56387eb89c61959a06f8d96544dd4ca182fb17986b0fa3d139d7fb0d96c5080b

Analysis

max time kernel
887s
max time network
832s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scenes i like.txt
Size

43B
MD5

9fb8c41a40b9fc3b57825d8acdaeb71f
SHA1

6d4a793f867088b9c44e321ae8add32c7d9148ff
SHA256

56387eb89c61959a06f8d96544dd4ca182fb17986b0fa3d139d7fb0d96c5080b
SHA512

dc3ef7a27d224dc2ad2fc6732f2c1c0d0b1b85288c28c42ac0262afa8068d17680497c6bbbe34ac9e3224b95091b9b23a80c6a0a93356806db1329bf7000c915

Score

10^/10

agilenet defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
292	1840	msedge.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	7zFM.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	MrsMajor 3.0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	wscript.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
2052	7z2409-x64.exe
1704	7zFM.exe
5428	MrsMajor 3.0.exe
2764	eulascr.exe

Loads dropped DLL 5 IoCs

pid	Process
3512	Process not Found
3512	Process not Found
1704	7zFM.exe
2764	eulascr.exe
6120	msedge.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2764-3332-0x0000000000F60000-0x0000000000F8A000-memory.dmp	agile_net

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
212	camo.githubusercontent.com
213	camo.githubusercontent.com
214	camo.githubusercontent.com
247	drive.google.com
457	drive.google.com
458	drive.google.com
245	drive.google.com
246	drive.google.com
248	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1618623920\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-ec\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-ec\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\Mini-Wallet\miniwallet.bundle.js	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_789421795\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_268154250\shopping_fre.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\wallet\wallet-notification-config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-tokenized-card\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-hub\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-notification-shared\ja\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-hub\pl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1561331821\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1618623920\Part-ZH	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-hub\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\Notification\notification.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_268154250\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\wallet_checkout_autofill_driver.js	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\wallet\wallet-checkout-eligible-sites-pre-stable.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\wallet\wallet-stable.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1561331821\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_268154250\shopping.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\load-hub-i18n.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-tokenized-card\nl\strings.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1618623920\adblock_snippet.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-ec\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-notification-shared\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-or.hyb	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1561331821\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1792348563\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-shared-components\el\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-tokenized-card\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_548263380\_metadata\verified_contents.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\app-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-tokenized-card\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1944_130957647\_locales\gl\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-ec\ja\strings.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1944_1553731552\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_789421795\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-hub\ru\strings.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874697535659376"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{1C5D8BCF-7920-4EE7-A2F1-1A3B63A59307}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{5929582F-4C69-4F3F-8C57-89344A17BB59}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1704	7zFM.exe
1704	7zFM.exe
6120	msedge.exe
6120	msedge.exe
5256	msedge.exe
5256	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1704	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
6120	msedge.exe
6120	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	1704	7zFM.exe
Token: 35	1704	7zFM.exe
Token: SeSecurityPrivilege	1704	7zFM.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1704	7zFM.exe
1704	7zFM.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5428	MrsMajor 3.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1944	2284	msedge.exe	102
PID 2284 wrote to memory of 1944	2284	msedge.exe	102
PID 1944 wrote to memory of 1552	1944	msedge.exe	103
PID 1944 wrote to memory of 1552	1944	msedge.exe	103
PID 1944 wrote to memory of 1840	1944	msedge.exe	104
PID 1944 wrote to memory of 1840	1944	msedge.exe	104
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 4948	1944	msedge.exe	105
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106
PID 1944 wrote to memory of 388	1944	msedge.exe	106

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\scenes i like.txt"
1⤵
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7fff5f12f208,0x7fff5f12f214,0x7fff5f12f220
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Downloads MZ/PE file
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=2704 /prefetch:8
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4968,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6092,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5932,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6132,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1
    3⤵
    PID:4108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6908,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=4888,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:1
    3⤵
    PID:920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7052,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:1
    3⤵
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7084,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6968 /prefetch:1
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7212,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7176 /prefetch:1
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7412,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:8
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7424,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7300,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7904,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:1
    3⤵
    PID:5944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:8
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7172,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:8
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7336 /prefetch:8
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6876,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:1
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6776,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7516 /prefetch:1
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8092,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:1
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
    3⤵
    PID:1088
- - C:\Users\Admin\Downloads\7z2409-x64.exe
    "C:\Users\Admin\Downloads\7z2409-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5436,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7540,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=8328 /prefetch:8
    3⤵
    PID:2424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=2984,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6948,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7804,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:2
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=6736,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7924 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7964,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
    3⤵
    PID:2524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=2856,i,17487161425978064101,15169689522851661511,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:1
    3⤵
    PID:4000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7fff5f12f208,0x7fff5f12f214,0x7fff5f12f220
      4⤵
      PID:2464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1760,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
      4⤵
      PID:2204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2084,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:2
      4⤵
      PID:680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
      4⤵
      PID:3016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4248,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4248,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
      4⤵
      PID:4028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8
      4⤵
      PID:6012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4764,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:1
      4⤵
      PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
      4⤵
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4716,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5124,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:1
      4⤵
      PID:6060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:8
      4⤵
      PID:632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
      4⤵
      PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
      4⤵
      PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
      4⤵
      PID:4084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5816,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
      4⤵
      PID:2676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5956,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5344,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
      4⤵
      PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:8
      4⤵
      PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
      4⤵
      PID:2384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=3268 /prefetch:8
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4388,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=3268 /prefetch:8
      4⤵
      PID:2452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3784,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
      4⤵
      PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3320,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
      4⤵
      PID:340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4004,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
      4⤵
      PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=2796 /prefetch:8
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8
      4⤵
      PID:5952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1980,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8
      4⤵
      PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3792,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
      4⤵
      PID:544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,11779849711548840139,5954437997473095796,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
      4⤵
      PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4560

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\MrsMajor 3.0.7z"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1704
- C:\Users\Admin\AppData\Local\Temp\7zO8A662809\MrsMajor 3.0.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8A662809\MrsMajor 3.0.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5428
- - C:\Windows\system32\wscript.exe
    "C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\693F.tmp\6940.tmp\6941.vbs //Nologo
    3⤵
    - UAC bypass
    - Checks computer location settings
    - System policy modification
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\693F.tmp\eulascr.exe
      "C:\Users\Admin\AppData\Local\Temp\693F.tmp\eulascr.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1944_2105242297\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1944_2105242297\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1377528412\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1445887149\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1551669145\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1561331821\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1618623920\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_164166666\manifest.json

Filesize
118B

MD5
86095c966115d8fbabfe3e7496461e73

SHA1
9f6af2a9e4608c25b5c9257acdf77ba9838abc1d

SHA256
9313c1c29918e4a75e85b3146647555080286d61517f0ac9c62c1993e274a6a6

SHA512
51970ae96e6af2a2dbf086ea25a7ec6912a76954346dc85c885e6fd81128699abb14b368b09dd18c5d34183734fc6cfc8dcf0db03b916cd1dc21af7180653005

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1792348563\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1924432136\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_1955894833\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_2000958264\_metadata\verified_contents.json

Filesize
1KB

MD5
68e6b5733e04ab7bf19699a84d8abbc2

SHA1
1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

SHA256
f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

SHA512
9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_2000958264\manifest.fingerprint

Filesize
66B

MD5
8294c363a7eb84b4fc2faa7f8608d584

SHA1
00df15e2d5167f81c86bca8930d749ebe2716f55

SHA256
c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

SHA512
22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_2000958264\sets.json

Filesize
9KB

MD5
eea4913a6625beb838b3e4e79999b627

SHA1
1b4966850f1b117041407413b70bfa925fd83703

SHA256
20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

SHA512
31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_268154250\manifest.json

Filesize
145B

MD5
92d8fd80d37e7f7ceab3b7f7e9ade68a

SHA1
f350b2460c3d9a9dcf1ed3fb965f727503a7944b

SHA256
2262c642067206eb885632bcfd0e12238155a14c98fd46be587c852471514513

SHA512
8112d4bd7256726fe63dea0eedf8c274f90424d29ee3cc4c360ba0c54ccc1d07ef36faf1a2fe19d1aea1447dd5a6ba6d2db0607161c486e882bcb3c01885238a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_501933634\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_548263380\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6120_789421795\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
bc415a9964532b71e595a0734dbbd6c4

SHA1
e422949560fb1f2139b55be5b8cbc0b326e21a2c

SHA256
164ea82adba247e4228ed89394814ec8060a58ffdfbaafa9094a712b4cd66972

SHA512
cde02f5d8c0934613f2187589c531197e44068ec026950d7e313daacba64d977507be706ca4a22fafdfbbfdcc58b95545cf19ee2064f59266012ec3c5f1f2b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6b415d668030d8c6efd8d9e309dbc0ee

SHA1
6fbf3136ceb3fa0c2b6bb389013f910084f0c532

SHA256
c387a0b058e4c2fc25bceedd954a311a90c0b8a9b5716bde5453ecfb770d7608

SHA512
e712b06d50874f8bc55b8aacca095c56e2c68f642547488e8f26ee0ac395192506188f43ad645e12afdaafd6e66a489d19b34199bc3e34e2ab3e009392f3dec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
77c85318a78a8b3e3b09b0014ecd23fd

SHA1
f3429e591d0f4c0655b4ffbf5e91ed9f9c7dfbea

SHA256
5fb44400aa9edbcaf8f97763aca7ec8730a49d9ca802712051a2775cf78c8038

SHA512
909ea041579846090285fbefde0c8d93c6277a6a631c18b48a16cf851197059704447bf4cd86a9a11052d6e5ace669448e62d1f02020db0004d73b6acf690f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
023286e183cdc31a121fc95a6b7021fe

SHA1
85260694d9081f97adfdc4569f5c2fb6037553e0

SHA256
68029e3e963fe2e870ffe20d76f386c1ed782a2d3ad41e6206dddd09ffda1a4c

SHA512
19c584386fae68ff26bebf438522b7f0111de282add71d1615ea552016f749ac9d654174668511c557ee9d9fd9cdfcca5a0b6af2b4a290dc2ce1e7855604e14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
75cb11fc118737a03baa694e5d0c5f13

SHA1
977b7737332763d6e813eb58673b9de1b2cd81a3

SHA256
54d79a108035f8e109279094ddd70a8b2225eb8859e0174db6529ec55b1ee34a

SHA512
61afaddc1f6d6a5f6392781c29f553810ce301eeba4da8bf858da5adb7bca48a4d8a9742b994c0e3f9bd884922570ac815d2917870167afc407414b0e111c771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
80KB

MD5
ffc6425014a406b716896da0ff3701b0

SHA1
a49e273d6ddeb2e8966c0c2e449daa903d10be16

SHA256
fe0b9d15b93c38bdc6c112ad0f884c804cd1788dd09c3f824bd792a62155b53c

SHA512
d6c9189e9093447baa82e74d064f2ce4a8662ca65ce9461192dcba1711f7937ef6041129a7bca3aa3ec3f6f16c4fce7e2ec7db951b042d75e2207fdc1d38c24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
776KB

MD5
de132ddcb7a0ada52affd53aec40f6b1

SHA1
0acb3ed41042edd573f4bc0c9c4c16e0bb1ab077

SHA256
7bfbb92f684ce9a9603ec0b03082edfcc3dc85ebf76ce2f43326e69f35328b64

SHA512
20f9a2f755ff27d5790abf539f68897d33d22ad7822403f7480bc2f1a4945d1df5bc34a2476d18e13150ef4083d60cc17638d44ba86a5bc1b10d372f520ed34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
ad323825a46a9281e444c1694e91d040

SHA1
b4036df53cd6148e4985507c5a0094c56c6ce246

SHA256
681484ce943e768895959b3c1343faf1685802475d09d3e90155b1cad1a43b77

SHA512
30342c168d4b38614812359d46a2d113aeacab0bb140f62fb6c91e098347742998f0456eca691c4a76f1fdeb90619ea0d4d12b31c79a9c260ac38b1b4eb216ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
906888527eb1654654da0f147fa6dee4

SHA1
b881a040e1ecf159243edc34994034baacffb688

SHA256
0ae93743b7d7f1e11158fe692026d5bcebb60c32627dfc81f9e6fb11a00f36b3

SHA512
cd3f6f90b26ec410ea444e2892f726cad28e1e4f10781d44e50ca3d68d909199547d28a7f26130eda86b9cbc04786b90ea64b587efe5e736146617bb190f5c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
58KB

MD5
4b65b2ca1d8e6a6ce7c3d85eff5cc9a3

SHA1
12ee8704e7f53b97d6fa717f6f3f0b65b647e80b

SHA256
685adaf8a77f470bad624bd07c806cd0ba1ca78142fefb12eed1f0d5a622be74

SHA512
81233851e0313b0ebcb937718d860297326cba53822e1b54ef59cebc63c1e86153425010e3a4007803a0b367053fa65a32adf3b1137e4e3f2d63c1ab2e69d8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
355KB

MD5
8bebb068d7b3e4da3da00a351ffbcb7f

SHA1
15e86f085794ad430236ef70b48975b89ab5eea6

SHA256
d5a92e059d0269d8908685640475d5fe0e40632ae66657985aa90359f4eb6f29

SHA512
39d93338c9c1fb0d15d0fe49b20322725799931a690238bff85c99942f78cfcebf12a225675cf0a85469c01a9789483bc3a38f66f2cf2c19e3afbe90f68197e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
162KB

MD5
0b77a2083b01b9b80c25f710fe23f1f2

SHA1
dc7b44d3c57edd5d3538ee103b0b222d71ad69e5

SHA256
269efc2e23f1b250422af7abccac11a556ef42fea17869f8008995084f1121a7

SHA512
939f1efae34da01617ef75ef8b37abb22631906a3f30e8267c2b8acc51a17a35adac56e20f93dfd8c2a1c2338c3bec56793aaa10ac125ca49cde74b791dd0634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
72KB

MD5
7b00f3c9d3dca832b926638c4b64116d

SHA1
d6c7615003d5bee1b803879cfe8dc0f3ab128fd6

SHA256
1ca893a0708bf27846dafd08911214075ed91ac73dbf4501429939ed212a06cf

SHA512
407b29ae67480b502c83a8c19edae49523d3bce6d4ebac76ec1ccaadc72d39581e5ac4a0a0e038c8f98663254221935eaa9480e5b1e83215523c9c2e52ccda95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
64KB

MD5
baeb5f5b74af2049f2a811c61a6cfee5

SHA1
92d58959e524e9f44bfce1edee4aaa52d37b5317

SHA256
60e3b37cbe16239abd8b2f1b7de15bdeebfad572f041ad8cc534aac88b1613a7

SHA512
beb2d5ce21d7af2bc52af619764d82de0b16d3ae6d9d0b833ea486d4931d1a911b6ea6208bcc1a7ce3c825d114ca851d86449f95cfac83953b95658f8e372e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
256KB

MD5
3f3297819cd2b781023bb50471132691

SHA1
206d8863f895adc7cd368b454c86715ba027a688

SHA256
bd2aadbf00196cc0ac2fb4c03e46c10ae55675b44caa9d3419d8f71662841173

SHA512
12749e9126de711f23204455aaf9992e02102cf5261e91c3e9f43016a80b83f72854188baed529c0b1ea0c8d78c031e30b2cd70a532e85fd93d1c509fe7965a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
128KB

MD5
1f7e88f5b8888cb31bff7fe3865ea33d

SHA1
1e867c7cd3d600e1509c8ddeb5d2404045c823e7

SHA256
57f9196e28aef265bf9a88f39b71275b40cab35ac0fe03b2fa0621f96411206e

SHA512
733e5bffa45b1f1d3521d8c4ed862ab0af177f0e42392bd7ef26f3a5cee57f3065a0eb66ece9493178431f1cdb09d2a6b31679fffa69f9c25655f3f341be1885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
57KB

MD5
73b2e4892dcbcfe79f38c7c4a17643a5

SHA1
3b16c2a13717c3a1e4e8672b1d3dd5301d47b0e9

SHA256
d4d7a2118b6539e3934493c2342e016c8a24ca6f108845a968e3b1abab7996e8

SHA512
89ac4827cbcadebe57b76898ba3a8bfc124e9e35ffa10a85149aa32d58df2fed570a7adcc949fdaee67f7e78e02080b053552256b3b48d85e974a2382656b223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
67KB

MD5
0525cb3078833a1b6904e1881af1a0e1

SHA1
2678f71308ddf2ece47834b64f2dd51801028c2f

SHA256
f8b5ad58c25837c2d66b841f1bf88658094fb713efe3127882a606f1e2fe2985

SHA512
812722db9c832d7df7f9b8181c993aed9a62566982810746e2b5c33bcb89a1394361dce8f8da095e69836487abcb408b576cb39a7acedf2c83cca2811d4386b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
256KB

MD5
f61c96a65b60f7e4c018e2850f5a4880

SHA1
f36d693611e6e167e20ad40b143ca01454c0898b

SHA256
74fb5e0934e2b922fffd0d9d91a870d851cf834fae52d6c80fba17dc052dcbf2

SHA512
f87c2170e5c6274f56ee645d441cc793a14426b5f487ca31a3a2722c7ff337ade99cb030be030fbcd92f8d5b00261fce06753ce98a77cecb3665b7a712596a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
19KB

MD5
ea66db1aab3841cfcdee53b86c65a13a

SHA1
d0415dcd0473b4f08ff6ba34bb4da0cf3a7d8836

SHA256
f51605783e3bc97e858892e14d9c4809c8f18b791271e30ab4a9d165da94a2b6

SHA512
a5596f31c311fabb4cb214d6bc43a8b37b2291fe4ffe7e3d94b8b414341ec2264fbcd1ca4e9236a2db551ba009ac380e4264995e70a145e4a4857781bdae9ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
57KB

MD5
278fc5d6d0b9e9f7f389aef2867093ac

SHA1
e11e2584c63e93ad562332a90c7696592ce62fe5

SHA256
15e2ca11243d2da2435cf97e0f9675f0da70f41c20325f0bee67601b861224c3

SHA512
7dcf4d5e51ca350779948e913674cacbc3cd9557e0fcc736fc997fdadf4b8e6fe40c7d203ffb513e858de5fe108b04681795058aa80f16e26bfd213195e1803d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
20KB

MD5
126603dc5cf7f2aaa4f014c6f1b3f22f

SHA1
2dbda64230fc6652c905fd12fc704631a874d8c7

SHA256
e446c1c9ffef5f742051d48ecef519177992c7d77eb14ef781b4076fa1c7dd22

SHA512
d6b8e193b55440fb18bd637b0d40f8cf3a9f0bd61ec4bbec5d8a4bffbba301e283fe8b39c2a34ced9ceef34ead7f8b45c35e4de6494b335ad5c4c358cba521b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
16KB

MD5
eac44f5a1eb95737b7f66eb1172eb3e3

SHA1
8f0f17d7deaf6ca0b52f2fd4caac828d04dae49f

SHA256
c7f25f19c1a25ea2818da24a0f0d8fc1604e351c01a278df620ce94e68185fff

SHA512
ca59e0f946c86b4b4bda1e61d64f3bf2a8367080b6c9f55a89fee6c01d8d55b52195a2575081b5112ebe03958792d3f66cae17ecdd9ffb36fd99c33c43ca626a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
24KB

MD5
0b11138d6edbf73c26cb77e74f47e6b6

SHA1
a0b1e404f768a7309ff742379024751152b1f5bd

SHA256
89726d43d9efa8a719ffc118b138a490d9058919a1f5cbf8ef212888e2bddd59

SHA512
c739f8fa5d614b62df60d1579be298ce9ad85fecc0f933cc42085a9feca4a77117c0160cef790660e720e9fa4bb513a0340c17e5a7b1c9bd03659d463b1fb36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
17KB

MD5
edff2a505ddbcf57d72bcd16ed0d84b4

SHA1
edaa2dde0ada20c983a3df59f15b8653e1c3c3bf

SHA256
230249c55b3085bde5eab2fadddcd9a77e7995fcec2ef059e5e9dc2c99e1e61f

SHA512
17cb71705f68767728ce7f9faec1c88872886f73c5f9a936da5bf1dc4614c03675d64913029da1c4b4d3129c1a099cea015273a397f83127cee1fccc0e782c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093

Filesize
366KB

MD5
e6940bda64389c1fa2ae8e1727abe131

SHA1
1568647e5acd7835321d847024df3ffdf629e547

SHA256
eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699

SHA512
91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ab

Filesize
162KB

MD5
6968d5f0bf5b856485241a3e4790347b

SHA1
9c2a34d0057146e8e41929f433ee7dfce4d2eccf

SHA256
86c84798864f17cd9d7b3ad5b08114ad219b482f97531f84974e789bc9a113ae

SHA512
36afacb0e54c805ce0a014bba8755e2cd7a9981391305d94c8c98a9a851235b1a22819a12352819c5fe96ebb59c884757ff8cc46fb8da190cf1fc9e508405077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e1

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
9ff5cc1ead86121a6d285f120267555c

SHA1
9ba070d6178669147926fa01f6fd61b10a5752da

SHA256
13a740c6c5ce9008f66c9fd9c05ca57d45c7320878ef165585a2d8263f6d6ab6

SHA512
4271f616ce39c9f05245461d8f410e6ec0f0e1ecbf990a1c514b79b694138f04774b023bf568162fbc834a188ac303ab92902fa8ed097957ba1e58a274598069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
00e8812c6f019985fcc81442ed144756

SHA1
3bb1377b51c531e7812cf354e499da46adbdd937

SHA256
36c21b0107a3fe073a26519c28f2353f8531021ae8903e8503ebc041c82fe491

SHA512
a3daae5c93ca01571e0a08a5c8b83ba98b0a126094241d11b621406fcd339dace5167da0438d58bab3e24eeb6ae9dae1e9c5c5aa38dea76ff77bbdc4807484f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
5b5121023f88c2046148a7c9bde69e6a

SHA1
5b74d4f77390ff780367f307ca4505c6955c1a9e

SHA256
2f67da1218be95b1cbc94059588aaf369854bbe72dddb3feaa2ba6b39a2eef08

SHA512
c7e00a8bddc5d214ec7ffd2242f08c05b7dc84966420c6303046cfa4f0029fb0ebbb3e872bf9705f0f80452866c2c70e133e839154dd1a32aac0160a3c78a7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe589fd5.TMP

Filesize
3KB

MD5
87066ed264e38aa551b1e7b46fbfe1d0

SHA1
2a623da88152a985f626cbac544bac7e4167c640

SHA256
90172ddd115395962ea9e36788e9802e596763bcb42ea6e18eaff7d89968deee

SHA512
443f34083b3b59e111be961325ac32493b3c1dda756e92fc44efdcad9e5e2ea235d66fae988c2d9003363add818c4fceb5c2aa1241a3f990b605dcdb3fb87510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
48ab488ff261aac8a26c6e1ed8ee6a54

SHA1
e7c004cb20d4e40726054c4ce8be49779d3b41a6

SHA256
70b5fa95fe1d2ff4af7639ed74d5c145203a447ca33c4b180631aeb140515ef3

SHA512
cda974e25a2ee47101a307531691a04ebb2b28dc3844b28205ad1ff1d1f26dc3f8f95e9cb4f07103ae25ee0d7954c4e049a86e215c373b14fc19ac0a7989c85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
5e1d84b471357e8c800909b356b1eac2

SHA1
ee63c119bb827e1948be4b384d80e59ac486d150

SHA256
6b2c25d814fb5b8ec794ba2814e5b716826e0268ac8678432968bb6991ae4b75

SHA512
4575af8331fb0a8c23390d5f36e9a8f23dc4bf76dbc01a16b1bc6849a636d87bf36f5c4277604fca7f3d839698c354d78fd106a8ef72eedaee8c9a8069f30902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
22KB

MD5
439350ba22e8a5c99c111bf3c94e4f87

SHA1
4b32e34015c9f5b96359b654d6335c7cd97cc381

SHA256
6b3849e87fe47b6a4e2010f5e4b9a05e6a6bf0a49c5fecc546a5530f82fba4f2

SHA512
dc4cdb26cb605bfb28be319618da47148e212433c7853d396ca092cc4a5ba26ffb110cda1ab7b7beef5a48cd8323ab8b92b8ba47c54ef7436d585ea3ed8c9898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
bf4fa4257b51d1d2f2d13831c7f40655

SHA1
2f21d27de7c13d5d5861025b8a2129e3ab77720d

SHA256
397ded62adbd49b61f15536194a9dce645e6eceeb5250842307dd5a8744e3273

SHA512
95e42f229f7f8bafd5679c1bcdb64c27c61f5f489735d20645520d12d047888fb453d3455abd77b3e24548fb0bff6e1aa9aa5583dd1da0ec4ca5a589ef4c6564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
b063739e1db7ba3d2cf5b39ea64986a2

SHA1
ca7546ee7f47c1c72cd8c1644ab79d0f7cec36b6

SHA256
cf26fdb97314b98c8fb23d065154f10fe6f2b6be55652555626ee8298471dd67

SHA512
ea7ea0f5852cc7ce99bc6fdf102d24199bd2cb9bc6885a5b7b5404254328669701b95e190a0d4b2617df6eb1780b5de2efdd99e90b998651c23c1ee1fa5b18ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1f66e48e9534fd1b30e457d401462426

SHA1
25a1ad367a7e4e11ee84d246c3bf49acc9854ba6

SHA256
08125a5005e5a08b36eec62a6225126655dff3bd605288c48c1f124a473529c4

SHA512
e2473bd6d52d16f88c0d6f114225d21ae1d0793256aa4007f2b0e21b4a8ef2cd0d10083776fa7ed9668177520ffd16ddb5274b78f1e4f0b5dbebea188db0fef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
5c61ed1068c74d6c62338914fb234682

SHA1
aceaaf9e87026e09764107253b5d9ae6521d712e

SHA256
111026c2c7e11ebe5b3c6550dd1f6c06a462cd4383a10f16bc70180b49440ef3

SHA512
3c5d6056d1bd63e45106cd0c3acbb01863d51bdc79d8ea250f581d36bdf77e86537db9301a2d05a93c2c0637edf53eefa3d027352570623b361337ad7b1e5d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a8bf2b1d2257d52cd5c0db1b47f75906

SHA1
b0bbb3be0fc2e4d52bcae4a59cebcd50dc6041e4

SHA256
4bd00f3b973c60a11db3d1b6fed94a857f465969204dfd669b91042641a7cee2

SHA512
9fb0b46e29078b787c75a06b4d3830c5ef8fcacf9e49d9c74ab8654da8aa3eaec875f64fad5832bca977d38a15ff9d38448f1f6968440de80e6cd62e703c8f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
08eefe62a1000b4cb30f4f7d34fa821d

SHA1
de7edb1d7dd813c90ccfc2a100b4fbe1f2f661ad

SHA256
2b0f777778bc58a525e6e58f56cc50c5d7b730d443dedd16fcfb97ca9eaf6293

SHA512
86e45920101c29f8a48e1aebcd2dfe7374a4e42c6e16f780ce6ef2eafe3529f006ec042fe3b94506f1995e2fe8d30e1aaceadb794ae52d6467b0571f75e5ef3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
2b0816826590ec89e7e0da95bdf8b09c

SHA1
1b02512ab27e6e82e5dd081eb3a82981520d0ab4

SHA256
de26e15cb8b90d31486a3463de229388ef7bad347fe80e4167161f4cc18a17e5

SHA512
c1e8c76854662fb9b04a80923c52a619b0b0151a3b5f8f0f256361fc498573157707978b4ae85e9a9a429752d1522d1dab45f48d28c9c0808f573496577ff446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
6fbc29d2f86c745502850b93e3e79a9f

SHA1
dd50eeb0d0de5d15cac4b1349d82a35211f0d7a3

SHA256
36be9ceda749a29f28467d038a3eda4c49200f543898d3b6c12c8f454bbd6362

SHA512
67804960a72f977a06117f45cce46f85233a5c33058f814e4acbb23c0cf33bef1e916d412d2e9a125269e856002f922d386a1c7efa70f3728f10ed505350d569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
28e5fe3364c15826b4b896fd6eb71ce8

SHA1
a08b7c516d12a31e0f8800ff663aa2df242952d7

SHA256
44a207cfc625c6ccc33de767db2f2c0be8e87dba79c31f216e0d173b4a4ba164

SHA512
aeefdf9743e31bec8057836633bec491040bec167353a067d72c144c344f7e0181ded3103f80fc56938b2b96ecda289098abd40485ea78fc77bb212c5816600c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
675c8fd8dce36c50d3f513e9ea679720

SHA1
fc8de1eee4a1e56dbc2bc127a825c11c5fee6fd6

SHA256
ea04fc9e2a1e085452fe6c61f0cad658414246c22884199cfa24ab05bf7f77ce

SHA512
7b3b837df588e71f8c0777fcf1ef97bcd76ac52b0cff68dc1f0b139f95b0345a7073d6fac4e0be400a58deceb078bb0e6fab3b973874f84e0d557d07ec0e07e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
d22115187d02cec0d9243622c96d6299

SHA1
472362d279f8567e4dac429fdb87640e3943304b

SHA256
d1d518e239138ece051a2ad1b2b1d09a6114b5aad9b436852235bded78bfbf34

SHA512
19b1c93b30b2dc3f5f29a336ae8ba7e7155101fb5a39e2efd4684647beb2f929d1243c23f4f4f4b5a729dfcee9eb7c776dacb6ef70dfa481162ba737974fd5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
4bd06c86aa2c887f28cb68db46506a3f

SHA1
8eb9eccce3cced1eec4275a7eee11d9d8cfb9993

SHA256
015cd238e27b77b42c8db6a4112db2cae59c858813b20f22ae849c0bb3e1f676

SHA512
faf30e41e23ed5fba56e513a0a42384922e43ef26fc5f4afbb829edd9184e54e7455fd41e49317ab3bf3cbcc78ee772785b7a17b207be76972d3982c1eb46feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d8fde125b47833ce7ff7ff6aad711365

SHA1
fcfdc76e8d1dfc36a90eed894e69a064629c5c20

SHA256
119d555a0c398266e6ab2809a8c391a0952b1a6ecbd25228d20717a24715d5db

SHA512
116f5e40fe162cb4f997df0d3a0925681b592e6b91f3ad070f83c21bf7c9efff3cb523051e312e83137912d161dca3ef2d0aaadaf38949e78775a55659ac4cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\ee91b116cc2005be_0

Filesize
57KB

MD5
9a195c7015972bc47e3f2a8d2eef287d

SHA1
8a588f35f30ea886cf4600c4ad88609e8181a2a8

SHA256
e51825acae3959773396a8acd49f1540bdecf02a19ba2ce24fd249164cfad298

SHA512
12f2ad687130cc507e241c852f7db6f3bdfff72dd41499630d25938752e43e6c07bb53fee0c3f050d21299a9c25055b72a762e3b97afaf8a2d90e8cb684dd0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
a2a927d6da7de58bcf9134795e3bb9ab

SHA1
3b6eff9e14d98430b5b3bc6937f7cc721e1843a2

SHA256
559626a8a55205642f42bc8ab35d70b00118ea909d85142888db2b0c7f679124

SHA512
e4d7987b588396e7dd3037c3d84677e5cfadb0c3e03b4ce980f53a9c734913c33eedd9c53d161b6714d60cdd77235872f29e7f1c66f965cb02a9a4356d87e61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
eb210427f9ebba0608fa0a6d4deee559

SHA1
a0ac58864084d4ce802ecf5365039087592d61ac

SHA256
e0a549487d7f4dd90f20b5c30b78df6669b797128e6e7c9c05293784d2075c8a

SHA512
9ed150c72911934478fb5b4c0efe7eaf416c16814d20121b0087602dd53f53e0fc8c0a3c73352d9fd56621d4d6150bba05ef21ad23b2b6897175cbafe02a1572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
d11436df35a9167a5b340633c8c8ac40

SHA1
7a3954345e8cd7f49ae91addb008e164f3ceed46

SHA256
995f5021bf6f59e50aae79cceb60f024490c9c0a010c07c441b4c42b6373bc0f

SHA512
e78ab4147fc23e7b42ce23b57d8428737478d2b0ff127ea47f6f0c9c5aaa62a0f972770a74489db5949071b3c61a6626ddc3a599a739fdfc0cf37aa6a14476bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37f3dfc2-b6ca-4fb9-9cab-a71ec9f4cb2e\index-dir\the-real-index

Filesize
72B

MD5
d28d34e5b1fb6b9e2c4261e0bc55709f

SHA1
3ca60fac440727d7ac9df16fe980e98c3a2ef6e4

SHA256
acbabf4189ae6c02e8efa4a2cecfdfb55ef372cfeeb05b518aa2211fa42e13cc

SHA512
c036c36d05608902721296b23354e53cfdddeee02ce2caf7b970c82edd354a495073eb0af0d1bdae15bdda7f468fdff862db67a75b787bbe599c6873e638251e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
1KB

MD5
cb048f9660dac754e91fbe18392c2f33

SHA1
eb6d3b602e05ebac3f3a90d07378645ca10687f1

SHA256
3981d82676dd09edcf85d3d1f2c8954b460d8885ed08ee350fa1cbf369f31858

SHA512
de3626d6e33fc23ac0a0c9423e04260d566d463e689310e4b69f1b72737e30591a3ef7c75d44e4c3b7fa07d92a61526c5fe3bafeb99fc4ad6d6036d949300e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

Filesize
2KB

MD5
4518912557c14768f2aeb12a5fc9456d

SHA1
3833f08bc4b320fe4ea218cf082670421789ff7b

SHA256
f46e76944aec6a525d65fc01f610c30f592acbecb176de69a3e297ee313e0d26

SHA512
4827a25c3d831c5fa0b9f7686be0789840908ce67e39e261faf4e46548d7f20aa9b2fcca0d4e76ba837c47181c7ca2e7e46c0f276702e038e8c558dc52bdedb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe57c479.TMP

Filesize
1KB

MD5
3aa78b73721cfdc4a724a0d9fa76b645

SHA1
0c38cf79c73e3ad17b043597bea601c461083bf7

SHA256
52f80a3a4dde7e8b8ec16491f807db6c59c5972a15163d23ace26c4673ab5870

SHA512
fbb586053db77cd9747b3c30be67f4ec632fac549cfb5b99f32f7536fc9b340fd1736be8497da945a67718030320fe7bcd9cc8c7e3a8424a4f554ebea007ebc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\76c5dae5-ea2b-4994-abc3-da625d744cc1\index-dir\the-real-index

Filesize
72B

MD5
9d8d5ad1d83702a773273850df506b94

SHA1
d930a4f266ad34fe4855e5784cb08098e1cdebb2

SHA256
26f68ac56f94cd768f38fbebf738c73ffac51106d8b3b26c39526e14eef883b1

SHA512
0224dd80e7c8af7514c911b70788ed756b9e1705ab57f034b501e9ad564df9d0c209659ccf57b53a2b39cd681f230395a274f16e988338e9467bea8095fdfc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\76c5dae5-ea2b-4994-abc3-da625d744cc1\index-dir\the-real-index

Filesize
96B

MD5
a346a22427b80354d41b37c8cbe7d126

SHA1
8435b9e705e8fe2922ba1ebb92e898e29e900207

SHA256
478f2035299c7c2fb2430d26e84404ef1d01c383543daa377b59359ed3e4722b

SHA512
cdf1f5633e8fc1496ef5276f080d86d13040a44f0755f793d3763051589336b1dd6fea061626d08f28e9ccc03d3e16fe45e877f24526e40e7d5b3cc8f6c28dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\76c5dae5-ea2b-4994-abc3-da625d744cc1\index-dir\the-real-index~RFe588865.TMP

Filesize
48B

MD5
5d6502baf6b9ce833e68fb8f4ee0817b

SHA1
c692b812fd995122f0442acae86ce6c4c6614948

SHA256
57c9722cca0576194750cf86ff09719b8dcdadb07e5ae82e17e936b8860725e4

SHA512
0ecb6f49c459801bad2fc98cf22977ed1e5601c2e98b6cda1ba944e44702722c4d264588f840708dec70c7af9b76490ef4211a46c666c6702097369b411d6afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bf936319-5ab0-4855-8a64-d24824610382\index-dir\the-real-index

Filesize
72B

MD5
2ce7e037b7cfdad34adf2064498d6e98

SHA1
97c7f5d75431e64ae6a38d33c1c8486d03445ce6

SHA256
cdc44e1f4ebf9eead4d87046ada15d74274b5c2626783b975903db203505dae1

SHA512
5087de6b5f4f3bec4d206894aae2dada9ab706fa7889c282e5c2eee566dc5d437829a37f64d0bc64574792a47ecaf92207c9000dc22542b7d5a4314e5e8fa2e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bf936319-5ab0-4855-8a64-d24824610382\index-dir\the-real-index

Filesize
72B

MD5
a90dbb823eb4a4f7e43a5ff517381337

SHA1
9d065a294a65b95afd88b46823d75e67e3ad6e6e

SHA256
bc287057a94bc778047de44e78b2aeb03cb7beee329318dd1eeeda9d2679d7ab

SHA512
8842dd70030fd2379e58d97338fe19fe8c33daf5bdc8248b794dfb2c0eda3f509cfe6e615668f0b23b28a8df48994e8f3ddcbd64e8801870602c1cd142e38306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
4f06cff9c8a8ad566d140ff9a21ae54a

SHA1
cdc41c59292ae6e7f0f98b97022f3778525a9a7b

SHA256
2392cea19ebf4ba350664778f1705c26d81bbea54019dbe1e2441ebbe6933dd1

SHA512
00827f9eb11175153108a60020b988352e14fc454720cae69a8469041d7ebec71b824de653145d5125c642fde496a12b58c88eca376cd21c7d2950cb84461cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
1153319129e34f867b1dfeb7703d5084

SHA1
3d993fd7cf1924ca76356b6d55030ca6d6f0eaeb

SHA256
8c98314a609deb30280285e9e9fa694bc26762b823a6dcb2c05e9fd9fcfaebdd

SHA512
72e9dc3f5eebd220761bb88318c7281afa8012b9df5129d65e489e6b3191052ee6fb100d87cceda5ed4bae88693f44a0515d3b25b74e55f486272176c8b77c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
81fce19a0a15affc0c53aeb2a0afb62e

SHA1
e3eefdd9bb1639fe30bf30196874ffe8f3b0807c

SHA256
a2cb50840636c2034db848435a9d218369fca63bf88b3907d9c8a5200d56a8bf

SHA512
3bed1fcd17a88cf1f970e505cce3043495a36f7f61b109104a4ab0f72c455a33ea01690fbf7dc35d6c3e14fe54d52d7eb64528c430de3f3b7f7c11bd000dc756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
044cbcd6a0254687db89d94c861a6d62

SHA1
7cbfbb5608e847a1526db6e6e88b2567607de4d5

SHA256
cd2909dc140596a1525c7710da96b86154070144b6f68cc75fa15b20913ba289

SHA512
35381ed7f1d0176ed0a9083e25dc4be919245c785706d1fc2836914eba0cb417b6d11bc13694d49bf50c856e377a23198b08407fcf96e5577c2047837ea44ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
50ed01a33cb2819001c840f7573cf58a

SHA1
347520a61a2e09276fccafa6c655cd361c8c9458

SHA256
3cdd4e5ba3069555f5afcf4f547955b46211e012a5f72b0476630bc03fde93c1

SHA512
85332903eac52439d45035bb03ffb1d2cbf9d31b551534a895deb32c39d3f48f8a6cadd47474b729ca56023e628a9c5b98ef8f63a69d742623745fb40a8df91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9db4481febca30904996f05ef311b4af

SHA1
f6225104ff2433d31620c6d71d860cbfcc8b31b5

SHA256
8fd665196f25064abd171894558fc60193cda71aa9fbfc3d6e4e6c57e097103f

SHA512
073a937231ac697abf69a8f0ae5166a2bc9e0f007cfcd12b4c9978e9e09fffd7bbfb5b7f85e1d4bdad6aebbb46c97137098974da8b07e33f5e64c21e1a412a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581bc0.TMP

Filesize
48B

MD5
975206600c7c3ac73cee02bb80bf32a2

SHA1
b000fb3df189940aab536277234cb6723f3a8e22

SHA256
0c0f077d85269e6d39d0f268192242041dbcabf2ab3dd213285ff939788ad83f

SHA512
ff5bb3410253a424c5c93006015a14f2d41f81183b08deb49a718b0325949bfdd064470f703e0033c20c62e120d29c872771d6eb6234e5e01b8f9cd4e6eeafac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1849351fac4d3c9e5553ef5e3a8e76fe

SHA1
5f0a49bac072b1bd6014cb798842bc630c6f80c5

SHA256
94b8a2fde38ccb5f71402ef5e52f5f101d075d540fc3c08f54c55edc4f1aef81

SHA512
f2146a61b6ff7d91dd9f52e8ff6161f885691f409f61e57896bbafec8904e28cdf2a8d12b2d65ae3b88817f0d94a487eb9267b04fc346f44e87dbaecf937e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
da4f1fdd7670b9e5b5994f85b33c7a92

SHA1
569328322a124c24e14f20b98a538e445b223092

SHA256
67a8eaf6021222c7968f737e14ba78167c0b8098bc6702ad35f534aaf1eefcac

SHA512
2345b208e7df348cc81f8d4584bd60636d3ba866a7143d122efaaf633de9633de0918ae82cc3819cb0f5f490b8a80cbbf81b5b1ae1f3c2dee602b3337413f4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bbfce314-9cd5-445d-be48-a16855972623.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\3d58224a-ce3d-4fa8-9462-750940b8a397.tmp

Filesize
23KB

MD5
83029ce468ccbde4ccce6add89e896d3

SHA1
a194a4fbd546b8272160864b5c45bfe63cd0c192

SHA256
9c48a762dd7662984fc14de157f31405939ece7f1674259f9f8bb4c808cb1782

SHA512
95cafcaeafd7d7850cb020c2d3e41a0507da368dc669958feb6a711c94aa8a2e709255d95bd450bf31f75f82bc1ea498755019ef4056c4a966bbcd90a9abd6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
654442b20579e8fc287fbbd783b6e6d7

SHA1
2945e068b0b4694d419955fb2c556e596e2a334e

SHA256
85e162cc083c94ec1cc7d93d868a2ae9ba4b20c50e0329bc06785a282400ada9

SHA512
405dd80793a7a3ac8927adf37802162db0d788a8c5031a70573ec34be5143864ff2e72fd7de2283e26b5e40e7728ff1ea95e7a5bbb11b3f28e75b38cfaffd754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
23f005e5aea16a4aef4aaea626d60664

SHA1
96df78b075890920732ce0939e1eda84b19b2ed8

SHA256
97790f48df50b487d2c62d3b1098292e1b3b1b03ddf6073195027a24c9706308

SHA512
bc3a78223a5243e1552599394819aba995d934e7d22e6af794dba6b03253df264a94da95861234cdb57d76cf7293364e7484a3e19d2553e964671430754b751d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
f91a32fe087460ff1af1d34e20f3b849

SHA1
6e0cc3b09192f983747b88c6b85686dfa95cdeb4

SHA256
a93dc2625909357552572a2943659358af77a267b9b034001ab944471d4f6089

SHA512
a044456ac3f106457cdd14b7400b4c396e2aee9e82abd04e12ad3fb143664acb5016bba38a9885d8c689527fe704c0b32babf7812fe42b6941fd57f8df18b426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d28275c15de6388ec28f595e413be944

SHA1
5ed3b8d2b044e49d53338b916d22f24b891317a0

SHA256
c234a95d303e33c0b8a9c7ba18a7110459f7e73d44f82e22301ece2f4bfa0534

SHA512
c55699f2115948ca7e561872b75bd683ed91617dd28e7f83ce3c41cc58692e481270f2968a3623c81c9b847829cd5f158cd17d597bdae5cff0b467b3f007be83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
efb8c7e57c4393dab45dc4baad703900

SHA1
8bfe8fe338b3fec1ce9acd6d2f0c50f2400f7e74

SHA256
fc1c4530bc816f818bed47117b2ea27127e24f1d0382f39791e15a7eb4842def

SHA512
b42c994660460ef165eaaad10093d0e5f862d4ce6b5610d76d40f0fd171eae5a97b33a1adcba96b34ad36ace0f370f7ae914eeb9597ba9f1dce5528365982b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
68858154ba829d1285fd99637e7fcca6

SHA1
22aa8c5829f836f7e801dc7dfccf976c7964de92

SHA256
1e17c54eca341860e94567fa466fb2e6897a61072f202fb9ecd754eb11775989

SHA512
c3b5403d3ae155bbb9aa9d3eaa13f3df03bcd365bfd4522eec7eaf600983c8c327b785d72835d7669dbf7891b129bd5d0f6f0b1938ba0907d683b30a583268c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
5f571c47f99c3193df1f852d8935fc75

SHA1
daebabe3cbf31ef96328a575aa48ed6bf630e6b2

SHA256
3ba993a5361990c3ea8093f1614eb462aa3a8bfe022147a7bb1e9074352eaac5

SHA512
aa0ff10da56ed604f3f26999013ef26f307aeeabf34a95a72f08f6f31c28f1e8b23cd1b220464599b7a23a0f00ee58ed754ea3121330905c3431f5acfed8131d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
ad9d3b2d39bc0e6b9c7d685350c9e12b

SHA1
081844e3aedd9a058b16436e4bb46fcbb6568eba

SHA256
2ccc175c9cc2b6a6ab979629e4bd4dff6129109ca9e8e77c637e02ee2e9ae5c9

SHA512
f53aaa96e5d79f83855fd523bc6c480ea7026c242a3f62439a7012f216553c4ee32ebf85be34a7f18ee6bd16f7ce1a89b36c30063ad5ebd76553b747e8bc3c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
e94e5898a569f96bf5f2956d097f130b

SHA1
45c94f7e334b9a906fdd11d066785e6a3a8e9560

SHA256
6e242e35be492d9414ffeeac0c36491193b22749584b14478b7ff8678fe799f8

SHA512
25adb6869c3f45bbf4eed3fa592fa9dbc80060695ab9ac5b418c691f0d89b6d7bbefa33965df2449925a281dbd3da407babbeed342fae5a270c9beadbaa8fe53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a882b7cfa5e3b2ca610c4feb43d8b47a

SHA1
2bc60d48b20d56bcaf2c08aaa9ff555fd7ea8135

SHA256
834738cd2227a7bc683f2c73fe08cef1b883bb6e61361d3362c5c4c437ca81da

SHA512
7af16c7274aad3cb20e042275819e1d4a9fc60ff94855bf76389b42affa7be10fd8e617a2594f3717125e9f19da3c3d4996747ed1e81a699d5929a01c5808254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
bcd7fc1d7f60a9a3aa55e358690de16a

SHA1
1fd0a6bade663e4f23aa1592fbae49ae22615336

SHA256
19a8f6418d1e9d85417a09818d400ba037dde02e85cd12af4415e193ec3b5c19

SHA512
41486a15c858ca92545677f7eaba8a57e727939b348d1463806c82a811933db966b4180100cfcac15ad97ef83c921f30dd404a6c84b3ce65f9140200c50ebb04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
9f6ee94d32d287f5cee13acf8b550e3b

SHA1
6a2488433d194d87b6a6bad2f7093f8f186646e0

SHA256
e14f853a6e5ab6c14b5dd8d6b8c9911355c6929b4a7efcd96661a6314b8e2e41

SHA512
711a38ccb202b4f7d7becf3f1661d50e8955761bf0e2afa4d1f0ee73b271ca9e98536a887b352d79652ba4d4bab01b315f58a77d83cf0129456bcaccfe960b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
aa5325c7090152c09f9edcabd839ac8f

SHA1
7c01bbd62798d796194f9cb8e9ae3bda2c947750

SHA256
2174b090430c296af1120d6f2e12574ac8020e3d1e1f65cd7a27868fdab875b9

SHA512
3758c68b221dd44e8cefa836703f7f07e96cdc75423249ac19f29ecc2e04412031c4811cb0f64e551944a321188eb15b0361d5f0b28ad3f331b841d40dbee7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
12a64bc455d69d25e4035a9a32f10cb7

SHA1
e10ad0160efe7ab550cb213e5b2e058b608c3cf0

SHA256
dbd34bdd2d6e39c717f082d5d5473d5d5a850451157422ef5e3653c24c3587cf

SHA512
09d3be09173dfd49493f1d557b6d880b5368f91a15c580396a55dec93fed288690c65efcae53706c8714399263cf72aa5bb90e37647455cb0f233d72a57dc51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe582edb.TMP

Filesize
392B

MD5
6a846adab0d1e2a439ba7c13ee557295

SHA1
2712a0d44fb34ebdedbfc1fddcc0726488998e98

SHA256
6871b6e7d81dd0faaf98d2bef10323fbf284fdda31d935f22ce5f33c384bc2ea

SHA512
a6af8ba4747ae72011a8f376b66694383f679ec5f3b02d4135f33df9bb1c8dff885eefcdaa0ba28bef9c607b22f1bb46c8d78f53bb47a43668993572d36eb253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cf62034a45e57111eedf0a2d66f6aaf3

SHA1
0402af3b1b626f773b5135fdd14fb329171bf323

SHA256
43ed6a1eb4056dc99881b5dfd676401de531d368e2a4a343582eaacee60ac996

SHA512
35ecf55cb5eab4514476bb8502d4e83da6927a2ab0b25e0fc3e81f80bd445a1bd3c5526bf4de62469baee9271b9853526b90ddaf2b1d683684c9b9c3f5db0492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.26.1\typosquatting_list.pb

Filesize
628KB

MD5
7c411ccffc2c011ba155c4bae74c9217

SHA1
6e0f96399bea0c45b188caf7c11b2549a2bbb551

SHA256
71529860ca9874c1b29017b1b4846986d14f51f9f60dcbd8c7af7559cc0e0ac8

SHA512
cbeba7735948e9565f4d7ee462366693a6915758486c5d7a84a4d6eaf0bcac948f579e91d883e1d6ffa27268acd10db86f02d7f9111837c757349e8cfa8fc0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
49896367556e6f6d5c8259bec8535ebb

SHA1
d7bb66e5c5fe75ea29c2240f0b29ad41596c5f9a

SHA256
6ebc6b5e92b33b31f229d5852741c0512f09ee6340650fe49a538424501e899d

SHA512
d256b20003c5751c35c768b715c87756938747e4ebab812497a04bc6757d1c73512d69e42e8e1e8f5371d88e46da68e24b391ea81364ab42c5ca39851687dd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8A662809\MrsMajor 3.0.exe

Filesize
381KB

MD5
35a27d088cd5be278629fae37d464182

SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.exe.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
memory/2764-3332-0x0000000000F60000-0x0000000000F8A000-memory.dmp

Filesize
168KB

Download
memory/2764-3340-0x000000001E5F0000-0x000000001EB18000-memory.dmp

Filesize
5.2MB

Download
memory/2764-3338-0x00007FFF4C260000-0x00007FFF4C3AE000-memory.dmp

Filesize
1.3MB

Download
memory/2764-3339-0x000000001DEF0000-0x000000001E0B2000-memory.dmp

Filesize
1.8MB

Download