fcc287bea7b111c8f6bd20f36f7537d213b1447ad8eb68432f3d8157fa126e936d83292b5aa7f9d2c2d28c244108ac9415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
deb182d0b7f2e82bd5d553a58d4dfddb

SHA1
e6a20780252a7af6dd8e5808dc1bc22e13ec1484

SHA256
e66ddf85081c892d38335e2c1651a4499bd8ed2c0dbfad8c8e99d26e9edf2526

SHA512
0686ec58dc2b88ae18b2f1beb23f092fe38d38dddbdb6a0faa173b6ec104cc9be789e5bcc31b55f859fdd8f352c6f9ee258ca52543daf06f2ab2bed3dec7ee84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
20a4cc8e905085231281f03d62472ea6

SHA1
77e70564e13dee62af029956944987cd03f74f5d

SHA256
38dd63d3099d2c81639761bd74f525487425aad93e4e034a1695c2c7182c6d52

SHA512
4487f303392d1f62830935cf785b1bbcc9f3ba04d7812e61311b01da6c69576bb468af9df250dce16e21e06944b1a6ad0a04d4f37777fb2b6f7569270f0cd1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
15461fc253116415fa14848d7226c88c

SHA1
94ed7935c7bda1a6566dc9d4d2dd0bb1f93cdf7f

SHA256
4c4497d53ed328aa871b157e6224349764638740d458b4b830e70d9458ce62b0

SHA512
fd8fbaf2d1b0d9bc3e2dc09da8a09097abc03c2873ea64f166c02535ace23eebe50b06334593b07a2edbe366190f9aac5fc581224368fbee72497bb8173a655e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
212956a462200c8374c04310e662ef03

SHA1
8997abce19cb3681b079cd5cbc8900aab69a7d6a

SHA256
a59f75367d4dfc49d716a111b9eb02b0647318d0736ca2867af5188ef27a04af

SHA512
66eebee3dc673d8d7b848dcacdd058458aa4d2c8b5b946d23ac356664279c469abe4b10f3b73278053203f35a8f6fa131fd94a06ad1bf530c64ea70f8f36d067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4a616f1ae993f0e0d78f1a701c204812

SHA1
73d7b085c062966b78977a3f9ac624b1d14a5a09

SHA256
fe9c07167a847258bab88d8067811b8abc1dde61ac461d3a81b17b6cfc3ebebd

SHA512
a4235db7ff35cc40b126396a91780d91a7b04d5f8937e26c57d190c3a32f811aae5a06bed67b0256f3d777f7930ba393a8883c6f4e8824d8925f53a43c896e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
5eb2996f051b6051ef10b0f82c5f042b

SHA1
2d10c36b67cfa42fb8015cf09fe642ce046f09e6

SHA256
452c3ec7b0792534afedccf2af70f86a24a394dd5d8c2a8a979468256363518b

SHA512
412525ac86a79bd0796e136dcbed16295fe3a61f836f5948271f3ffdb01c366d589253145e9cef6d54ba8eaf6da53220fe635af4fac76805f44e4ea705dbc5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
d0116318c7948811411f679f639e9808

SHA1
6cb5ee0924514ecaa2b3759f47106ec276ef3bdd

SHA256
bb01d65f2956eee2284d468cd02111bba06e9b195702d801d05b408e58955ca1

SHA512
d33d10a867dd3bfa5d4e6f5ed7c83eee751f2ab2ba5069fc36807b204eae8b51f6ae850bcf5e78cb18c25af36649ebe7de0bb584e7729bcb784bff4a2b2ae2ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
6f4c49897ea34d83daa6793d3158f9aa

SHA1
e90da01011a2bb3590f7643f275afac630a850b0

SHA256
d8c997e4ca13ac76012dbf191dab8465d8e0d44f0dbe8286575e4bb20fd45bf1

SHA512
432c76e2226c3f1c449c14b2d05ccbba5a99bc9674cdae169fe5803410a9bafd6ab92a880ec3988453994d4977615ad290724b0b95c643f26d5119df8fabc94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
5bf87780789fc1529c16d4cf2c0523fc

SHA1
d9e7ab9ce036dba7047a6b18fd450a8479af305e

SHA256
082858de383eab1a40facf1ce48ce21538b9d36bb3e8f9590ea5b4c2ad1148a8

SHA512
bb32a19a14c117eb5fc01b3f03ccbd2cc1fdc954cdccdf76666453ce7ec6aa4ecbeee145292ff35272aa7aa9809b8800c9aa9f3630fa02c9002a25d141b5a021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
9f5b93455fc6ca46f3cf76d4235b1110

SHA1
8d4a8264d8bc90a10d3f37adf2e4965523717759

SHA256
57b63afef9a0886b50c7ed92b080c66518d83f7eb5e49e380c6ca7a23ac163b2

SHA512
ffcbe6d7fca45d16628e7eea24be1a2dd4ca402715c268b33a9d06635bd566ff122e82394fedeaa2fbb528b9302a5a644698cda6b2f42f023314b69578288983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
ffd6a247047ce333868b66aab21365cc

SHA1
7265458307ee66bd120b2a3435d240ae7e05a245

SHA256
2d647fd06b44723eb5d3069b61e85c887292e3aeef871bbf61e4caf3e57d76d9

SHA512
0aff0b965761843b7b4da77d8c0179e6171a793840920c3d87148f1ebd42e686ed26a5ceab151408be03bd28762d65fa0ea931dc15ce54d74727d13b88cda19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
ad6e9599ed3e61fb9420b54308f19c0d

SHA1
3d94da82c588d6b958652d599bf9772734ecb933

SHA256
540698d092f00e57009da7853ce6ea2f50be6b859370609ebc835c27050fe003

SHA512
fa4be5efbdaa6efac93c09db48b3333757dc20021423a412e579c024410edc03ab44f884849b6d72235ef9f5173aa3325a727824e55388f962ebccbd4881f7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1937aafdb3186cf2d4606f341c6842cb

SHA1
a3a3da72dac54bb73c577706a965747b73212bda

SHA256
03010a4f75a86a58296a529b718782589a96f8b48d1e6c857ab9701f821f0ab7

SHA512
52ec3ca89f5ecd8352ed9044adb17d31f58f05e7391d3a8da71d91ac9ae3274633ab77d27552cbe66cf1a1deae38087b2315778959a4fa4429291271f47904c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
668ab8bfb044997eac78bb9284909fb9

SHA1
2172bada51b51c52b962a77cef7d0075ba8e8232

SHA256
e4c0414a9c2b01b62d70f5844719159e0a91e84b182fcc323c514b850080084b

SHA512
664bb447fed20e872da2d48886cefff53da42e1503535a87d82f3e5f6e1f4cd08a8ec1fbc8874d52965ccb496a02d909d7bcc79e86579c8e92b4ed115a10af57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d2e93e69ab3c664a1ed4eec568b71b2a

SHA1
26c7bcd7c5763c1f430f9d055a8d699554a0aed3

SHA256
c60f3d42e3ba03456e42be19c764c26b0030099d2d5da8ee9b2cb6ff988ee64b

SHA512
d3e13d0f8e092aca23d794085d50f1a87c95fecb43d7bc869fce7679a94b92ba10191d2a40a8729d60755e564cc484691c30afd5c0e389e3cd2084d0f0d70973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
cc405e0156aa7215117473474b159816

SHA1
9888f789fba0c2c57d416c34c1c78493b5ef0024

SHA256
5f3b63b8c5fcfc68a64d5c933f637dcd53464962ed55b8c91365dd861da559bc

SHA512
68465550690107f05ef3922d47c62682403022e193fd691e8e3407a921cce1f565dbe37511fbd2ebcc44c6293656c12f3072beb54851975d79b6fce31c65d82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1d3e34733361b043deeb689846a8d554

SHA1
11d2b0d1d38def082c17baeae8e80bcd8a3b6e4a

SHA256
2557729f919f81e80ea0462ca3cd2942af8960224f6b38b464bcfcce46df198f

SHA512
15ab75b702f77d6708c8d7ce170e04539b5be641e3e7b73f9d1f53c48043f3403246661f1259d30d6e03f2436611df00115ac7fe57cf0496522ac0768952d476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9e9ff684b0821014a065fb1273ed9703

SHA1
75260c2ee2c7d8759812bfb8475d74ec4d727b07

SHA256
72d65926c0338120159479a87a5b8df4704f36794244fd44e63944dab58ca2c3

SHA512
75fb1372b7d3da11b74b55938718afb5e724eaf5a85722501db035ffaa0b3497434c5823ec32e15844aa274e5d054fbd7809eebb81994af34602ad79b2f20f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

Filesize
2KB

MD5
e428d70d3113ffdd249de78348cac2ba

SHA1
50bdbccc37fc8479bb75f7fef17f0759f2dd501f

SHA256
1b459cb94c53a7d40a69818ebff431c640b7cad593fbadb6f4af0a531936c96f

SHA512
1ac7b1c56f79e404f55cf2cdc9797c735145b552e2607638f41d534de5468f1de173f1d40a75247ef8a344ac44e0066eb9393fd88d23c4e9218d236e59d3c4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7911e317-7710-4b25-b67d-0801fcae5583.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
memory/2628-11-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-3-0x000000001B510000-0x000000001B65E000-memory.dmp

Filesize
1.3MB

Download
memory/2628-62-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-61-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-6-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-4-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-5-0x0000000000D10000-0x0000000000D24000-memory.dmp

Filesize
80KB

Download
memory/2628-8-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-7-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-2-0x000000001B100000-0x000000001B1C8000-memory.dmp

Filesize
800KB

Download
memory/2628-9-0x00007FFA87C20000-0x00007FFA886E1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-10-0x00007FFA87C23000-0x00007FFA87C25000-memory.dmp

Filesize
8KB

Download
memory/2628-0-0x00007FFA87C23000-0x00007FFA87C25000-memory.dmp

Filesize
8KB

Download
memory/2628-1-0x0000000000230000-0x00000000004E8000-memory.dmp

Filesize
2.7MB

Download