xmrig | 295e69eadb3147565b647037960a037c7cffbc8ce8b35a542cf18314473e1c8f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.exe
Size

3.6MB
MD5

1a3d804b889ed5459cd917291d60f885
SHA1

9f3c5bb99b01c003bce23bd397b0d03cca286367
SHA256

295e69eadb3147565b647037960a037c7cffbc8ce8b35a542cf18314473e1c8f
SHA512

039bde1f6c95861c235a1a96e5ca405dc87eeb735d4091b974db9c5b7f5a71a9f25090b848e446e4bb2fba4fb79a5b69f427810506ec4eb621dedeb70ffd7b67
SSDEEP

98304:9jKkrC2tIz1M7Lvq28k3Ijmr7OMzmg1t4jbIn6DTRJBeksb:9jtrCqIzmXqe3IC+8wIn6DTRK1b

Score

10^/10

xmrig discovery miner persistence upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 17 IoCs

miner

resource	yara_rule
behavioral2/memory/5212-5-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/4276-7-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-8-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-9-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-737-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-922-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1274-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1310-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1351-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1354-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1404-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1440-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1441-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1479-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1508-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1522-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig
behavioral2/memory/1244-1552-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	xmrig

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\golagn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\app.exe"	app.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1244-0-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/5212-2-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/4276-3-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/5212-5-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/4276-7-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-8-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-9-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-737-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-922-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1274-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1310-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1351-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1354-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1404-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1440-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1441-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1479-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1508-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1522-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx
behavioral2/memory/1244-1552-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1678538007\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1811781216\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1811781216\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1678538007\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1811781216\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1373917684\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1373917684\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_550673476\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1811781216\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1373917684\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1948_731343940\manifest.fingerprint	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1948_38468200\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5820	4948	WerFault.exe	136

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876598114997585"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{A499B683-D898-4E5B-B159-6F7F09FDD07B}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1164	WINWORD.EXE
1164	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1244	app.exe
1948	msedge.exe
1948	msedge.exe
5240	msedge.exe
5240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1244	app.exe
Token: SeDebugPrivilege	5212	app.exe
Token: SeLockMemoryPrivilege	1244	app.exe
Token: SeLockMemoryPrivilege	1244	app.exe
Token: SeDebugPrivilege	4276	app.exe
Token: SeShutdownPrivilege	4948	wmplayer.exe
Token: SeCreatePagefilePrivilege	4948	wmplayer.exe
Token: SeShutdownPrivilege	3156	unregmp2.exe
Token: SeCreatePagefilePrivilege	3156	unregmp2.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1244	app.exe
1772	msedge.exe
1772	msedge.exe
4948	wmplayer.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE
1164	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4276	2040	cmd.exe	100
PID 2040 wrote to memory of 4276	2040	cmd.exe	100
PID 1772 wrote to memory of 4940	1772	msedge.exe	112
PID 1772 wrote to memory of 4940	1772	msedge.exe	112
PID 1772 wrote to memory of 5936	1772	msedge.exe	113
PID 1772 wrote to memory of 5936	1772	msedge.exe	113
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 2232	1772	msedge.exe	114
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115
PID 1772 wrote to memory of 732	1772	msedge.exe	115

C:\Users\Admin\AppData\Local\Temp\app.exe
"C:\Users\Admin\AppData\Local\Temp\app.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\app.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\app.exe
  C:\Users\Admin\AppData\Local\Temp\app.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4276

C:\Users\Admin\AppData\Local\Temp\app.exe
C:\Users\Admin\AppData\Local\Temp\app.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ff97a5df208,0x7ff97a5df214,0x7ff97a5df220
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,695075631470046226,7614612742226775165,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,695075631470046226,7614612742226775165,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2672,i,695075631470046226,7614612742226775165,262144 --variations-seed-version --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,695075631470046226,7614612742226775165,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,695075631470046226,7614612742226775165,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x240,0x244,0x23c,0x2f4,0x7ff97a5df208,0x7ff97a5df214,0x7ff97a5df220
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3
    3⤵
    PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2308,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
    3⤵
    PID:4344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2436,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=2452 /prefetch:8
    3⤵
    PID:2588
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4136,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
    3⤵
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4136,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4776,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4892,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:1
    3⤵
    PID:672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4760,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:8
    3⤵
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5484,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
    3⤵
    PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
    3⤵
    PID:3452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2896,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=752,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5856,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,7117650983221339160,801954947523584004,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
    3⤵
    PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5816

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4948
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2948
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 2924
  2⤵
  - Program crash
  PID:5820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4948 -ip 4948
1⤵
PID:4652

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\BackupUnblock.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1373917684\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1373917684\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1678538007\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1678538007\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1948_1811781216\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1948_550673476\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b87b293e2a39afc31c7e86f241680bd

SHA1
dfdfd1325a91d0530a24ceeb18c570074bd01840

SHA256
5fcb5ab1f571509a5e76b38ea6d56a316c2153aa6dc281456a47d79939e0df16

SHA512
40a67b0e11fbe36a7749965d3dcf89423f80346dfd6bce15547d796db670574e7f3b50dcc1669acbb92640382d604b287b4f433d99d52333c8dbb988d8092f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c37f9d2c357647fca20f2eaa89c18edd

SHA1
cfd1035ed2d057c317b48546f467209cbbe15f2e

SHA256
2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072

SHA512
3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d17183c84a9d452b0e34dd6bca7eeed1

SHA1
c7a6abdd13ccc7b0617c573f2e7d6dcc8c2f439e

SHA256
080163a3ac091324ce868369aabeb8df48ca6a54147942c62f1c9c0664c7fa5a

SHA512
f68972ebcae609489fa30234211b0635729aff79a324f6968c16a50910ad7a0a6b3119730a1ae94b1c7ef2fa1dad6da8b8b6468459fe011612372ee6727fb39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2ca7e5ba54483ccc9b9e508741416ac4

SHA1
ab749fec7762245762bb3f15c12465cca91013c8

SHA256
b7241f369f3bf944354caff3a424702d37a600ff4f315335ce49c209541ab06e

SHA512
4314780e9c5b9b5a0d1188c234b4b61a534f15c4a19c11e7fe4e67f9a39c505158d84ce96fdd86da10324efd5a5592c1ccac4b8f655a414937f91e112d65efa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
f815129c0ee697fcb0028e6eaec6cffd

SHA1
df09cc8a7fa7399248e4a532bb1d7150622dafd1

SHA256
286e309cc719cb2661960a52dfe15574218f445993eeb923a92c90b15e808241

SHA512
bf948d2a116433d8b2a3b55690ed972daf6de8b3067f1e73d1b468c27567b3d5975267257caa4129c90a613cea6fb6bbf174a50cf161d6d8d521a4fb3cb119ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
0f920c3734d59157d58a09e14e1e658e

SHA1
afc8a3cfa79fb6ed89405794c5866bd04bdf5300

SHA256
d2f9774dd6f71afb5d7fc524ecd7d18048efe0b3c346d258eb189a8bb44e4b82

SHA512
6c86ca1e219c1325e1c727d36d9855710521e589c4c74e709072c39cfe4763066d185afe8a7d82b1de4f875c42ed4008d0ec09b3ccc764f1ab46f4d81fe984c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000059

Filesize
100KB

MD5
80b5b90c4f3c45f46d57b5e1bce1e629

SHA1
367e3928b8c501a0827fd1b56083824932e9dfce

SHA256
f8f5766093e3c09b37b085fe81a7d8307c69b34710794143efe460ae62bafb2b

SHA512
395fe714443f48f04896aaabb79d852a79e6ae948fbdf1678505be724c0efd172043b36feb8716d9882585a47d23746f2dfb1cfbb18149ab9e71310ba0b055e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
110KB

MD5
856a44c7e5f305d914f73151e46348f1

SHA1
ef7198fffde31f348f41c1fce450f7c83f2724d4

SHA256
f576eb2ecc60fe36e8222e836af2b7a7fc0e2f757159e970631eb2e496b0411d

SHA512
c429e91a2cc420bede1768600604b9e3695d0f29640da2880ba9c2cd528fad536b63e40e142c48275b21c3607ea3e5677eee2c2c4332c894ff70687069dafbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
19KB

MD5
3b25fbd9be0594e7d5dd630003ef4194

SHA1
73d1b16b7b95ec2907407f06c3f353497e29a362

SHA256
0ab699ef1483cd423e0880e48701eb0f38d8d250a4f7e63262a5a10e587f6df1

SHA512
137ca7a8f12319721e9ad5a729c14c14cd560abad62366fe47d2742ed30e9dcf5f3a3c1c5607deee579ba9407ce5b5c1c737bc74e07e64dee65e1fc2ab8b0615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
17KB

MD5
a673a4ff37878ab1cb36ed1079a6e033

SHA1
823159a712bccac71c5dbadc14f30b4f3592f424

SHA256
9edbc2b7d4862beb81dfce14ae3ae0cc1df4359c2b535a79c34f4cc5072afa17

SHA512
02f70f2c2441337733ab64539299f1739248bfb43aa4fe00dfcfa558d6b4ee8ebfec28a2146554380f759174d7b4f0d55056bac251a3e870d6fdd211c3c754bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
76KB

MD5
c99f966767a99c2971aaad4890f0d323

SHA1
d6dd4e0199e653bd6663c5203dc3889e9b6c0baa

SHA256
ad5f0de938a628df6b0de66005e92497bb39c09fb8491ea7fc4d5afd600262e2

SHA512
02475dacf307541c4e2801b2e849585d4210990fff97bf5afe9f44f5ee46ae8ba21152295cd8baeeecba3005250d81e7d280007f0b8f57f77247a3e2588b7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
355KB

MD5
aff30f668fcc5e77ccae277ebe85630a

SHA1
ba5669045b09dea57b98e543610c91944147b40e

SHA256
ea374ba20061ce63036eec2df90bac723c6b1ca426dc1bcf3afd0628e1e224d3

SHA512
aff1ae4b21027f3c10d8112275ef785316bd6a259bc2f03832c51560779bfe3ec68f3887f3e689f470e07727d9d506a66877553405db91ec9ed5d248f281548b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
58KB

MD5
5313806e719f4c6fe252b715836cdac2

SHA1
8eb1173f9a7ef0290f096b82b0355ed7e8db3a58

SHA256
8b97b7c3416d2cf305778de38fb6fdfa6715e88fb97589f0fa4853cfa42b572f

SHA512
72346e08d45e6b4b8d4cc5a108e7b9428da4516b060843edb36ffccc068dd471fabaff5fdff6be1efc17257cd4891c4326bb97bee00cae076bc054677943bb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
162KB

MD5
d0b406005e08dd1d6f5a63cd209cb428

SHA1
08b7367ebceff4ba06ade5e13c3574688393ba8d

SHA256
640cd8ec89058168751e135a4ec6587cdd8c8437015aa2f31b74cce7b99f54b5

SHA512
7f3209b51372adb851abfbfba5355667e9ca9ea48dd11dd15ee6a83b3664dac3976e7b16dedf8e0a601de23a4244d4931406f5cb9f513c70a3f9d9a2653e57ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
72KB

MD5
0c24bfb73d5151493376eb1d19031fab

SHA1
a899206d003d703cff22f20464588743d2b618bf

SHA256
3244024bcd81b9acbf69488de4d07f9d6df8ed070990ad1706bc4f510d63e64b

SHA512
b73528b77c5b60a97f79ecd9debc1d49693dd7ab4e1df756afa5c3c455a83bfb2a8686558c0962401594e3f69fe662b8e7830f9a546a3b917d4ee66903bbaa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
128KB

MD5
29e7cfa3e5de55d603a211bc5561e684

SHA1
4f3af2524b97a5f4e5f9d765e9f9f792efc3cb02

SHA256
60ef8879a9fbd2419b58c1f614abb7019dd677ce45ba9f092c14760c8c7dce65

SHA512
175af94d1aaeea119f8b02344a5ae5b1a1abd5328a17b8ec8b9159e6346b00d5ee38bb34a36f67567b80a0c98a59b66a69a7f868057b3f4dd444720287c4285a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
71KB

MD5
8f850aaafc8da0df7f8f0a0b682a934b

SHA1
ef55df2e866abed76fe19b05ceb51c1147a6961f

SHA256
d40ca516a00f4b6ae9937cf0eaa8e1f0c2033aaf783dae3c461d68b8b142bc4e

SHA512
15160500824282d1e829908670dc7405abeb4d571ffdcf94532f55294fce77552c832f27fc14b91141ffd2aa142c441fd8e48df8e43cdbfe9283a043da2460dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
128KB

MD5
d3ad899ef6d314e078caf478e7a2c723

SHA1
cbda8ea1659223493a14d9f2e612e8da8f4690ac

SHA256
7a585b6bc904769860ba80499cd8bbe50f2f75f1db6a831ca6de4a85cc48b84d

SHA512
a8661b8acdc4596487a65bb4731bef9a496273d2ad60aa9cdcc18d728ed71677befb4d78c3a45ab9fb5f14e62b17a608934f36aebb0e4e6b5ed6a5053f5705bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
67KB

MD5
42304c8cb0c1405dbb8722ff0851092e

SHA1
d29d977dbe442bee281abfef45d2fe727f4e2971

SHA256
852a971f5f8d70afb548e7010a25dca7c0e97d350bee2e8009e8063eeb80bb0c

SHA512
4c0caa6d7deefffa50ab323826df30a1de5f1393810c8adefae8e93667049ebe335193650f3f40b3af5c3e5a00dd01623c0d0d7d7c88830a6732f84644225b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
256KB

MD5
f61c96a65b60f7e4c018e2850f5a4880

SHA1
f36d693611e6e167e20ad40b143ca01454c0898b

SHA256
74fb5e0934e2b922fffd0d9d91a870d851cf834fae52d6c80fba17dc052dcbf2

SHA512
f87c2170e5c6274f56ee645d441cc793a14426b5f487ca31a3a2722c7ff337ade99cb030be030fbcd92f8d5b00261fce06753ce98a77cecb3665b7a712596a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
128KB

MD5
9b260b685006cbdbb15f9a96a17e63e9

SHA1
393d72cc9d928b7c1696a9b8cd31c3157a1a7988

SHA256
e26c72728c98ef25f40ecdec620c3003884c79a1476738443c544b209c804069

SHA512
73dd76887252e4bcae44a972045c722150953fb08c4d4944df95127c4ed51ea6246ae2b588debea6de59f1aece9109fc9831951cd493b191bfbb5691e9cbe209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
109KB

MD5
1d107d5e34291d7919a1e0a23b77ee8d

SHA1
2c266a4214c5e941c7f870a75f5c2b2ea831ae50

SHA256
5ac8fac68458ea7f19b7eb77abf71c5f6747396cd0e733bc22e857985102772e

SHA512
5c0ca79c2615530551e9403bf494780764e1f74567a770852608a3c8b443870ea55a0f6c6a35666ca250a0c36f17bfd3aea9831ec3c03b04921a97c0e0b20abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
19KB

MD5
935bb5d465d94cb39aef1382236a2ec6

SHA1
5dc667df91f97d5f6cb7b348f8f2f90bc2c2237a

SHA256
fd8f992d68fe06460dd6bbd387de7526c83ca822fcf83faf075ec666a5f34a34

SHA512
5c571a507d72d686e57fd1b6f6aea31178a5b575844ebf55d45d6412c0f3e2a1bc656540c3ae6555e6d0e8e0de3874679d6e073afebede9eb523f1c67b7cf841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
57KB

MD5
6fd89696f92cce575af9aa323400bc41

SHA1
934c8596f8ddee6830725f84fda92d0db8be3613

SHA256
f5feff0cdf42945c5d2a928792b7322fac01c673d4adca84d6eed2f128af63ee

SHA512
31819492274e951b0011be160b9c91bf0d73e06c62c82983d6bc3127b170b76298b431d4a1cf03ba9537ba89bcd86d6bc3ff6d6923c5659cd72565d46227bba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
71KB

MD5
e40e220547d00a0deef53d7543b29f97

SHA1
2e49aa7a38de393a36d2223c220fc35ac567e66e

SHA256
afda1befa2dc8c35d12055a5b4b4f83dca12176f024eddca211f66e366ee80c8

SHA512
3d2676df064011647e00489482ffb060ce957a37bc1f893bb42d54c4f1e3321235508abcfb5ccddb79cbd7fb10dba2be9cb76d1339be4887e0b84c69112f115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
58KB

MD5
ff6e74c08ad08c22e07451d3167d9520

SHA1
6745092f9efe5dd1971e732e1b45386050c87096

SHA256
55881379917c842f40aa098558f5071c4e12f4305b0ae0e62e064770e4709d81

SHA512
358babdeeeeb96b9a090fa647958a564a96a7089379084e704d857821a759febb451d160d3796822cc7ee0719cc53ce920c9809797ee4225a21ab2a32b693b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
16KB

MD5
04e1f6c4827af415993124bead3b89d3

SHA1
fc9736c8a180d55b9f22fff832e11d1f22cd0e2f

SHA256
86e848bb80d1e1586f2059d8bef552080d871057bc318c2e204ca552bc18041b

SHA512
8469b83b6a271e3205bcfbd092271918dac86f6f2c1678c737eae06b1e2468188c070a5de98945462d813b9e6ed2fc54a3c4d9a024bb43316b9ba4c32733c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
20KB

MD5
9d5e7dfd5c74401ee1a9385a7d43d247

SHA1
e781856a557abb5182b4843643d9f8f683e9af98

SHA256
85a9f80e25c666d66d274b91574c8ae36771d9538c0e0a6635d7befebe881735

SHA512
32752d4efba3923531bbc2858a6cc7d299efb1dc149e3ca26873772fd22234ed7aca3b38fc92698f199945a05fd253e1d5a79f0f9281c2929f38987e640069e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
25KB

MD5
d3ea40e69303e1bf571ae0e4d39cea3f

SHA1
06a84cbebef02dd29f69932eb044b8bbe61bd6e9

SHA256
437cd7e6937c9aa5d897587ae219939e3eb3889115b52623cc560df8b5446111

SHA512
a7e41f5a8b25a9691c045eee4435814ec981ba1ee8c69c8fc5fb55e10b486c673a5a0d42a577285db74b4109cf48d9f46177b78a53b22f23fb3067f16e8c9166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
21KB

MD5
61d7617876c2a112457041737dd78413

SHA1
7bea5470c7378bf484a012d377ad11a93ad32fc0

SHA256
1766c218f83578b652fefd391c4b33c3cc4ed2d38888bd1f126f734b9b5830f0

SHA512
3b0b88123382b01ac88a46a456d12ee4cf997d8cc7d87acdca530d1f36cb36eeb3838795a8bc0d7a6d4a6a4d0f894f9723fafa156bd9c8decaf359d4d3491dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
134KB

MD5
2ea86888cffdc9fa78756dc2ee6877fb

SHA1
450b2014d256f4f488f8b35e918c676177aad157

SHA256
d7cab57401d560fded725fc6c3daf444cb1897c578f422936153a5fa6d1c0d61

SHA512
f8d72ce5d3cafbb6017acda7dbd70a0751688a772e0ba5deef76bd659f146b6274143e629b82c9d0f21c07787704cd32820efd0a88e8c883e03080a19f59d077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
35KB

MD5
c83740f88879dcbb9331719eadb394d6

SHA1
d065c944e0bfa02fd5c7d49352e3084065ff2ea9

SHA256
7e8f920ef4ea03f281c3b1264b0b3058739e07a7dd1ac41aefe78d7f14cc3c36

SHA512
cd38cc24423f4809310b2c560e4d9f3b6d149b90b12aab14bc104c616c59e36c3adce9e8eb21a5dbbc7b4f50c6db74680782a8fd15aaab5d290490ec2fc608c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
54KB

MD5
2e725985963836194af9de9d292b80c1

SHA1
b5a4878c9486c0d23fb5996c5f971d5af34ac792

SHA256
6fa03cb7220ff6016f9f0ae3a2b479251994f183b425db9ab22c8ac5854b8a92

SHA512
f9968703a778263c6251006b8fa5010c32fe2cb40fec18581f46471b0dd86a6eebc7a5885a744258d076e6fe7c2f52537b499454d6b89baa25b70e0939a37e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1310edf4d92e3a5279309cdabe2f329d

SHA1
cb4582b7d1183572a91c8927f157ed23d5b85563

SHA256
756ffc1e544b6d20606afd2f57e05ff0ff4583cc018fd315dd325985cb4c61e4

SHA512
34eeee3cc2ba9e7b07be7201b58b9a13193a00ee6425282621a0f952d9c2ee71a3d2d4db4967899c9f6a523bfa203715c599c8e636890f1150e3715283f61243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe578741.TMP

Filesize
3KB

MD5
b77791e21d1a9c113e9ad745e3492660

SHA1
d8439900fbbe96954680aaf3f33433f0d7bb7865

SHA256
ccbe971b48fcae2a22b01ed6589bfecf8dd42773432699d31e611be6790db30b

SHA512
c5cbc61f5eb866d4e7ff6d38f606c3d6bf80ced88b29c1dd66d9eeb679ca492acdd6a1f393226a129eda1fc78232fedeb5c4a25e66438378131aa6b38c04d763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
a037ce91d0a3f09b408bc14d4f46d981

SHA1
ee8d51d6f9fbf62b5bb55f66f518405b103c5389

SHA256
8a29a055a7b2d223cec5c97f06bd1090deb063a3b622c7421ac70454b9e2c886

SHA512
6ae7b4537092de5e5a9bbd833182f174294c9ff09ba4bf5993fdffb93bfa59ce687b7d2c8c1351bc07f1765bd715232a348b58306f87f04c62241009c6af542a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
1b04395e00c33e7c16e19a5282e4506d

SHA1
a6a22550c3985f088c51661ab24fe800e12f22ce

SHA256
2b4e9247d955db473a0b06561c1673fdd166916a95aa29edef99c16b41d3d6c8

SHA512
e5870448496ad9deabb3ca82cc8494ca25e5e3b1431348554ccb875b6861b93d74b5de6cd9795f4378fc153bb8444fcc5bac9e0b8831f9d7a0be0bdd0c1fbfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
680385f48ab88610e2ba8870f8c1598d

SHA1
23ad65f435f6eafec3fcacb9702071279cf2a307

SHA256
37d74727fc94d9f96e9c48b08ad6b95f54803171378163ce342e0eb576562f18

SHA512
2fa9e738b67ca72e3c46fd86aaaa26121ce1171cf4267bed2f6e78f25533c3c256145418474870c9b02c5f26959a3afad8ab09c1fcd0758c2989f5ea3c7b8bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
a1adef75e84ee9616d400a8e54bd0a33

SHA1
3503afb8bbbc5ca0aa7cfbb6a4c3c5fb6cbdb8aa

SHA256
357242b7a527cd9d370d3759ddd0027de9b237b921a369f69e1fbb5b222fd03a

SHA512
1bb28884434c62d196760bd3a2c68967d5ff3fc15beb52b2df900d084d48d9d315d09fdb24d4e5a63a5524a957c359e0e3249dd65c4e844c692cf67ae052c39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f3eec6676689b0d9c0c63eb3e085db5b

SHA1
d154aee89bfed80a93be512a37ab3bdbf60031f0

SHA256
342e8511a3cfd4d94b83b8f0d1fa2a08998d3a249b5cada283d39283a257223d

SHA512
1f2ff315eb2158eac0ce3b22efdfa522575fa136eab97d7c3402fe86e62edd70133c5d1ce63454c9a1dc252639baf9f63b81126a6b1a026b6d8f44f130b24ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d59a9155b42de51ea772b6deb62e1720

SHA1
dcc85eb7d1d0cc4bfd63f58198b1cdb7c7d40f58

SHA256
76dfadb6a31c81975ec10afea5fba25488992af6f57035a33776ae6ccb3d7d11

SHA512
7523841ec784c484df219367b5b7bc20b1d96d78b2f240deaede4ce060f62d3ce38f6c023ee2e90eea879de5b7aa6d9fac7755aea1a47dda1da3f72f098b7024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
168a5e3c9971a7b963315d521a97b7b9

SHA1
5fc6cc359b20bf0d72ecda9299905806f43af8c2

SHA256
870daa33f63d873418309cee51f7725a12ab26d6df42128f761d980424c8be50

SHA512
e98841b5ba75ca032c9da3d5f2007a606de4b282973aad0524603a7bea22e5d8ea98bc0d55f83c6330acf5a2559c33fa5109710b01030d89900511d431b3a30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b2e6cd1f6d2216048933860d1462fa5d

SHA1
ef0cff3eca85c721bd27e0757e1367358b215ab0

SHA256
6fad89052c8e216fe8e83a7e96d5d38f5a5bb487cae9a1c304d7a10dd6ad6eb9

SHA512
55d3d1cfeb1c6de1e660bada7a8b02414056c8034f0682a4da53f12dfbaf03fe2870b8276690a14d25b7fbb673c08383717efd1db2402f30f9e2a77db3db410f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
5e10087dd64da0ba5933fca0265da890

SHA1
c373b31ab8cd4d4da3c6796a0555283c0e3876bb

SHA256
4a4e344623ac58433a55c3af702a39d1488e307cf56a0edcd6188af12d5ccfce

SHA512
a5eee101c3bedabf9316c9298d4a50d35d9b027bdb2088d8b5e059a2822e43fb38189ad8afba09fed258c5e9779866ad6f7d99e2e3618bf4ea846c4417ba4ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
92e5ce75895d084c0bd9d9c46e1b7b64

SHA1
d14e41711499e78ee5a2839c4f1b826b5aa1d70b

SHA256
28629542f1e8a75ed1dd854d8e209398838a8cb54c256fe27c0181fad3f728a0

SHA512
8ec1a436e1a5eaefc0724284ecb61a188471816500a046e94bc228cc657df12b0b4c240d5c1c21824f5458dabca4fdaee2488bc0b13137df4fe743bd982ec159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
2KB

MD5
2b7d6e8b13de97c25f66a50de1dd1cc9

SHA1
2b774202c956270752f195d0b148141b4d7d1cf6

SHA256
def9a28514bb74ad73be8e2325fd2b602919230be381fa19a2d906282bd0eb56

SHA512
9d8b9c238707bb370b6ae3bde03754880dba8549efccf0d647ffef7adc8249f3b986040889092f3672b221ad7cc20619b3e4fbdcc0d0455f217987a89863c5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index

Filesize
1KB

MD5
e5de56c7c36bc321c15e164f5b830a3d

SHA1
77af2572d467d3c412057f66c8dedd45bb4e27d5

SHA256
9c9c3148b856ea7b9460acfe78b362c5b5f7ddb83fb48dfbcd39ce1864419b3f

SHA512
1264e076cfbc1f127df5c87b357ec536824353389ea703f961a5750cb0ce667d8a677716eca65eef8fe52569ae295a79f058206886fdf3286ae22fe76b0c1da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index~RFe578184.TMP

Filesize
1KB

MD5
64088430453be7bd86755630c23abdd7

SHA1
6e87060080c0c0d2e2f2fe57477f7e9282df74af

SHA256
8de39b1e9d5b03f6f5fa7508b3ff41881bef1d618674d7c2721288ac9639165c

SHA512
201adf070b9b9d5e0929be66df2b85444561fa4e0e2029a45e0c61df87ced0c99af0866b468cf0ce95f07bdef0478ff91455ab620177083321db510c55868b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
b1c2a91002ebe7ab7e3d6e086644b124

SHA1
c1f7bb701ecdeb2002a1f966c754a9052506fa79

SHA256
21c9b559e1f87335eb338f5a6eaa8e324a56fccfc214fe4e2bbb10dfdeb7705f

SHA512
5cd38f664e3a1a83c69cfe5354e2d4afffa4909bb6c8ebb14ab3947c4080e7fad1090dd9e5e0b7644a5ccd4c153bd02bf25207173b116fd978061bbec1e3f214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
f303640e237fb205e43df23c06da6177

SHA1
043c0c318ac659715fba346af5a8a4b2564e542e

SHA256
15a648808b39ebdd00de0f83663fa880b4c78ab046dd1eafd8250b866de94dd0

SHA512
4d0dde143421b1fe8bf64a1c951d72b328c068cf2d1e8792351051078ada63938ad8f970aff243725c3f0c286d1a5596a6da6da164704702ece5098d8183b3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
261c3959fd25b27fcf68efbe3b469c9f

SHA1
3bb943a7cf6e188174310976eb55d3635c2edeaa

SHA256
a656ff12ece1aec996bd535cf73988c0bc6e70855dc072ab5268b6a610ffc043

SHA512
74255ace0ecbda67c4bbe146f9d49225d77280c39b88cd8c11a1363b739c1c2c28e413af65e74314d8b34cdbbe12a27cc90730032f405aef84b14c96ed4f2091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a4f8222b3eb1ba96b37752703eb4dafe

SHA1
6acc4f776509bebbf5795aba0e0d25d5b5417aba

SHA256
40cbd97fdf832aa03981cbf7eca6222812551e9d8b922329e1a8014b0f0acfa9

SHA512
9bd4d6e7c7f04b21009046d1ddfff4f788811436b8df341e18185286c7e558d75a873b11c4c4bd275f9464e61c06100146d703ab0a562a80326f44d889b3cd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580124.TMP

Filesize
48B

MD5
4ab7b8be31b7c67bca8d37cf6111ef78

SHA1
7409a6d21aa1fbf78b248cb7d00a8f655d7ba117

SHA256
8902fd315696b364cbae59995794e8bf7e0fe1c14e669d131bbe3be9ac7f88fd

SHA512
131d30f2b4a49e232861dea8b6858a37b3753ebb811a7af4376a97a1c7d41d903e258f5fa2b8aa92c4b30de257248ede88631d9985bc2a67b9c627b1184d38d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
d6638763ddca2131b53beec1ddbe907d

SHA1
d982874452206da2e9a88dfc0b9710f0f578efce

SHA256
fcba190d07f387c02aaceef3a8c1e37ff4a28eb67510ea3432df8c87cb5a2c55

SHA512
3aaae12e9606fc6008db470697838e4e9a5819db0f24c12c0298afd9feb87f80ec8a37af160ab95d43b969840771bf7911db5a8c25ca91c2f207ec9e6a5d69cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
19db5b429a407e6184e3d0001f7d1eeb

SHA1
825d68820cc7bf47b82e3d436b221f10706427ba

SHA256
047eb252cd8664e8ca4e79ed65ea0f5e34cc337494f26171d54b6c30fd79256d

SHA512
7ff4243c5b44320b6036251f38b0980e2d0dfc7a271cd6e25107e4a159da351a501b4352936984c4b7531eba5737609d59b6d10bd32154b6ff67cd654390961f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
81653939d931fe4a71ac4ae1bdae075a

SHA1
61bade17225a7c99f3b620fa852195cf47b300c4

SHA256
36fdc98244a2c91816134f2bffebc26650e2b7a45363993237be22fd34400eef

SHA512
99f3079319d20bc5aaf51e92bc2e8abb36492ae181b82f0ffacbe74b64bca99264dd800fcc9325f2efefcba373e5e4a7c1c5589db9bbe00761e47d6e6b26120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e998eb4c25b49ebefb2ec7daddc72d71

SHA1
85724bd7c2c32ca3e5c25aff070c7b942a2fb5e8

SHA256
7fde06b5b271655a6740fdcbb3e4fe267845f4e26c9843371436a2a62ee8ffc4

SHA512
5d410293c5c3e9c693f4ee4223310481126c0795f8fa8bb1a1ad72004c7e73e9f691ddbe4e0022127e898bcd97851c011f2960ccd61a6e1e9754a94e423372a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
d34d206e7eee86d6a50880c3f6be403f

SHA1
dac0ee4501bd3d54403332d8045dadb4c66d3ba4

SHA256
844c79992a5ad1a3526652e339fb72c1281b03aef04a680af6efab40e9e019da

SHA512
7d8f721a9876cc771ce819e8fe7c4ae4044ea9bacdccba32f91828afa882027dcdcb3068d7bca08593700ec84de1f0b5870e0eeb765e6227cb6b9bac3852a89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e60991b0deaff1b531ef902b336279f2

SHA1
b95638095e3408d3b6870c2b338a9aeaf19356bc

SHA256
34afca8ab443e9149c725bbf5bd56aa0321201093276b14f622f977e325cbc85

SHA512
c64c96336be8cdaa6d6df863f9445831525f258b1efca2cf6de79992c53ce78cf9cb90b90ff9fb9a2283a39b765fbbfea0b7a4bf2350432386e7a01c4211b054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\27d82c63-cfd8-4db4-aec4-212cc6f3881a.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
3095554fdaa7117c9a5804f6da4f6071

SHA1
6ce7e54e1d0a66e04c7c1b26e854820bcdfa42a2

SHA256
1ec7bdb0de535d734b15147bdfce8bafc5b599568a0fa6b2029aa7f80752e440

SHA512
6eec760a94f06ca523dc8ec97483e069e2b9c42027ea2833e9481c8b82ffac6cc513b3c758d0b0e893320449e58f171c5f14aa13de768b1b830be92d4b42d153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ebd94aae1a12f2a6ad12407144c2008a

SHA1
3895363cbabdded9a91e89dc259528740575ebb3

SHA256
2b3e8d83413073c2ec1118072e2bd831b1260bc732e760bb33e01b6bc4c7b7fa

SHA512
761bcc76eeac71baa5bf1aad193dfdc38506769b27c633a1c5138a1bff33f2a0361ace0e6d90798f188674392efab6e3b871af5e6d40502911e313f0d0b3f88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
deda0e7829ea3223b2ab59f11871f0b6

SHA1
0ab69faa849947bc68a052f6c817e132499a3969

SHA256
f23074f5d8c69e1dbe151021aee48fb6af4c158b8b169b4fed386dabfdb747b7

SHA512
9c256ea4f41bd9cda3257039f46e7ab41af03e1b6c49e14b9cd1ca114d46de2b34027e11d6f5b956960ac75ebee9ba64376453e56d1bf694b2dfe2c3aa52a140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
be4738fac2f4fab29a9d96d082113e93

SHA1
43529a8593559469adc3f361a82f59557cccd38c

SHA256
073360e442826745eb1f34f1d9fdc92cdf6490981a6704a671cb81fade03679b

SHA512
b74d19cfb0a238919880b012d01f4aa968cbc02cafe605988767bbef94e3827be8288b7a95e47b9de5a241accbe050ae4e78cbd35d72f8fdd6b0a11e2a83524a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
0095fd0fc71fec0ab40379357e0de3a9

SHA1
dbc700f1b6e47fb457a3ba9a8572076139df7850

SHA256
0c105f5951c6009038a252d949dcd8ca3df272af55b6a37a7f09c1c19fb079fb

SHA512
b4364835203efaea3bfaaf8ae2a015e4fbf524d2471514a55d1914fcd3543310f6904158b6a6f36b0f0399470cff8a8d3faf0318983be4347fe93fe17f2f6ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2fc536e9c88ab725b17d4d69a681017c

SHA1
2d92ff8997897c59d209d3cb495b9cd386735b13

SHA256
597cc1109eb42f452a052724612cd680842627c700fe80200301c4ebf9336831

SHA512
5f7eed30e299fdff0a011ed4ee4dd199fe28fb7d2d554030487ce7e69f784023466b9ad6f62e277fe7bcb26758a6deeef1b97526cff485cfc4e42ef6ad07ad56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
bfdde8dbe441639193e600b69a6b533b

SHA1
c89e051e1acb16d963f9c0de546494df09a2e9d0

SHA256
6ecda2687e45d523d33be5cbd1c1f117fd8934f999b6dffc4981855b03abb173

SHA512
daa2ebac3eb971286d834acb8d1bd1752cd5671b32fe08cc2c79a076e2ecb53113fa719f17fefb047146436620b97e3502a9ee6604197a12920269e922f2830f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
39e080ba90052b1f40bba7c32e5f12a4

SHA1
fcb809696d5697ec5c71237ed9e991a878b03329

SHA256
bba6da2e8fdf591defdafc5a1ffcabf334cb11e74dd460fb0b0602ebcccf9f83

SHA512
2e1a8ef0445adcfd7b32f14d899f1541d266beaf2648d28a3b3f1667bdd4d0f6891582f016f974f9134ba2725812a687978b57d347f051626a8b17908f0ac532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
a01dbb3b0825c23bf416ea06e3bb7dd8

SHA1
15d935a0b00b6e5ce0328ce95fa13e363b5991cf

SHA256
eca847cf038ad5882f89895d74efeb3abf955af9d72868c51ea0d416155e9d97

SHA512
803e63685f26b75f28ae8f238812125049678d51156cc11085869ed1979e11a1bf275bc22927c64a61a173706cf3d2527af7fd83ca6aa9b96b2c5b9dc4ba241d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cfa126f173e1dd159ee6250248159776

SHA1
27a07d9bb667cbd9c98ac7f0cdf4cb42b403e54b

SHA256
023276ecc2154476bcf0ff9956204d731354092abbf5e65548a62ef6419f62d6

SHA512
518def4699cb7b22c17d9065f5cf10180a75eeda673f3c2178e76c0c407f45222f1cbbc1be90a56ae3c632e4b68cd316e033a09ac9118eefdf605680058c78a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
7b08409bd52def37a7f96b03af84545b

SHA1
6489ff3c61a6f6ff8dc6dc7409f45c6a98d43c78

SHA256
cbfb9beb711c886ff3d2b34e5e1a82dbabd11ff7b1a4391c62ce4eff194899d0

SHA512
a0945ccc3acb5a60193b830d1cc75e290e6a42b4870038f6ba161f9d97ed7589390fc705abae758e170e25d3768404c927c14cf2521de45d6701ba85246c986c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ebd50c86-5424-46a3-be5c-c8ce904272d0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
271B

MD5
bb4812c9c3bd60519bffd062432ad400

SHA1
44f3f2d8c819e01a3c57335fbb82f20ce979e3e7

SHA256
c3c88c0c5266bd29d4c44e43866319e24f41821f877b35bf67be49cbcc3d6dbc

SHA512
24da9439afdaabbf583a1bd5f97f6bf9cfc3f68bd3d422d919dc4815f84b2f94d56eaab1a5a68a9abb8b1ca0740766b1d69eff96b073eee3730696e7350edec3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
850826673fd3d051e200e1993e72e4cc

SHA1
bf462a30a1d7b399ebbfeb914a8b609fa7b66f6d

SHA256
e7f2ad403190ea2afd43233285bbe532bd7315cc75d2a3d92c0792558bcb1ae6

SHA512
4d7e9f25b9452157291074c150a05bcd6eb0dfcc7ed60312d973dc8da60783c3626937a0cb623c59a4bc0a92154d0eef2aae6c16af1683c7755fc5547d9fcdb1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
f072b2e55601a98ed39c397ff1f3d929

SHA1
285d472a3e51dcd9a2c57f45fa29df3fb4bb770d

SHA256
ef3cbb41f32d795def75fc3b69d943b94944675bd0b59a56b39f387b95ac68e1

SHA512
56d1885deced3f9061adbc5bf21ecefa71249d8e59b3e5e1fc9a5fa63ef0339f4d419c2bdae5e0de6e9c705b8baa01d459f1da8530bf81eb3679da49ab398f1a

Download Submit
memory/1164-1080-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1083-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1084-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1085-0x00007FF956D40000-0x00007FF956D50000-memory.dmp

Filesize
64KB

Download
memory/1164-1086-0x00007FF956D40000-0x00007FF956D50000-memory.dmp

Filesize
64KB

Download
memory/1164-1082-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1081-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1294-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1297-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1295-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1164-1296-0x00007FF9590B0000-0x00007FF9590C0000-memory.dmp

Filesize
64KB

Download
memory/1244-0-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1508-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1310-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-737-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1552-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1351-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1354-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1-0x000001BC174A0000-0x000001BC174C0000-memory.dmp

Filesize
128KB

Download
memory/1244-1522-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1274-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-922-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1479-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1404-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-9-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-8-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1441-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/1244-1440-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/4276-3-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/4276-7-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/4948-776-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-775-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-773-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-774-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-772-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-771-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-770-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/4948-769-0x00000000094B0000-0x00000000094C0000-memory.dmp

Filesize
64KB

Download
memory/5212-5-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download
memory/5212-2-0x00007FF6C6C10000-0x00007FF6C7ACA000-memory.dmp

Filesize
14.7MB

Download