orcus | hxxps://gofile[.]io/d/hesHLk

Analysis

max time kernel
899s
max time network
900s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/hesHLk

Score

10^/10

orcus discovery rat spyware stealer

Malware Config

Extracted

Family

orcus

213.209.143.58:2095

Mutex

ea1f88a1fa7148ce8a8fded64e180068

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%programfiles%\Nirsoft\svchost.exe
reconnect_delay
10000
registry_keyname
Realtek Audio Driver
taskscheduler_taskname
Realtek Audio Driver
watchdog_path
AppData\hotdog.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x00070000000243a0-512.dat	family_orcus

Orcurs Rat Executable 2 IoCs

resource	yara_rule
behavioral1/files/0x00070000000243a0-512.dat	orcus
behavioral1/memory/5368-533-0x0000000000B50000-0x0000000000C3C000-memory.dmp	orcus

Downloads MZ/PE file 1 IoCs

flow	pid	Process
122	1456	msedge.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	fiz.exe
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	svchost.exe
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	hotdog.exe

Executes dropped EXE 20 IoCs

pid	Process
3192	fiz.exe
5368	fiz.exe
5680	WindowsInput.exe
5616	WindowsInput.exe
5548	svchost.exe
5364	svchost.exe
4816	hotdog.exe
4144	hotdog.exe
2832	fiz.exe
5212	fiz.exe
2112	fiz.exe
5912	fiz.exe
4060	fiz.exe
4544	fiz.exe
1812	fiz.exe
5336	fiz.exe
5048	fiz.exe
2708	fiz.exe
3100	svchost.exe
2072	svchost.exe

Loads dropped DLL 20 IoCs

pid	Process
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5056	msedge.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
109	api.gofile.io
77	api.gofile.io
78	api.gofile.io
82	api.gofile.io
99	api.gofile.io

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsInput.exe	fiz.exe
File created	C:\Windows\SysWOW64\WindowsInput.exe.config	fiz.exe
File created	C:\Windows\SysWOW64\WindowsInput.InstallState	WindowsInput.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-hub\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification-shared\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_92476158\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\el\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\manifest.webapp.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\wallet.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_92476158\_platform_specific\win_x64\widevinecdm.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-tokenized-card\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\wallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification-shared\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-shared-components\da\strings.json	msedge.exe
File opened for modification	C:\Program Files (x86)\Nirsoft\svchost.exe	fiz.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-hub\el\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\wallet-webui-925.baa79171a74ad52b0a67.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-tokenized-card\sv\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\wallet\super_coupon.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1899485672\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\bnpl\bnpl.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files (x86)\Nirsoft\svchost.exe	fiz.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1899485672\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\bnpl\bnpl.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-tokenized-card\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1799283661\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\pl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping736_411068770\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\Mini-Wallet\miniwallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\wallet-webui-101.079f5d74a18127cd9d6a.chunk.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-ec\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-mobile-hub\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification-shared\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-tokenized-card\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\Wallet-Checkout\app-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4972_1295166273\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-notification-shared\zh-Hant\strings.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hotdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hotdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fiz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876429320295273"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{D896F6A1-61C5-41F4-B991-37BCFD94425E}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{CD62A079-9661-4DAD-8740-1F2396878357}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{DBF64E79-55B7-4F04-8BBC-62AB28FD3F60}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5368	fiz.exe
5368	fiz.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
5548	svchost.exe
4144	hotdog.exe
4144	hotdog.exe
4144	hotdog.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe
4144	hotdog.exe
5548	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5548	svchost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5368	fiz.exe
Token: SeDebugPrivilege	5548	svchost.exe
Token: SeDebugPrivilege	4816	hotdog.exe
Token: SeDebugPrivilege	4144	hotdog.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
5548	svchost.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
5548	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5548	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 6028	4972	msedge.exe	85
PID 4972 wrote to memory of 6028	4972	msedge.exe	85
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 1456	4972	msedge.exe	86
PID 4972 wrote to memory of 1456	4972	msedge.exe	86
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4012	4972	msedge.exe	87
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88
PID 4972 wrote to memory of 4632	4972	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/hesHLk
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x258,0x7ffc8860f208,0x7ffc8860f214,0x7ffc8860f220
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2008,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=2988 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2020,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=3024 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5024,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5404,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3788,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5488,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6700,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,3382427475113567888,4485763099591062589,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:1872
- C:\Users\Admin\Downloads\fiz.exe
  "C:\Users\Admin\Downloads\fiz.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5368
- - C:\Windows\SysWOW64\WindowsInput.exe
    "C:\Windows\SysWOW64\WindowsInput.exe" --install
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:5680
- - C:\Program Files (x86)\Nirsoft\svchost.exe
    "C:\Program Files (x86)\Nirsoft\svchost.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5548
  - - C:\Users\Admin\AppData\Roaming\hotdog.exe
      "C:\Users\Admin\AppData\Roaming\hotdog.exe" /launchSelfAndExit "C:\Program Files (x86)\Nirsoft\svchost.exe" 5548 /protectFile
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:4816
    - - C:\Users\Admin\AppData\Roaming\hotdog.exe
        
        "C:\Users\Admin\AppData\Roaming\hotdog.exe" /watchProcess "C:\Program Files (x86)\Nirsoft\svchost.exe" 5548 "/protectFile"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4144
- C:\Users\Admin\Downloads\fiz.exe
  "C:\Users\Admin\Downloads\fiz.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffc8860f208,0x7ffc8860f214,0x7ffc8860f220
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:3912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:8
    3⤵
    PID:1332
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4220,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4220,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3000,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:8
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4600,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:8
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1636,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:8
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4828,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4832,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:1
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
    3⤵
    PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=4724,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:5420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6440,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
    3⤵
    PID:5296
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5212
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2112
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5912
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2832
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4060
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4544
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1812
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5336
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5048
- - C:\Users\Admin\Downloads\fiz.exe
    "C:\Users\Admin\Downloads\fiz.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:8
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:8
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:8
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6292,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:8
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:8
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6116,i,6407543898434807513,381544782101596077,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffc8860f208,0x7ffc8860f214,0x7ffc8860f220
      4⤵
      PID:4028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      PID:3872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
      4⤵
      PID:3512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8
      4⤵
      PID:3892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4028,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
      4⤵
      PID:5224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4028,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
      4⤵
      PID:4068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
      4⤵
      PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4580,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:1
      4⤵
      PID:444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4776,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5440,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:3832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
      4⤵
      PID:3192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4264,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=136,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:8
      4⤵
      PID:3424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2088,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
      4⤵
      PID:2344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8
      4⤵
      PID:4748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4516,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8
      4⤵
      PID:3528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5776,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=3136 /prefetch:8
      4⤵
      PID:848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8
      4⤵
      PID:1920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
      4⤵
      PID:5588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4464,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=3136 /prefetch:8
      4⤵
      PID:1728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2692,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:8
      4⤵
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3212,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8
      4⤵
      PID:460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:8
      4⤵
      PID:1568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:8
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,14657526812611557241,16973808040543629394,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:8
      4⤵
      PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5440

C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe"
1⤵
- Executes dropped EXE
PID:5616

C:\Program Files (x86)\Nirsoft\svchost.exe
"C:\Program Files (x86)\Nirsoft\svchost.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch
  2⤵
  PID:5212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4928

C:\Program Files (x86)\Nirsoft\svchost.exe
"C:\Program Files (x86)\Nirsoft\svchost.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3100

C:\Program Files (x86)\Nirsoft\svchost.exe
"C:\Program Files (x86)\Nirsoft\svchost.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1087907166\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1263340502\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1799283661\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_1899485672\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_467027715\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_607897174\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_636482290\_metadata\verified_contents.json

Filesize
1KB

MD5
68e6b5733e04ab7bf19699a84d8abbc2

SHA1
1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

SHA256
f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

SHA512
9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_636482290\manifest.fingerprint

Filesize
66B

MD5
8294c363a7eb84b4fc2faa7f8608d584

SHA1
00df15e2d5167f81c86bca8930d749ebe2716f55

SHA256
c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

SHA512
22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_636482290\sets.json

Filesize
9KB

MD5
eea4913a6625beb838b3e4e79999b627

SHA1
1b4966850f1b117041407413b70bfa925fd83703

SHA256
20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

SHA512
31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_656214095\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_757212428\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_815454369\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_92476158\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5056_941455726\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping736_1997960971\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping736_1997960971\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping736_411068770\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping736_411068770\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping736_653482306\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiz.exe.log

Filesize
3KB

MD5
6b5444c638f20366d9a53986c6017813

SHA1
9cc5ea2c7599d5f9adf04608f316a5bd785b2194

SHA256
e572835c974163c70cdbbf8f3ce23ca19646b73d500c8767ea957db13435006a

SHA512
79cde4aebebd658988586f4185ccaf494f872417b47be5b1381be01b6bb60a35a8327d7ee5efe8921aeec0d5b080c9c4c45e3917f96b741a07deb73aea99e7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b3607049da2a494013ac244be66afa64

SHA1
a7f44af6b91cf0c93e8be313abf397dd070269ab

SHA256
68cb39c643a89b5717664b43ef2053c73278e5919130804fb0420289c9ce6fa2

SHA512
08f2e4063a45e2a6affa2e36222c2e3fd672c52f062cde82e7d7c7c4a841dc35f034a402b6c76fb3bef24beffe846282e683f67e3f99ba8ead2d83c3a23f5f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
138d8a87cb306f86459d17fa991c5843

SHA1
3cf2380fe1ba7547b11e8a4c3ee3bff27d23d355

SHA256
7d98177f9b5fee9c6f21bbfeb4c9842ad5c8255f0d9523ce57679429323ca7bb

SHA512
8e1f7cc58390c1bbd8222da680830716555316bd95a2ede00ca8ba11c3de9dea609e5c28dbca172985db80d07846ca10ec5030a87869071c71122e1838e590d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
3d1966635aed9aedd1c5075fccfa4344

SHA1
9e84fe097b8d35cd22f41500bb9388e3db5584f3

SHA256
554cbe3ca4eba2273e32f5f0118dd2ae9428040bb2394062c502c481f446aeb0

SHA512
53913a1b39b09780161ec6be5fc970401f82597153a6d7d9e2b9fd790c805b14f4133a270e49693c3002c6fd1cc18a96d4d01bca184adc28abbc86d096ce09bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
c017e8fb4d94abf943ec78ab5a7541d5

SHA1
8dcc5aaea0a12fd0020d42344861edeb5740a86b

SHA256
b1be34aabd810851fbe7415993c9d235f7bbb1dc48ac6cfb556635937729266d

SHA512
44b473584f23765c4aedea1b5954f319c21b653c3d2cf3e5bd48038324ad63f9eb25a1e958b1e5234ecaea85c1c151ec7167bb2c76b817dd603b4d3f5621d989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
52892c4826cf4597169fb1f75641d4b1

SHA1
f460fa32e5c359e2a95523e021a79b1e6fc5655a

SHA256
853ac9b241cdbc66dd1a41144ec7609a931daddf60321a9e1a377b7e71745954

SHA512
69b598367437b64718e12f7edb34a543d70f619d746b82a94989096a2c5b71255992aca4f035c2e85b9c2e89c2a1bbae21e0d9250bddad25be40dcdb4002cce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5ebc34655178e6e931ede4aa0d6e7f71

SHA1
2cd92cfe21e66421505c324e518c2504fcdcfea4

SHA256
dd2a0e35d29151c35d5beca3b28e7f2d514e8aebe7789584a4e94d4d381c0c88

SHA512
80f20ed828fa1d4e4aecc672a04258bea8d16c6c282132e7567376b6aa4924928d6ee888afbc4baadd945f8729229025188f51c91289471ce908f85df85c2bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f11f4d40e12d8e471035e76b8c223764

SHA1
8e6b8ec9348867e8d954563130999b0edab98515

SHA256
930eacf4db57ca2b1ab50dfe51389d7f09280fc1bb5da76ff1a8354741c003c6

SHA512
6da77b41de67966ef560b71c7e4077c3abf092e9bc10d0e41e4d8d14271cf3b573240a3a8c9e3d3576d3305b702e71b991ef89f616869811b73d657c8a408447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
cb1dd094fb1e3feed21a5770c60ab333

SHA1
97306e0eb784dc4dc4c6a719c2b580e9b167b8a7

SHA256
b57222318016fbf0b6cc4d926e531902b0e941815a44e9cd48493d62c87bd19d

SHA512
b75f4856637625c246ab7225cecad0f1d6729c68ab1bf13080f1695a2ce2344a308793974cec6eb112d911aada05d0d945801b0e70c351d2104f15a836ad28f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
400bd3dcb2d727fee111e3e5b81a0845

SHA1
61efca89cac7ca88169b87827e481e5074535c53

SHA256
413994ba2dbe2871f21005147b0aa2ea72b3f120c534e543a308b56182f1fefa

SHA512
3c8dba108121bca4e0f271b93c4aaa70c45f6b8a958b0a398e1c4908c481b47ac2f8d089f54213467c358a43203adbf127ec7ac120a090d2e523ed1ac6735160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
26KB

MD5
3db01f3289b7517e321aac642a91c7f3

SHA1
4d54518f6f94dbe3e4e0cd7cc0d13698272d197f

SHA256
45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1

SHA512
69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
74KB

MD5
6eb12835d362dbc711c5d68b7f8b824c

SHA1
9d419feab94ca0d8e3c60ec1172eb56ebe5684b6

SHA256
4d62c2581f8d869f0e7c62a48d7790fcd01f1ee6d5b811759703609c18d1605d

SHA512
b9115b5aa227feb408c9397dfa0c9480f7d637fbb161b5e8d53bfcf44ba00a7af50e92f0c40a157e14864571da1a13afb3c68dbbb464753051c7b7c34fe995a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
115KB

MD5
715d593456fa02fe72a008a72398f5be

SHA1
e948290773216dc1b50c2121314a8cf918c22b54

SHA256
c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e

SHA512
1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
f5e8b4eb24f3f2eb0fed53bdec28f456

SHA1
52be0298117a2e0094429016f3330b7b427bd440

SHA256
6359eec07af9f803824a8030aba8bc351975676d7edef23b1e959b791e067de0

SHA512
ad2d100bb9e71d2cad813fbddd80574252d0ddcdca2011344a3156d4bb81ee88725717bac18e396eb3c73d55ce87b0403d4f79882442fa8d60b7c19b18208762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d7819f3f67cf28525294b2ad16e438d3

SHA1
7a01a9b8fc6b0d0c930d286361f40d33a7fa7ca9

SHA256
08063655f5b8eb8399cebfdd0302ec473249e772309eec7e9460c2b206173b74

SHA512
d92246a3dfc8c92d78ca52087072f08d71a375154a0b643d889c8094e9875e0b92f9d176a5c94ce47feb4cfec06c3be180bd9283a2d74a03577a9ad6a6d8a43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5591e6e05fec937c20a3343341b3b9fc

SHA1
e38c93443799192e0f56bef9c90401c4cfbd3e3e

SHA256
cae5a8ed243cb984b2165623cf42c4a430d5cb4b82af507d9d7381d109d0aa69

SHA512
8accf894ccb95cef6c2eea42d0886adfa6c4f0a0ce1238ab87940e95d7c72ea6b1c00937310bbbe3d7570d69cef0ff472ea1b5556ae12d1d4c2a00475e28163c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f54d.TMP

Filesize
3KB

MD5
e4a6ab5df213515f1dbe8ef546135f1a

SHA1
4838af248f0a4f4ed96e996320f863e5c7fb4a5b

SHA256
2354ad85a3a83c700faf34c150bdbe3591e8470c61fc82dce6171a67a007666f

SHA512
a22e4384a524d6393ae478f2a2723804a33781dcd266da0744a7c292a9bd05d0f8d3f1c636edb3d9cba1d500140ecb6d5985095b5eb91c2f5a122b6e048cddb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
aba2871551a7ce138e19b89bc7a2c82e

SHA1
deb02c0d3f0a5e298d4e9716b830e4f928b80293

SHA256
a3d309194db7f2a59e6187850b1ebc63ff0309f427f6d0d013382f49967db28e

SHA512
83f7d7212403da08487f57d1c84b77c145a3957d34f80576e52f9fa73e936bc595d965c45ea5cb61406d4c045480a66024ceb4248fb9af266e5fb0f1cee5c28d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
c6ba4945843befe6394417a7c9cf5db3

SHA1
b891435ebb07e150e9ac32c7ba681bb0c1902314

SHA256
91c672d455c59505e76a809a3953f2be037beedff501f02a85fc62c26ce167f0

SHA512
6289dbe3777fc1f097f3eea7f093ed744ab52016e5ccf415d529f956bfbc563a50f3dd8929f62d45b820854fb5506e9f4703a483b0e3f8daa1d73f01e0269dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
32KB

MD5
4958ff6bbac6901d8ebb665ea140a705

SHA1
e0320b7eccd0a92dc79897ddc50a1366ae1d65a2

SHA256
5915aa1443228e15178f5c8867356e3e4bb8e65d47ba4f994dc51c46d350ee8b

SHA512
525d2d5d79d05ae9faccaedbeebb198a25aa7dc9629cbf0d5da219425f3f473b8f05a3dbe4039788aeb6f4539735acc7ed881df1df833587388a0e5cadd93eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
efaa149b904e6647b5c813a0fab69bde

SHA1
c45bf177fe50db116e6d4215f22dcf9a5f04fc16

SHA256
5a089569a2094142772986bcd615cd12035e6c2d34171e845927c209c72211da

SHA512
4b0f33b9510a7d2bcc8d123e7f83effbbaa09fdce1152ab053dcc26118936b3c731e3c29d826fe15418eefb5236726ae00b1764efc6f373324de6f0aed930e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2d17be002bf57961ada6ce3fd8bcc957

SHA1
1492e31c9747edd9e30c4b98e5215262dc8966f3

SHA256
28af7f5267b6168cc076fa49a31e76c7c819ed52af8da0ae27548e2565983344

SHA512
085aa549dccfb114e8e250589c46cba29b82a68ce3661bf445d559023a672c96beeb76678ee9fa2b8302d9506d4121ebed7ff3d1ea78a4fe7aeca84a59c6b6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7dc76c427c7325668c860917edbaf853

SHA1
17b3ea65a59c26207adeec1c141d2154da6ad3a8

SHA256
3a024ca5d31e29413709f77971f7a777e1d8e1c5cc08a9d5ede459b7479a134b

SHA512
08e47211f5e751c264716801c5558ef99de330d154ef136c6c74eae67c823d2706b0f4f388d71947c48ed27994985583bf7e88d12174f772d23ba234a53c98ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6ac74a388a503e00c967842c25c3244d

SHA1
ce6daba97e3ffc30db0ac5d0232fe4fd4a501495

SHA256
88b47dce98ccd83b6b3ed56b06d978b88c44ff24739e4233638481299f3f870c

SHA512
6fce0b7eee62b70537e326d02a34f8f13c7dceae4cbf2e44fd3d21162e62b721bf0d3e00179fd21475ea968dc6bb454ac30b34c158bdb9a029c394b5de0b952a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
90f0a420c0d7f73909a705f508f6533f

SHA1
d4e964efa5bd978cfe9565a974c402709b1b4e59

SHA256
95e91c54d82ec0014c1d98ba5b5f9074e550d4403c11eb98886fb11cee4466ec

SHA512
fdf7672b03825d7721b65d17e6f0e364d57737e97286d87282b9a790304b3ef33293faf9c62784b1980dd3ed4e5b6a960b569518a0b21d073b4a9fa06d2ba255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4b95f9f6027d094bbe13ca3f65527423

SHA1
c360ed9e175786a2d5e52d822dee6ff3eb4ef182

SHA256
cf9b66a132c818c5eec89d62cdbcb9ee98c3f124ae19ca988e8ebb133c6384ea

SHA512
be8b045ad994b7ee6438da22e170793a0ea25aeae8717f5c2ca711a7917d9ea425fb450deb00e736138f9a499d0dae23fd1b60659c53b3bf4dbc43d0b27c485f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f370714689c257fa4f6d3517fae43458

SHA1
3414fa929bc526e52edff251abab88785ba419ae

SHA256
f55379040428b913890c4eecc884a3eda868be034cca8d79f3dc9d6e60f17035

SHA512
54dd0ee0a7cb77ab1155e70500e9159c9b1069f190f540abfda174cee1f754ac5e5892aaf2f3d8d846d661f7fcf257c98e7f0c1dcc7b10dd425c163040c0a15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
516B

MD5
1921c226ded3d0271823968aa2658e9e

SHA1
8d7adba4a4cd974f7b72b9eb279cfe0e631bfafa

SHA256
4eb5b07a60b71ae7305051b097af3bec39f0a576d47fa03df7a49fae713c0b3a

SHA512
b045741c9c67199d6d8e50228c2d78dd5d6f4f720f0558c21738712d278ea254b4b83941273fddaeeb1c99fa26ebb392d978606cb5cec0beea480fe442f52e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
448ca97a9d6a03e5b6dcb63dea05df40

SHA1
41aeb10eb1e467c964fa6a9a84ad0ebfe5cfc749

SHA256
9d17f8a7ef7478124454ab272f9711719a8707288611d5aecf2ae95e97bdbaff

SHA512
5704cf1e5fce03b654091b36e1dba2f60e8707b9d975c0e4f1a9909f0054e766c962aaa0deec4a0a071f88baf8da7c089e6e7582c52fbf1c04215a0f3eab70ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
157f2ecad3ebbf233bdfc64ccb25242f

SHA1
08d942201940fdecd547c1a38b5387009ad95469

SHA256
0ca5cff277e9fd762a1611ac6696b8cee7e5003cd80eecb1b0974105a4a51565

SHA512
654b0c1147b803c682f76960762045536647657808316170f77d6a8be59eb3c176d1537a74bbc23ffb7dbc437053c88d8dbe5702ba5de3c65014295dcec78406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
b074d24f7b88ff9c06548f086d1ebc8e

SHA1
7ae4ab95d79b1157b56db1730fe407ae17a70b63

SHA256
94d4a60319834c15bcc78194f50ab0a0621a90882b33ce831f965d5c7556bf54

SHA512
4ac5124590ec0f4d21cc627f02a80610cce01b0cabe07c938da2651d67323ae4e74dba639f4624ae8a960714eb3baea0d0a517d72dc9ccce418d029d83bd1e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
f4fe5bea8b253c6400827156cb916731

SHA1
5b4ddb458ac1d2162283f18e4502bb3a659d2575

SHA256
789bb4d50ec6b6af21e7f2656423ce17402841e674b6d0855b2f75b1abeacb51

SHA512
9a58bd165b49a14a8cc0430a96d352dcc8f39d5c22084e10d9f5fc8bf7fd47aa8b6e3883668828c2643104c106d9acefffee8ee4e4fe5a0f5b0fbfa94d3e13fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5799c66918f4a76cfd2d5458ba00c76d

SHA1
0bb0515a1e3829f2dd8511722f67f86e49273f3c

SHA256
10f6a5c61d6b023652f125ea8dbe7e1b1d0d55c4c98b71f183f553cef98874d8

SHA512
7f9ac54a1d83073cf34bb5daa34fadae50a06648aa650dde989c4b974a3641d3cdfa25023acd972c6a98605fcda219582848a4d16110a25bc4409f2df0fcb308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d8bd7280aeba6a69092c258295678701

SHA1
e5092fae1a2979489ae65e79767479a570579fb4

SHA256
7e09a9d8be5b64d6a355280ae836972156eb08a202c75b42d5acf8ceb27b6c7a

SHA512
68bb869f3ccc1ea1f96d6e259f178e23d9e88fc559856bd3f5dd90227464889f69bd0670d49b4edbbc5bdc4035145e146f3afa3e85eb6b726f2546c3217b00df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index

Filesize
72B

MD5
fe64d3ec04cb7f2e173c37ff110a4264

SHA1
3a0084108b2b260edb9bfc79503a5a407a6d20f6

SHA256
902c40dedc5c985ac4887f8e782fb045a1fba550c1ba09ab7d52794d2f2cfe59

SHA512
95dc4180804e432a15eba20e8b2c238254a16e57cbfa0a247c3e873edffb6c5eaf5fe6b6052df8a34a9683bc87581cad2a2f6360f7652683d87e8a5e4e6a5c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index~RFe594c9f.TMP

Filesize
72B

MD5
270597d1c460cd6c46d63b2cbdb14b3e

SHA1
84ba44cc5122ad85057567c1f41dc556e6b909a6

SHA256
7e619d2c70928f87e6211d4336efe610ac4e5be1925e2bf9f4d88ded89b7d1bf

SHA512
61b4c4f81951826de4337d987150555a54fb4d21169a6c1d151b3403abb31b4bb85caebe0e4ef489dc9b0c7246bf6c2c0a99320a703ef7212e726fe27169447c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
a437f298576ccd34e8fbd2b3b588a117

SHA1
573db79a54e867a6a423c185f6813ca8117bb884

SHA256
19c1a9367efbcadfbe93c8c0ce8bd1c9ff413a49a823d1fc603c1d116b9a253d

SHA512
0e2c1c0d0d067840c380888f488db88e098fb7c49487c1ee9cdac976ddff16c973bf8e0cdd3bb53b20c1da97649934ea14964b4450bd7ed1f6fbf6ba587b104c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe595f3d.TMP

Filesize
2KB

MD5
fbae8c98cd84775beb0b32a24629c025

SHA1
8b9347a5349e1c7a9f2885c127bdbe126a242936

SHA256
7f65ab9e54af6232e429950cfbcb9baa7fb4a720549e5fba02cdca2b69d1f94b

SHA512
b5a0650d54a99d9a9af9cf9992d0c2a7c3b90d8ae2a1b03219b9b4ab9367d1f5805d94b008cc96c0dad07ce8f0dbf622f980076e1fa974aac9bbbce08b3c1b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d15eb774-054f-4d7f-91c1-d5bc15b8e1fe\index-dir\the-real-index

Filesize
72B

MD5
18eeb33ab44936a7e2562ca5343a24e4

SHA1
c298fd38825f8951ee467ba8df6fd6482315426f

SHA256
479b0d3b57b59b870b015f82af123a41cfe94cd3b431c976b92d857a7a4671fd

SHA512
501b878bfea0eee97ddabe223c3650c6e05ae64085ac557b6b8683d923e26d12d8fd31a650e53ae49250700561f2109891a0dc76a31faad520f963947c46c13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d15eb774-054f-4d7f-91c1-d5bc15b8e1fe\index-dir\the-real-index

Filesize
96B

MD5
4cf8b4cde031e35b3109545f52b7c049

SHA1
eddb788fdea70324db3ed20b8cf7ed898cfeee19

SHA256
c8a3d4e171d991bdad372e7d7986ab9ea731e190e0e01588d1eaa1fbae3099ba

SHA512
b5a083a245cb2b9b59ffd25a222c123911b5815e18566eb69e24695d81e48f892d6a2a28a59c1b963a96b5dac42de6e140b11fb9286c3640eb613253485b1984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d15eb774-054f-4d7f-91c1-d5bc15b8e1fe\index-dir\the-real-index~RFe594a5d.TMP

Filesize
48B

MD5
d51cdb109936a37dd7c4f27997eed43c

SHA1
2970746366205a335e3c3facb0c5ac809b2dc760

SHA256
5b0686d07dac95b1cae25f1085629cb6b41740b1348ce5a6be5e2380a3c9a1e4

SHA512
89e49e42993805eb45572dd1da306e7c55d9303ba07ff58a27ff48b2c4445172a9daa54f134a83bfd3a0f6e2de6ab5a860f85b16ea9e83b3a83939affa6f7c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
30be45399ca7612f8315f652ae24d251

SHA1
7e229d8e8c34caff71b21da7753d601a77a31f54

SHA256
0215e78618360e5c213f3321fa54435f5e3c2e9197fac32006d21fe2bfaf9206

SHA512
09f4c717d3565e97dd7e0623d37c04050507b0d46cc74ffb04e0b2bb3502df3e8dff21bb6ee1eebcef4763332444d0948d439ecad74dcc5b812f68ef94d5c1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
6faae172aaa1d44922e763942d31374b

SHA1
a97b0f43219775625dc678053a5f5dc1b04a42f1

SHA256
dd200fadd8a94e0ef31e0b2301daed9c1ca12a3db846c803cd5801cfa59c106e

SHA512
52700b4da1491dca56c545e7d25cdf6eed7c83a29e19abcbe09d1fc6d07917639b412c7bfd45a420d8d16988a772a7d762e3a3e0c38875bab06b3770cb97f60e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
8e5b2ef5d3cdb5329e1e30df88726867

SHA1
30669b3b952b852b9898ba9b2407d8058d076def

SHA256
f49db2e1ed0d77e1d802f1e20fe92e8f63066dc0a33a17f0d7e69a2947395229

SHA512
ac1349303623b4a3f8f0e8232a793ccde9b7879aa004e76ae934455a6fa60db1f98a948f6f70e670707d9efb95d8d64b8cc01b76615bc420dcb048675ad46061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
d4438897824546ad071d8b0a2b16d7f8

SHA1
d16b1780731ca81f1bb0ff551eb89bd0e23a1786

SHA256
373bafc9743b0247849c524d236bbc7fc27967e580c0464f3eeeaa5cb4c9013c

SHA512
81e89970c8dc545feab026283be6df05a1c7b66793e070d4d68f4e8dadaa4ef50ab1fc261a852552001a46d7b0ad30da2339e33b52df934a9e9dccaea635a302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
eac7c13e49ddea7bf0d375e20832f491

SHA1
1991bb5a0094c507965977b31eb59b33cab57d5a

SHA256
56ff70e96894479cfc4640a02f6fd655e52793a98f053ebdfc7da94bfe3e73d4

SHA512
0c598990103c942a11ea77805d98103335add95661b8d5a5212e1dbb8d0dcba7dbb9346a2969654da51b453431bdc9ea9eb3d76a3ac5da8af5a3455e012400b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
585e2e03bc3cb99358a60bdb71b23993

SHA1
f00f8dfa1a58bc75069cb3134953b95c3be14f09

SHA256
9a85ee2d3a340ea5db77b1c0b100bdb8ddee500d001d60bcc892ec5eb02f6137

SHA512
30d1fcbe8be2c945fbfb1af3442c7b488bc6c8f5d519f1bb6ece646fa94adceeb2327e6bd5c010e836ff3af6bad7c869592f6ef138219516a37be9ef24e864f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
08032a132fd91f32c84ca4accf2b7ce6

SHA1
00e4bd1d7fd1831a264955eca31679829590f524

SHA256
fad2b28ac7c627f52cd98bd147a43d99e1e60dbeb32fa0dc67acb0f67666d7c1

SHA512
43575d6bceb17c8eff7b98f539f3a6f297ebe9a73b337f0c813a471cba09d25fb2e964d3dcf95860e1eda1bfe9f8304d64a0d1deb34a7639cf186c6bd36d1de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595b07.TMP

Filesize
72B

MD5
89492eacc1f3b9a41c2cfc714e656109

SHA1
10b694b306c76f800ce760aa9f901e8ff8df61c2

SHA256
7d63da35607e8060f38b5c21cfa29efa788f16e9e8289e2fda720848968104cc

SHA512
f62a99d583a89d6614da902ecc1fded6cd059a5ac0713777e78dd2124c8db69b5d7cef4ff6add26e34e6965b0cb72fae7e34bb30707dfaf9f4504508ee017aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
26232f0b63a43c7f7c5e8b61ccd559c9

SHA1
905d8199bba7a888461a8d11dc04e04fe47fe995

SHA256
6e422c2b540f8cff3bc9931995f487cc53a031ffc0339abbc6f21865fcbd5e6f

SHA512
9c9f81f1a6f8d56f296c8d3367061a3d5c9e6177341db41355688ee31487e640b43969a193575cbbe9cc5fe1b08f59da0a89d5d390d52c0eb09400ab5855d108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ee120987d34c76473518c913b8451d92

SHA1
6c24f29041fe40a9aa2b0d9b318ce8b5e7d73ac9

SHA256
4d57fa559287650b44fb47ae1bf739c0bd40453373bb58209c381abd8984c84b

SHA512
4f58bf498f864365ce43acf345071b9b2853e792deb149f5b2ecbd39841a69e4558c0107c66e9311174aaf667513dbfd7a4d7904bf553d360a5a0484fd38cb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
d36741dfb6518f3b56fae3331eceb0d5

SHA1
9b369463413d6401a70f6a9109a582e6f1a5ad70

SHA256
76b54524d825d21094884897a9526e0f1b4d2d72c16e73f8ff0dc1e5531aac6c

SHA512
a20db33ef9bd2a27ff270325e8828007755e83f71b12c2b0dd4905e76fe9e552a43e6aadbb8498dddb6687858f6d3ec26bd3f30d832807cbe7671e5b0d6bfa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
9cf32125b9b2acbfcf3b99a32cf73145

SHA1
8c25344401239d137d0828d9cf38e0c137557d9f

SHA256
38505ca9dc65ad0e2aae80de364d717f36e018b6369a0fb2763a90598fc12403

SHA512
e288bea1c70425fd94a0881b1df8faf33f8d27bb34fc46955fc72cef77453d798ffd76e051742a43d6ef7ea6b562a023b96a050f8cf19b930bad3dd45437325f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e0223a1def12fb7654a8394bd0f07162

SHA1
a8c2c3737fcd4860a48eee1e547949328caed56f

SHA256
7faee014c7de1da5b63a6013946317f628fa5e9716a02a8c09cbe34026d02feb

SHA512
3d657de4ec8a8f159e6549ea97ce5af26f75bf4c7e2a064ee5e7483b7deacb14866bd63255f27d18dac6c7172254506bb10c6f4414ab914819b07c24e10e6ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b72cb471-44e5-4c2f-89d8-99195b88fb09.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
a840909e142dbd6d45062c34638b6376

SHA1
8277405f29c31398d835d3a8d557f20930dcd481

SHA256
5c827bf840f1a83f688cb2870cb2f07405dc7df948eb713f4337c6517de9620e

SHA512
b17b7e016765637f089071ed157417dd9ddfd725fd17c315d4c952ae113268e4b6bc8f9fda1296a2667fedb202e3e3a1c352fc21e9cbcca54234726291ef5260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
c68e39e8f14a9eb21bc1f7e539f622cf

SHA1
226f2a3bcdf428991315f513dee2bae31a867869

SHA256
4866b95f1fbf24016e55ee146db5f1887a8a142b4eeba9fc02687e99538738e8

SHA512
77056a46947a0bd24580de5724f139b7b2f27b96c9ae3d4d5d9d5640fbe4806baa81eb19e6d71b9b3c039b004f94ecec0d1749527b6916b2085db5eab0062617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
03da3a379eea73d838cc25e7776a4778

SHA1
8476efbed1058a0bff36fa8172ffaf84aba80534

SHA256
10af37de9abdbb72e2e2e43f7f28b63b31ff90d0aa67830402a6c9c06a1f1662

SHA512
0deb280a0628b1e0c05fda6a9790d46535680544038999d76aff3bc907aa417fa4bf14780ff76e6fbca9ef8e5fcfb73a5d32c07d2c552d00e6867310a7d8c07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
4da4a86170b47a495081eef9ed979c1d

SHA1
a1fb962195b1be132a52fcae40cbd04bfc13b330

SHA256
6ebd3a893f5a047045fc100558a4b777ac8fc5330f08be5da2c9a42173307ffa

SHA512
c33ae4a00c2cee55f4d14c84d8f7c67f913c7da2efe87b595a066a4e2c02fe053c8cbde539effb4224d70bb83a9ba62a9e603b2a8763bd03f403fe31ed64de95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
c7fd47e2a07c1c95870a0d726c529730

SHA1
98788ecf8cdd48e69fc9e2ec30df1e992462ee24

SHA256
e9764fa704637a5fb688b3d07131abc9a9d17805ea6dbe573143c7ba50890978

SHA512
1b790d1eda8a6b7d91c419127fe558f80a42cd81056b943c9023fcb7b072db72e69fef693b81a8f99596d1c0a7b1f849fd2f61e5f048cbb6960451e1ad0544c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
275668e4783e8caed3dd2811c4c1775d

SHA1
471fe9bac696d788bdf3b88ad8c9333e7fd0d34a

SHA256
6c21206df6554c1aaf60be47b8f786c7f1e724f59b9eae869c6a640c0cd42630

SHA512
079a6c99b81d109ea0d6f3cff463706209ece6af1c57eed4196a3361ebe149509d8873f1992c4637a81d7f67da35b64443f0e7c63bc741d352acd88a0d78968e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
39bcf84a5e01ce0cff89033725f67fed

SHA1
30b18fde0aeaf40648d4db51099f970908d69489

SHA256
3497c8fdeda6dd72dcc89221f766fb3fb96542cefc5f8d79f70c0207214e2caf

SHA512
5884c99ceba99a6f61679625f0160626c01c669b09209d6f58b3651ef6153f9392d61493e4565b3816265a987c81fdd7bea75f9883d74c31d3443e21c61ce593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
df881a8eae0808456af54e9bce0c2e62

SHA1
0bb0d4b66a5c92227609bee4c94e4957246631b8

SHA256
4c24c0387423fc797a1a41230c2bafdf6ec3a7f177cad620f805b625eaecebd3

SHA512
e35c69e88cbd24a61d8b1397f7706c04ef55f9b9af0ded1edbf074aba4163c4cc9ac36d8caeeaa6d7ef9771e73fa6d67339c072c9fb3155d2e0e7354bf0d9b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
a2ec5bbb91aab2eb534dc247ce4ca473

SHA1
cf5f1f7705c074d19d5acf9aacbdd2af1fccce81

SHA256
b60a55669da78acdebe4d2b8d67c4a438077a0b35f34768211bc9fa43b1a32bf

SHA512
4ec653a820ccbfc500d53d7311052a4fda81ac2004bd23270b74709cd38ecf6390fb5d4d93d5b04abd9c03e87a21b79e8b574e37baff1aa28542357974f1ef9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8f55b7b2dd86214d17895b27b7ea4677

SHA1
f5f74109545f04cc8389fc60c8bdeaa3f58cb89b

SHA256
4c4e0f663ac036b087091ddae0ae3a719ec95f4043c0237fbb0da435f3db3749

SHA512
cc0e4a2994a81a8f3ecfab2fa10d772ef9808b49744db73a158a3b020957e118b1ebc845158ceb5bd85247235e750c3b085cafe96f310a0ae99587a46a7d62af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
b186caa96b02214ec6948f3766036ac4

SHA1
d9ea349a6616ec038164015a1a41a725a62563f2

SHA256
1a70874b27c91c28d40a25ff319ba58648cd82c520ecfbd21f8fee79eed98294

SHA512
1b97980175acbceccdbb4406fe692b9a74650b2b4adfe43e1f1b7aab6f7d7a1d7e47c07ee70048933b22711daee9b42ed2c2b88f9b6b892241f9d9213c47e886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
062c0176b44dcc42e9009280d0f94d33

SHA1
5f0311396b8c2c4b59c2e4365ecd4f729a6ea332

SHA256
08455261004eca55b00e5bd69b18a34de24bc3fb3de6bc89eb262b3b9c2dc29c

SHA512
59179c12dfd987e860486bb42c328c88e7fdc3d4081d2917b242c1f121f9970ea4370f6cb4106d53343d3b4eaf52ea12c53abd34140f66c5b57c1788678909d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1b70fda4d55b1d7576bbef24233acd37

SHA1
a7994e15f46b5d9f79c4f7a2091b88da958f2999

SHA256
1ab036a82b29cd605ad3170f996790892d9c0a0027a23cd083365e59e3a72db0

SHA512
1034459759d4c68c24445904c606df54663cbcb6245afe3544d50757314543548cc2eb09625cef6a59c5cb36463b8d669f11ca5bd878f4f76417277b7efbcc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
10a7cdf51a74d07e8dffce5c7ac32054

SHA1
b29d6e89f3fa34633fe94806f83d922304b4de9a

SHA256
02416044db73813e8b5af96246ad0239efc96dcd405340cbf5f274ee50f39679

SHA512
700f8bfb63ad18e179eadd97ad9f5a1e06d696d664ba7794f2011f8c9dce15c8a8b116674d0cd8210ca252cf7af0e66054a4daa369be170683e282a6b7111871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
6d17e3f10159604a8b23dae953f3be01

SHA1
d980be988feaf33068f3b5d88e1d2aec04a3c702

SHA256
b3d5358891f0b8bf760e2c7d80b2b701de1f8282285361a42f1aac8ed7fc7c2b

SHA512
eced6e3a496dbc9db6f9c6472f255a641c6abef9f143a6fc2215d8568af6521fabaf094f5397fe0336ef8d0d0770d8aa2adeb5df04fcf9715691145fa2fe29f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_soaytlek.g0i.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\hotdog.exe

Filesize
9KB

MD5
913967b216326e36a08010fb70f9dba3

SHA1
7b6f8c2eb5b443e03c212b85c2f0edb9c76ad2bf

SHA256
8d880758549220154d2ff4ee578f2b49527c5fb76a07d55237b61e30bcc09e3a

SHA512
c6fcb98d9fd509e9834fc3fba143bd36d41869cc104fbce5354951f0a6756156e34a30796baaa130dd45de3ed96e039ec14716716f6da4569915c7ef2d2b6c33

Download Submit
C:\Users\Admin\Downloads\fiz.exe

Filesize
917KB

MD5
21879687876665cd12d25a9428568463

SHA1
71fecc06e0c6070b1290c1e173df11455a38f131

SHA256
047bc779d007d921cc2f900677a532a9393b99633ace127bb489ac5732c1abc0

SHA512
11e9b536360504960f491d85f3bfdfcef1a2071bf3c79c5b2a857aab6db98ec6be2f7c4a3a75ddcce21a96ada8686301345c6eedb5ead26a8509368f67ac5e77

Download Submit
C:\Windows\SysWOW64\WindowsInput.exe

Filesize
21KB

MD5
e6fcf516d8ed8d0d4427f86e08d0d435

SHA1
c7691731583ab7890086635cb7f3e4c22ca5e409

SHA256
8dbe814359391ed6b0b5b182039008cf1d00964da9fbc4747f46242a95c24337

SHA512
c496cf8e2e222fe1e19051b291e6860f31aae39f54369c1c5e8c9758c4b56e8af904e3e536e743a0a6fdbbf8478afba4baee92e13fc1b3073376ac6bf4a7948e

Download Submit
C:\Windows\SysWOW64\WindowsInput.exe.config

Filesize
357B

MD5
a2b76cea3a59fa9af5ea21ff68139c98

SHA1
35d76475e6a54c168f536e30206578babff58274

SHA256
f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839

SHA512
b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad

Download Submit
memory/3192-537-0x0000000004D50000-0x0000000004DE2000-memory.dmp

Filesize
584KB

Download
memory/3192-536-0x0000000005260000-0x0000000005804000-memory.dmp

Filesize
5.6MB

Download
memory/3192-618-0x0000000004D30000-0x0000000004D42000-memory.dmp

Filesize
72KB

Download
memory/4816-795-0x0000000000BE0000-0x0000000000BE8000-memory.dmp

Filesize
32KB

Download
memory/5368-540-0x0000000006250000-0x0000000006272000-memory.dmp

Filesize
136KB

Download
memory/5368-534-0x0000000003040000-0x000000000304E000-memory.dmp

Filesize
56KB

Download
memory/5368-601-0x0000000009C50000-0x0000000009C64000-memory.dmp

Filesize
80KB

Download
memory/5368-600-0x0000000009C40000-0x0000000009C4E000-memory.dmp

Filesize
56KB

Download
memory/5368-599-0x0000000009C10000-0x0000000009C21000-memory.dmp

Filesize
68KB

Download
memory/5368-533-0x0000000000B50000-0x0000000000C3C000-memory.dmp

Filesize
944KB

Download
memory/5368-598-0x0000000009AB0000-0x0000000009ABA000-memory.dmp

Filesize
40KB

Download
memory/5368-597-0x00000000096E0000-0x0000000009783000-memory.dmp

Filesize
652KB

Download
memory/5368-596-0x00000000096C0000-0x00000000096DE000-memory.dmp

Filesize
120KB

Download
memory/5368-586-0x00000000082B0000-0x00000000082FC000-memory.dmp

Filesize
304KB

Download
memory/5368-585-0x0000000007790000-0x00000000077B2000-memory.dmp

Filesize
136KB

Download
memory/5368-584-0x00000000076F0000-0x0000000007756000-memory.dmp

Filesize
408KB

Download
memory/5368-582-0x0000000007E90000-0x00000000081E4000-memory.dmp

Filesize
3.3MB

Download
memory/5368-581-0x0000000007280000-0x00000000072CA000-memory.dmp

Filesize
296KB

Download
memory/5368-580-0x0000000006AB0000-0x0000000006ACE000-memory.dmp

Filesize
120KB

Download
memory/5368-579-0x0000000006AE0000-0x0000000006B46000-memory.dmp

Filesize
408KB

Download
memory/5368-603-0x000000000A2A0000-0x000000000A2A8000-memory.dmp

Filesize
32KB

Download
memory/5368-578-0x0000000007190000-0x0000000007226000-memory.dmp

Filesize
600KB

Download
memory/5368-602-0x000000000A2B0000-0x000000000A2CA000-memory.dmp

Filesize
104KB

Download
memory/5368-535-0x00000000055D0000-0x000000000562C000-memory.dmp

Filesize
368KB

Download
memory/5368-538-0x00000000056D0000-0x00000000056E2000-memory.dmp

Filesize
72KB

Download
memory/5368-577-0x0000000007810000-0x0000000007E8A000-memory.dmp

Filesize
6.5MB

Download
memory/5368-539-0x0000000005770000-0x0000000005778000-memory.dmp

Filesize
32KB

Download
memory/5368-576-0x0000000006A30000-0x0000000006A66000-memory.dmp

Filesize
216KB

Download
memory/5368-575-0x00000000069D0000-0x00000000069EA000-memory.dmp

Filesize
104KB

Download
memory/5368-565-0x0000000006B60000-0x0000000007188000-memory.dmp

Filesize
6.2MB

Download
memory/5548-621-0x0000000006A30000-0x0000000006A48000-memory.dmp

Filesize
96KB

Download
memory/5548-4013-0x00000000096F0000-0x0000000009734000-memory.dmp

Filesize
272KB

Download
memory/5548-4033-0x000000000D790000-0x000000000D8E4000-memory.dmp

Filesize
1.3MB

Download
memory/5548-1702-0x0000000006EC0000-0x0000000006F46000-memory.dmp

Filesize
536KB

Download
memory/5548-625-0x0000000006BF0000-0x0000000006C00000-memory.dmp

Filesize
64KB

Download
memory/5548-4028-0x0000000007770000-0x0000000007796000-memory.dmp

Filesize
152KB

Download
memory/5548-4023-0x000000000A280000-0x000000000A2DA000-memory.dmp

Filesize
360KB

Download
memory/5548-639-0x0000000009220000-0x000000000926C000-memory.dmp

Filesize
304KB

Download
memory/5548-649-0x0000000009C90000-0x0000000009D33000-memory.dmp

Filesize
652KB

Download
memory/5548-921-0x000000000A430000-0x000000000A53A000-memory.dmp

Filesize
1.0MB

Download
memory/5548-624-0x0000000007160000-0x0000000007322000-memory.dmp

Filesize
1.8MB

Download
memory/5548-623-0x0000000006BD0000-0x0000000006BE8000-memory.dmp

Filesize
96KB

Download
memory/5548-4018-0x0000000009740000-0x000000000978A000-memory.dmp

Filesize
296KB

Download
memory/5548-650-0x000000000A080000-0x000000000A091000-memory.dmp

Filesize
68KB

Download
memory/5548-638-0x0000000008560000-0x00000000088B4000-memory.dmp

Filesize
3.3MB

Download
memory/5548-620-0x00000000063E0000-0x000000000642E000-memory.dmp

Filesize
312KB

Download
memory/5548-2155-0x0000000006290000-0x000000000636A000-memory.dmp

Filesize
872KB

Download
memory/5548-776-0x00000000092F0000-0x00000000092FA000-memory.dmp

Filesize
40KB

Download
memory/5548-918-0x000000000B220000-0x000000000B838000-memory.dmp

Filesize
6.1MB

Download
memory/5548-919-0x0000000007610000-0x0000000007622000-memory.dmp

Filesize
72KB

Download
memory/5548-920-0x000000000A0C0000-0x000000000A0FC000-memory.dmp

Filesize
240KB

Download
memory/5548-4003-0x0000000001950000-0x000000000195C000-memory.dmp

Filesize
48KB

Download
memory/5548-4008-0x0000000006250000-0x0000000006266000-memory.dmp

Filesize
88KB

Download
memory/5548-710-0x000000000A200000-0x000000000A214000-memory.dmp

Filesize
80KB

Download
memory/5616-561-0x0000000019FE0000-0x000000001A0EA000-memory.dmp

Filesize
1.0MB

Download
memory/5680-554-0x0000000000060000-0x000000000006C000-memory.dmp

Filesize
48KB

Download
memory/5680-555-0x00000000020F0000-0x0000000002102000-memory.dmp

Filesize
72KB

Download
memory/5680-556-0x0000000002260000-0x000000000229C000-memory.dmp

Filesize
240KB

Download