cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0

Analysis

max time kernel
900s
max time network
902s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kaspersky.exe
Size

93KB
MD5

3060fc299e17c7783df72a4e5f031f39
SHA1

2b1a867cf9dd435670d3c638974b4ad3c4a6ac87
SHA256

cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0
SHA512

490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2
SSDEEP

1536:HV/r7EkrjaFIs7E5OxzJn8njEwzGi1dDjDzgS:HV7jau5OVVLi1drs

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Disables Task Manager via registry modification
defense_evasion

Modifies Windows Firewall 2 TTPs 3 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4708	netsh.exe
4284	netsh.exe
4660	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	Kaspersky.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	server.exe

Executes dropped EXE 5 IoCs

pid	Process
4296	server.exe
2936	tmp6D85.tmp.exe
4664	tmp7A38.tmp.exe
5492	tmp301C.tmp.exe
5508	tmp6006.tmp.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
29	7.tcp.eu.ngrok.io
214	7.tcp.eu.ngrok.io
258	7.tcp.eu.ngrok.io
357	7.tcp.eu.ngrok.io
384	7.tcp.eu.ngrok.io
416	7.tcp.eu.ngrok.io
427	7.tcp.eu.ngrok.io
518	7.tcp.eu.ngrok.io
290	7.tcp.eu.ngrok.io
323	7.tcp.eu.ngrok.io
454	7.tcp.eu.ngrok.io
487	7.tcp.eu.ngrok.io
548	7.tcp.eu.ngrok.io

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\Notification\notification.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\wallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\Part-DE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1452023344\shopping_iframe_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-shared-components\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-shared-components\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-shared-components\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\wallet_donation_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_349906278\_platform_specific\win_x64\widevinecdm.dll.sig	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-tokenized-card\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-tokenized-card\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-mobile-hub\pt-PT\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-notification\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-tokenized-card\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_626918616\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1452023344\edge_tracking_page_validator.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1452023344\shopping.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-notification\el\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\vendor.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_2027475240\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-notification\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\Notification\notification_fast.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-ec\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\app-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-notification\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_2027475240\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_2027475240\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-ec\hu\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\wallet\wallet-checkout\merchant-site-info.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1870364129\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\buynow_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5192_1625845019\_locales\lv\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmp301C.tmp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmp6006.tmp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kaspersky.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	server.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877247855637235"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{A09E740F-DCDC-4652-96D1-8869E2E0E65E}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{BF4BA222-DA48-43EE-BB68-2ABDD4C9DE1B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe
4296	server.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4296	server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe
Token: SeIncBasePriorityPrivilege	4296	server.exe
Token: 33	4296	server.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5192	msedge.exe
5192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5236 wrote to memory of 4296	5236	Kaspersky.exe	89
PID 5236 wrote to memory of 4296	5236	Kaspersky.exe	89
PID 5236 wrote to memory of 4296	5236	Kaspersky.exe	89
PID 4296 wrote to memory of 4708	4296	server.exe	92
PID 4296 wrote to memory of 4708	4296	server.exe	92
PID 4296 wrote to memory of 4708	4296	server.exe	92
PID 4296 wrote to memory of 4284	4296	server.exe	99
PID 4296 wrote to memory of 4284	4296	server.exe	99
PID 4296 wrote to memory of 4284	4296	server.exe	99
PID 4296 wrote to memory of 4660	4296	server.exe	100
PID 4296 wrote to memory of 4660	4296	server.exe	100
PID 4296 wrote to memory of 4660	4296	server.exe	100
PID 2240 wrote to memory of 5192	2240	msedge.exe	117
PID 2240 wrote to memory of 5192	2240	msedge.exe	117
PID 5192 wrote to memory of 2284	5192	msedge.exe	118
PID 5192 wrote to memory of 2284	5192	msedge.exe	118
PID 5192 wrote to memory of 2344	5192	msedge.exe	119
PID 5192 wrote to memory of 2344	5192	msedge.exe	119
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120
PID 5192 wrote to memory of 3184	5192	msedge.exe	120

C:\Users\Admin\AppData\Local\Temp\Kaspersky.exe
"C:\Users\Admin\AppData\Local\Temp\Kaspersky.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5236
- C:\Users\Admin\server.exe
  "C:\Users\Admin\server.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\server.exe" "server.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4708
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall delete allowedprogram "C:\Users\Admin\server.exe"
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4284
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\server.exe" "server.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\tmp6D85.tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp6D85.tmp.exe"
    3⤵
    - Executes dropped EXE
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\tmp7A38.tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp7A38.tmp.exe"
    3⤵
    - Executes dropped EXE
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\tmp301C.tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp301C.tmp.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5492
- - C:\Users\Admin\AppData\Local\Temp\tmp6006.tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp6006.tmp.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ResizeRemove.mhtml
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Desktop\ResizeRemove.mhtml
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ff90952f208,0x7ff90952f214,0x7ff90952f220
    3⤵
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1852,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2388,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:2628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4324,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:1
    3⤵
    PID:2064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3576,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3584,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:8
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3600,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
    3⤵
    PID:1004
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
    3⤵
    PID:1252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
    3⤵
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
    3⤵
    PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6036,i,17827468005025571725,17977086906325934499,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    PID:5680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff90952f208,0x7ff90952f214,0x7ff90952f220
      4⤵
      PID:2232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2136,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:3
      4⤵
      PID:404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:8
      4⤵
      PID:3148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4152,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:8
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4288,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:8
      4⤵
      PID:5492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4288,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:8
      4⤵
      PID:5664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8
      4⤵
      PID:5500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4716,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
      4⤵
      PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8
      4⤵
      PID:5468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4704,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:8
      4⤵
      PID:1132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4924,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
      4⤵
      PID:1972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4196,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
      4⤵
      PID:3608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3964,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
      4⤵
      PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      PID:2228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4732,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8
      4⤵
      PID:5960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:8
      4⤵
      PID:5488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:8
      4⤵
      PID:2280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
      4⤵
      PID:3184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:8
      4⤵
      PID:8
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5084,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4992,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
      4⤵
      PID:2532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3820,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8
      4⤵
      PID:724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1340,i,14934728373748498021,14566805810276938180,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:8
      4⤵
      PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1195773953\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1452023344\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1496306803\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_164234212\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1870364129\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_1870364129\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_2027475240\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_349906278\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_377230693\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_44473012\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_590420468\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_590420468\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_626918616\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5680_882449911\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
dfbe9d07114d86329051d9efd1d06ad1

SHA1
0f0700894ba85701f16add423b60c1dbbe0d3d4f

SHA256
85669246ff58a2106f00b1a3cb393cbf7700bdfa4aa2a1f3490400cf6a7cd4e9

SHA512
5553a213ffe7a8999dd31fbcae4da72d39d799212dec2784db898ba123af381b851825e0aa4f10afa9ca2461138e1a78da1efb852592f7f077dc2fa8068dc2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f5de82d2c96a7739f7e240cef0493512

SHA1
c941a6e2f50f37a0f1b94f6438b0b7625a7d58fa

SHA256
e353e00c1e596fd9f239a59dc51ddbf81b45e5b7a46e66fc54be2f1873d74255

SHA512
d9f1ef551ebcae3dc3b71a52a13494bb3b31c289252a89978c02ef162209108b80e0047aa7d02da306f4bff59ac01f4bceca984ae0bcb098f1b5b7666278a9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\00b7e282-3650-4257-97b1-0172ed131810.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
3f8dc5ba3a64e7318a7bbda0c0fff412

SHA1
c17af38a113ff0bfa9423c15302bbef015b99d08

SHA256
8f70c2f2aceaad4b2c40d9c8a6ec3e45ca268b140baaf2605f0c118ac6435eaf

SHA512
f0b883d2c233628f3f5eddd816f7d195a650d8b48430f5cfb9293c4f4555874a7140fb097399f09bc2035f355643442fa580dda3523c84853323f507f66f9e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
9f6e9369f7c1dcf8edf028aa0bcd15c8

SHA1
b6eb3c6f6c97bd3b015b3de868d512f3202934e0

SHA256
3a829e28d9a5dbc2cb8fb646fcfc6ece048ec48f972b7ced809090fe38d2e6e1

SHA512
ad611e440f739005976e9399045405a82564627d0ba7f4c4c0837ae7f78c0ca11d25f2b810e1a64cb137330a57ec249bd4536107440c801da7d8f4994b6555dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
fc9ae1e30f4cea5ff366418474c8002d

SHA1
1089241d126ab73896964ed747b0e841618cc74b

SHA256
ba73900cacae47833ae13f1631cd0b95b13cf2bf181ad2d7dc851f9353e3e25d

SHA512
975c6b6389a439c33e031ff3b94ce5916faf30f0a4479e5c553f38007ba815b4fea9e0d64ff73d8885bc530a03576e2f6b44f9dc299e09da3351176cd543b941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e41ba134f2b72c07174befe08b0f0add

SHA1
604357d3e5058af28efd787ead46e1b9da173e47

SHA256
c8a4fbd5cf848b2d4c498950d38ea77aedd5caebf4d27ac9cbc20b27dec098c2

SHA512
1733d6c598c5b976384c543a62886a92b972cc0b93e05cc0c165a977b6653b65ceabf81e74ebe1375d36ac3bd01e0e90f8fbe043bdb0a03ccc448991b7e75aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
d72a891e78e1755ec48bae64a5c89e79

SHA1
255107b74acca7912174b8df04e94e8db843d076

SHA256
41c73061397acef315ed5c03ee0099ee7a73d5b12d9cba905f7788a62eae183b

SHA512
e340a33e79c2cfff13aa8f8db2789a9fa09f3ec12abc75b173c795527f9c823170df0b223c71fb5318ef9c40d7239ec9e950e41eed4292c302dcbb92bfcfdda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000054

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000055

Filesize
100KB

MD5
80b5b90c4f3c45f46d57b5e1bce1e629

SHA1
367e3928b8c501a0827fd1b56083824932e9dfce

SHA256
f8f5766093e3c09b37b085fe81a7d8307c69b34710794143efe460ae62bafb2b

SHA512
395fe714443f48f04896aaabb79d852a79e6ae948fbdf1678505be724c0efd172043b36feb8716d9882585a47d23746f2dfb1cfbb18149ab9e71310ba0b055e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000056

Filesize
58KB

MD5
2f235bdf2edc72828711a31542a5f2fb

SHA1
69c864f5d1d75fbf58aa34aadc9172d12168d342

SHA256
a2d6c570e58c1530d378539a81c293cce51cf26245f212a468cf308c6e6af5b2

SHA512
d9df48fd88930dfc1477492166f2eef838eacd8f138b7082a586e1adb6c2c9861c28419640c6f1722ce16f279681ba44f5e716404f7339e0a7048f29fdf9cec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000057

Filesize
114KB

MD5
e930cf00b9f1df58faff97bd4c06db59

SHA1
efd2155e9faadafe1558e1c5e5240e4f01db36f0

SHA256
a41c0edb4cecad4f7644eb7348e57331065814d38c5716962098990b320f4f0b

SHA512
d402f6493c039f2c59381ec6ded80acb410cb95834699b5900cfe305fc1cc9d59e4546d481d46c11f1e4eb7e5f10abf923790998eb2024cf22a3e3b4f5551308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000058

Filesize
355KB

MD5
2c017cd370b98f091fa277c8ed78271d

SHA1
8375a048564a44e5050bcfc12b1f2eff5f1f77b9

SHA256
c2b3511773b754984d34120b24d5af9c8be62298105c7251a3d0d4c14c4ddee8

SHA512
f93da7b825def400c32ae5f91c5e10ebeb17bb6d8596c556a02e9c3df24754448f818dd4b9d34af9ebe9c8c20be84d391fff22a04baead3c982775195d7dcb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000059

Filesize
19KB

MD5
d7ff50bfe3a911e6c398aade10cb733d

SHA1
6549bea7e8a6b3478100490bd836090c3387c3cb

SHA256
bb99ab2e6c435c1d5b5955da73027be6171b654afebaf8950dd68cb8b23f5bb4

SHA512
f33a9b155cac484342bd3ca53c2ba075d2c9e09f2340a11da803ebfa33c5336d9afa3d5507bccaf87c724f3043caf8cf88ee0c6d87ed5e0e1eb0acd19a77776d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
17KB

MD5
17a6d98b23a2c373af73eb085c3a22ad

SHA1
9505445ec0bb1f632f1b3fde44395f722f46a8a4

SHA256
ff6aa19e48ac7c61136eef8d50224ebf6cf03e315344bae24419cf7b26a9fcc6

SHA512
8453ca8630f92da9f5ccabda074e608aeda8e99171f98a20443ab38f0a6f41683ea33685a175af6cb6b0597d0163607b4a1c137291cd8c9cb128d0749b0a52ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
77KB

MD5
3e2965715a0e4581141016e3e90f1956

SHA1
2a29a85b9280a07983b669bd55fb00210b016fde

SHA256
35f8e38cd29dc9670a87d303ded1ac66222237f08aceea49a886fbe1c509d2c1

SHA512
822075e34f9a429417adfb5930e6d22dbf395252311990020e576eecc3b013e02d181c9cb98e5266e88a8e9e65b2d988d79e01792020a36bbb0141a855ed4cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
162KB

MD5
4e0a442b1527ae00196bf73474205e5f

SHA1
86d3abc28b32e6da08ffedd908e250f21229dcf8

SHA256
b1cde56cf2eb781899c9336145359f5c0260503f835027178ba8f2d9127c8469

SHA512
3d0c76dfbf8086c4382fe34f1ae5c7ca1ab8bb609792680f0d82adf975abd209766ec62a6dd46a746da0d5f85b49f3d29fe175d9e0aaa261fd890ead5753863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
72KB

MD5
0c24bfb73d5151493376eb1d19031fab

SHA1
a899206d003d703cff22f20464588743d2b618bf

SHA256
3244024bcd81b9acbf69488de4d07f9d6df8ed070990ad1706bc4f510d63e64b

SHA512
b73528b77c5b60a97f79ecd9debc1d49693dd7ab4e1df756afa5c3c455a83bfb2a8686558c0962401594e3f69fe662b8e7830f9a546a3b917d4ee66903bbaa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
128KB

MD5
850de9aea95ade483d7a878b4e00f847

SHA1
40f4982370a6f9793e469a5fbdc5c273880149a0

SHA256
5da6ed93059933b7aaaf811fe84cdd98b952e2b08ff08050e5d914f30185fce7

SHA512
351788e6b2c22c40f007c7d17ce225dddcaa3efaf3a7cc4ee815fb70412157b067d22fde0905710e463ed431540f697aefad1030375934ff533ec473a5f397fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
128KB

MD5
a48fed275034369595845cb75b358c28

SHA1
bb596867cb824215a6568af70a1e92ea0f0059c7

SHA256
fa2ce40e7082a32b0bd1fe9f932d1dd6d37df6669f26b895c330d6527c6e941e

SHA512
543f7f4a7375102fd7b3b113d7dc5b333c5043a7621c41893a4e76342b1772b803a7ec666c254c2cf51a2df6c9f8a34b78f075c094606c4be3c8598c761554d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
128KB

MD5
27c056b0a2fda44b1b99669359f5f1be

SHA1
98fe071961d8c4fdc0a2f394a1edcac054457eda

SHA256
a47c98e13fc99b6174e3e30c611b4f7647af4ae923cee4c133b4afe76bad6eff

SHA512
52a9c50b821ddea9b09e31111a9bca2297736858a6fc0bd8bbc0541cbbf492804fbd8336287202550a27149dfcd2f853ac95eba2643247b700a45c250b4cfe38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
256KB

MD5
d50df859fac0f2587beed99950a55382

SHA1
9389a43a2661575dd5afdbf9f4521abffb9be4eb

SHA256
0f1fe568a93ba617348d6cdca8a12cb85e4ea8f6f6ae3cce1cd0b8fbed3de935

SHA512
b7205c1bbfb83c07a08241c106678c79f4062e1c700f2c61f71ab7288c89700a5fb13e733e4c8e3b9f12a68dba1365674c9b940af84f95bce7a38af4f1618195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
117KB

MD5
b5616a9d939952203a6bf458793e7edf

SHA1
c7c679061dd20f85a57740d214dba2340fc9dcbd

SHA256
261153e922adfc1a7bd37181a82eab314853de10ba6875c2122e4c1062568aeb

SHA512
a779534d598564dc56d8256ecf28d1aec340dce73f66c87e9adfc5ec3a57f0b0e63675ceb55ba772124a9b73ce468756a99fce1e7044a724210e7e28f12adecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
20KB

MD5
dec2c4d37b3f7087b3be4b8d2ed03e3e

SHA1
81f63505d09004d905c0c84adc9844605e6b53cf

SHA256
6ac4ad2651b59806f7d477b69ea3987747db370059e50b7468d3248a5e00c497

SHA512
6dceed439547b6c8b00edc61d2e5ec0ca7bee0f0ade8036191ab87176e3d579206a6f617d24847757370528764782804401f794e450e1977d5a92676449d422b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
58KB

MD5
a02f6a23527277ee9ba782e2705a92a4

SHA1
8588434085234a56b0c8cef24999734bce5bccb8

SHA256
8cb910fb0e56093c0734842ca462a5fe0174c6facaa2edbb745156e880309e2a

SHA512
e2ebc949880efe3356b5e2c186cbcca20c5c1ed90545b3ea1797f73e346f814fcbd902410a29018380101c674b10c2f0201ff7569d05eb30500a6b4f3db9734c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
57KB

MD5
de363e11e4577eeb398f334d5b7c6af1

SHA1
e8f7443a277c4d3632576a4d61aa1c8d57ee90bc

SHA256
8cf53084eac4fae1ce61e67a982fb9f997cefe7885270e2c60acf7904ed27df9

SHA512
ae272fd2f61b8da5e347b59574744d97572e3ec244a521930f6e0632b1b9c811d403f288022a4d9088f7a6b7321a6078dc0719b3277813169caa081ac2cbbb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
67KB

MD5
42304c8cb0c1405dbb8722ff0851092e

SHA1
d29d977dbe442bee281abfef45d2fe727f4e2971

SHA256
852a971f5f8d70afb548e7010a25dca7c0e97d350bee2e8009e8063eeb80bb0c

SHA512
4c0caa6d7deefffa50ab323826df30a1de5f1393810c8adefae8e93667049ebe335193650f3f40b3af5c3e5a00dd01623c0d0d7d7c88830a6732f84644225b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
71KB

MD5
248a4d793a67c45da831f341c6e08d27

SHA1
93cbd3c8583207fc76c13a269c3aa2b50a290b26

SHA256
47af4a758c203809b381228465302f138a519c76490ff09322883f9fa7a8c5ac

SHA512
c73871c2f15bd0f9c0e2363611350bd9036411c75d0d9ad177640cacd001599139a549559681cdadd17a6dba9453e6e3c6f9b679822da1e30d06fd281000a5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
27KB

MD5
bfff59a087298c240b9f6a6b9c3bd249

SHA1
48d82e9b1f1f282b485a3d4b0c9d670a27ef53e4

SHA256
dff1818c27fd50105ab852a4f0bd84455b35ed8a95866b47a04b3543544f8d10

SHA512
07781c14d20a4fdce3a2506bd0dc395b2fb4364bd18ff3f91587f4f620224267d2a797195ec1b2525d2570c3ddbd8f0ed0863ecb73da298d398f9eed36816eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
35KB

MD5
7c818b61a204cf8a8170ca6d559552d2

SHA1
678a64d8d5c71301507fcefdb6bb31f774c003b4

SHA256
35124975bbb90fe737496ded598b4592b04aba2b5727a1b9b55f3309236ca2d0

SHA512
7bff3fe2c787a59ed85374c2461ce3fdcafedd96fb5b1e67566870197e9e971fa4d295cf191336e74ab39afd870804ff43dafa53a0ac0dc0ab000121fdd3d2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
20KB

MD5
9d5e7dfd5c74401ee1a9385a7d43d247

SHA1
e781856a557abb5182b4843643d9f8f683e9af98

SHA256
85a9f80e25c666d66d274b91574c8ae36771d9538c0e0a6635d7befebe881735

SHA512
32752d4efba3923531bbc2858a6cc7d299efb1dc149e3ca26873772fd22234ed7aca3b38fc92698f199945a05fd253e1d5a79f0f9281c2929f38987e640069e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
25KB

MD5
faed28666e4b2ec7a7c999201e73462d

SHA1
8576039a502d4d44f7547855df7bf6c314b74383

SHA256
3c752d117de48ef0323284ffd9035c724d02aeee609c39c4c29fd923277cda4f

SHA512
89ff417b94f93babc581bf239910edd2b9bb860e04b9c381e3f8939ab619b37f02dc910d610230b3be9aee59268a7132ea9d06fa3e0c8efc059361b200187075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
16KB

MD5
04e1f6c4827af415993124bead3b89d3

SHA1
fc9736c8a180d55b9f22fff832e11d1f22cd0e2f

SHA256
86e848bb80d1e1586f2059d8bef552080d871057bc318c2e204ca552bc18041b

SHA512
8469b83b6a271e3205bcfbd092271918dac86f6f2c1678c737eae06b1e2468188c070a5de98945462d813b9e6ed2fc54a3c4d9a024bb43316b9ba4c32733c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
34KB

MD5
7fe4da564f6f340f3bb26c954ad4fa64

SHA1
3d2f864a844f5c67498e2c279aad0aea69ab72ea

SHA256
f5f055d7ba1111e76f51f14565bf41d9f3917e6feabf5b5e16cf8b24ffdf93e9

SHA512
e9c1cef740be4b8c89427619d75d099ae8b0bf525f13e9cc8f3f0ae908431ad7b3e4bdbc7419131c492e10f0e918eb4871a7721168162aca704e604b50a6994a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
25KB

MD5
2867ea71afa68b12dcb693cc6c1e0840

SHA1
65710520c34917971df5e8e1c9473c94514205ea

SHA256
8ca055bf35af8721b1f038621baf51f4090ed733dcde69964ebfebded0d44f2e

SHA512
22bfdb8535639f9ddf4affb19d51eb4320cabf1778f5697fa7fa91d126fec68c1038afe26be1557d5942c46372dba52deef4f50e13948fe92b673e20ebfa6ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
18KB

MD5
11199e1263fb9e87c96dddaaa504992a

SHA1
cd5644dd445769f312fc0abe5517a55e4be19271

SHA256
2b2e1dc5851e4d3600cecc7de7421bd8ac89efe911e94be265b0ef39a2d5a92d

SHA512
0188a66afd1c8a32e6e3a994b109090526e12529053d8d0a055f4c008acad60c4dbb41db90d8f359b0e0f6d24c4ddae926fcad75f5aba15ecf90c4bc26fe3f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
37KB

MD5
441cdbd0752319189eae1c01367a7bb9

SHA1
0a4a9f241b07dafef95edde99d0e53d613bf1bfa

SHA256
ba117dc84646242c5d326c8b9c884bfed7f0f6a7745f2d5c13b27f47201ffbbf

SHA512
3f73b5a2dea991bebcda1f472c9336f72c86ad09dd996c05b5c90cf99fa7d5c93a1f0d9325ad482b6a14fe08e535d0f66329c5199bf60ff649b8c9da5c5cdd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
22KB

MD5
91eb0e8d92554594c6deb66e6f876c69

SHA1
b25ebeaf2e89f466a5be5856d4840f6a186b8a2c

SHA256
2ab24b6a20d7626d7e028fd8d38c73a4cb848f4eea7f9a7ad9620652894327ff

SHA512
f2792fe8446e5376718e39b0e3e514a6df15fab45e50d9bbda98723910d03ca3a9c147a0c7036fff716c9d3750344377d7515a1bc9324f605b6b4401f2fd1882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
59KB

MD5
4d9c5e8bfd271febb1c39c035195b918

SHA1
2311a50287d0610ce4521461a0900dc9670ab561

SHA256
747e9da9de1fe569e353d2b59781cf7b0f2f844775f2e5e93b52d48bfab6019a

SHA512
fd529afe8d760f497e8fb625bbd3fa9efab4ee6af1a803199484879b625b1bee9c346fabb6e151d74db3c2f15f47721a96dfa57bb94d6cbba6bcc117d578bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
36KB

MD5
396b01ac85cbb981aff2a122a49d151a

SHA1
d85b6722649c41ed2ac40611f636b6820f3e6101

SHA256
3b49dc3579d8ace767893c0d697718bfdee790e0e7b72fb3b349276522c3d7a6

SHA512
9fecfea644381fdcba54f877df1e79ad8a02c1f721ed66fa55f886b7867ed6ae9b718c6774b78a0a2ad6fec573f5357270e7c8c001aa53fa58b2926f8df6204d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
37d3ffc32175fb33cdc923dbc15f7f5a

SHA1
3a194771429a8f318244c6fed325d19ab274293d

SHA256
307ebaf02358fa6c4b69ad5880a7a79749ad303499a9371539ef451b2e6786e3

SHA512
821b926a2363f50675c83c983adff3ef5fff01a2a9e906932d37ba8524ba368447d406f236260e0927bed20d22a6139084cece44e7400e8a5458eb06cf63e8e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
203257e1148469ca2c67e98200e05f5c

SHA1
cfde23e9cf62f656112bd714e345def6a72aa52e

SHA256
08d88166c24b8cecbee1b7c4b1875339545140b2f89764b83c590d860109e744

SHA512
d4c151275913b80f832f19fa381e45e74783a9a55bab0b4c8e238cdea1e996560237af12875fe3234f01c12552e93052587467ab50411f3af36ab77949ac1665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b6463b6ed73e973f8fe4e08dc743c062

SHA1
4bf113560f303415b7be62d94b30617eafc397bb

SHA256
353f1da5e3cfbfc3f414e9204ce753d4943f5a6d332c5d74b72ede04ab734ac4

SHA512
879b16278ea0deb89f1ce41aef62ac10ef3b43354065724f86b43e238c9e1cb5830b23d00ccd88fcecb669dd2a3271be884f0ff9c4fc095c742be18712b3578c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2001b6a4429d8c2d1dbfee186217038f

SHA1
ad60647d9db9e3a384bb5510a10616aaf7dfd1af

SHA256
db05af484bf3ab458724566511caa07b2d9091c5d133d3c2d70db48e29ffc591

SHA512
8194c5b676e2fd8d8f811bec6d8f7aca42af194f5716b903ba2407dea47c23b5c36dbb876f83d86c225817c7fbfeebc56352fde3b67ccf1e2ac0ee458c4253ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
5827f3661a180a9129eedbdd879c3d21

SHA1
6b645b7cb2d5cc1ea5255a5d7eefad44338a34c6

SHA256
19f921d79d255d5b6e80d54906d3b9c2ddd1f6d434d9376359158d4ee3fcea36

SHA512
ea9414a531f9455cd47d3961af5e2a69c950969a3d953f818741692d34f7b4a66901517b33e3ac7558e207d1bc935bb59c42024d957724888d3d35fd1db89eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
adbe0bf2a988e7c46de3c7d308176a9b

SHA1
ed0a61fbd2d4c35035d097632acdb3f7904d265b

SHA256
bf61275f5ac0b3fbba9586d314e94de50951231440746f7bb15468461ab8da13

SHA512
5922371163fdd891f97709c0375b218483dfc95ceffa16c21c37fa419ce3cb2e748835f85bbc8920eabf9bd5211c5aafb44e00f02da7ef3b5d787b66737d84b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
da54d5fa6c19e0501feaf929e7d113a7

SHA1
a419abb715dfd110670a89c7ef383d59eca8d696

SHA256
b8e3781bf9ab08239fd55ec4e8ca58e540425abff8c5a5927b304337ebebf937

SHA512
e35ce3a2b6a3ce27f690d56bbca8c03042e0edca8f97ade28481556e4d9f386e5d47f6658e178b22608099722e0a5211b9b65866956f6d182e2bbdfe513e3cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index

Filesize
72B

MD5
d4d4d20a46c4567a1f385e4c088a3b4c

SHA1
765020c1f0e9d5c44ba26a01709ac48789834e34

SHA256
3a66bf4c4dc2a43044575218f5e6939e5569d7f5233feccff25f859411177fa6

SHA512
089d080eeb43f0ec2ee3b0dff930eef976af16970d89f6ab77d8af952be98ddd697056f173f848cd1fcf389c6596291aeee5050029bf7ccff70ce83e1892e7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index~RFe592292.TMP

Filesize
72B

MD5
54e9d3bc0c48e919c8996718be541122

SHA1
c79d4ffce054f68f267d27e2919a4f75f7ca8e6c

SHA256
79172f9de82577e43cc53a6137614c0d1499f9cade7912ccf49944eee171fac0

SHA512
95e1893936c0aa2195bd1d0fb7459ee4d4b67fba48a4bb7481654ef31faf4b4422eb791f03f1381f2183f0826bbaec6def690a34182511c2c105169ddf8c006f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
1KB

MD5
841cd1d6cb47c87c813ce73d7196a219

SHA1
e1658302ec50dd06ffbd0f0447607c31aa2a5557

SHA256
4a82bc6ae02cceee8ee0ae328697458d33c006052bcb6612c2e1ddfc1041fccb

SHA512
2f03fb0880f576ef8ee47cb05334d535aa7bb5cb27a63be6737b1aeb6d3325fb1bd501a19cf547dda7ee3627e4f1ab35a7336c704118edaefb3d274d82b10077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
2KB

MD5
b05c339be233fd8d79f14a8def023a3f

SHA1
bd8f1f8daa2b1355506d1bd9d1eded10090773a9

SHA256
e1dfa93e02af47edff6862bceaa21c87fb46fe1ec4f51dcd0641f9f8f4f2b2de

SHA512
95533d2c3d20fca1cf7d1cad6fad5fd56510862e4317b11b421f757db4b082bf284874dff4eee53609e28362eb72d4a7aec29d56e3f484a09ff600f2637247fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe590b51.TMP

Filesize
1KB

MD5
10cc5d87c092d71575cea13962e0f276

SHA1
aaa02117888ac95ef99de47b2ead5ad4c880e69d

SHA256
a6004a65713ff574720b1e583028995769f12593312a4e8b70449c736f2dfb06

SHA512
d39a4dc71fbb1c3ff9943a3066200d6a4d67da1711d05bed4104dede47f85e4cea0d2137eeae90ad794203d318ffd70e48981795a1103e560420e1fe27bfe92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
dbec6f85716a937c5118b24fd0c62b35

SHA1
52f5cc3b220e6cb2d600b29c3993788d78e35228

SHA256
720f3105507744b40b2082f2e0408bbba804b0d75ab79ee4f6aa5ea2c19e4b84

SHA512
6e5ffcf0dddb7533e9636b82872ad4228fca60e3442a99ed490bbde90dcc5a8b421fe945fab593a673d718272534c52b46cc5b734debc3850b41c7bd0d836270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
302B

MD5
9a1b01ea77c746261972ae3524bbbc71

SHA1
3399f0bc9b0c4bce2382074427cc0f873f85463c

SHA256
3b462bb4034fe495db93c9b53e8b3571487317da24933a8eb1680b44e4728dee

SHA512
0298a396075bdeb4d1425b6b067252b8309b0b35fcf744701647c0f9926065dfe633db850b297d875d1c941fbc6757f9b3088a22b5d45cbcb8fb736b379cf581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
a8771700042d6aa10cd4a626516da1ab

SHA1
a8570cd34fdc88d369823e28f350800d8e198fa8

SHA256
bbebd468cf2bfc54c13a3892c1403bc1effdecba7c45aa24fb1e22a68ef172c1

SHA512
e02c7a820830f39494734f1771dd856e1a8f17f35bb454e543a9f517079f7f337b400e9412211286746e6d8a1f211f6d2f328381e435d20f210353f1297488a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
c86d12559b1f2ee51a2bea856c937e76

SHA1
e1ecafa6302021d54e88169bb3fb32775b7d555b

SHA256
474a22a6c7d064a853aa712436cd7a8005e7b48d9cc8eaedc1147f30ce438a56

SHA512
88936f391b468328ed30cc1cc12bfefcb56aa2a257a65e13f19f275a430d18eda11b0b5053d036c819e8a7819a5cff525ed436918f8c795c39700e9a40854fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592292.TMP

Filesize
48B

MD5
34fafd9c8bbb7a25fb4247416d53802d

SHA1
ae30bbe55bdd00a0799f9c3236078a5b2e481c76

SHA256
9244be1e787728cf04d260f0c3554ef84eb73ec5477a223489a6d9ee58e7ac8a

SHA512
20d4149db11fffe05a3e7f8669f4d854a952dc1fc4d5a898cd96d48c82cb313dac85d1e9ef71a1146f2751a5ed51846bbb350cb61901d700b74fc4d201bcd650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0b6f53babf3a95353f0569c75875a8ad

SHA1
ec5ec2bdb0406d80ce32dc11ca6968884fca7e6d

SHA256
cf8618fc3c70462ed91460295071e6428c742438864a7df05ad8a17bdf5868c2

SHA512
17f0461eb2c04fb00621bcec57ba27e93dac707974f9b2a1a7a5e51f0dc4545d178a1a2ea57f3ea5488caff785cc01a34a2c6faac4d8892f64d6e0138bd9a143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a9165511a8965ff777977becb1eb75ee

SHA1
5ff20aa9eba431b6f3c1b57413727c8e5fb4638c

SHA256
9e6e0f6df6621fb9fe544791623ee93e0bbbf809bd678fa546d33da56a2307d1

SHA512
00370a0d4c925a7225fb41f9bf3accd5c4e555ff5a5c14a6c650da75d6416267f69fa55ffc11e55671b2932d88725501cd445e1f8fc64dd7cb3005ac1407510d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
21KB

MD5
1bf58667b31cbf234b565525c8a16733

SHA1
bb95420e634a91af20349e90c34b43dc2a730cf1

SHA256
6503348a325cdb3e7b14d67ecac6c7e16281cb08a90d16778a123bc5a715738b

SHA512
057234862c048e6368aa1c19cdbb7620bfaf056b238ad89d5ee21672b06552a9aba4cc8f399038d579a6a7beeb3c2fa5d329b49a13ba39578a34613bcdbaa48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
796f669186a841eb4eabd94280b55882

SHA1
c52849a761da2cc59f48f716ec7a8bf372bc8e6f

SHA256
3304758b98e1edfe033d115dcbd23f2a3404f3293c8fbe1e3b113987fa519d9f

SHA512
26854b53e55600a77ad8af35f200fa63094c18f97b8afb1516e93321113b0234050235f2f92c5d12cefa305ab7fdf1e14b6257589350f6bff30289709a622057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
2905f7a841451b6b6b02777854e0e29f

SHA1
2525bb0a26a0b42e1659846d7d294d46c68413ef

SHA256
027b2f18626a67d112bbf5dfb632b740024dc630d95b3a59ce9fb65be0a72db2

SHA512
09ff92504f70a9e89a87a8179c2df3dd46831758fd5df10504426ed8a92a62d306758f605434d3dc436ba61460c7aad9037c0d9216df31d3ac4747e37a3d7cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
894272a935e04c25b76d7a793131512e

SHA1
a8c66615e48d96b0e854131cd715a69752073104

SHA256
8bf43e199f30e4b22cacb153ab9fd9ea8953e5f3d746a6a1ee2c5ac2677533ff

SHA512
357ad214babf559f5cd01a092abfa9b71c351516a18bf92b6b21251d8fc7c638bdcc3867a50063cbe113cd3955b3428721eb941acba0f0ee366d588f1e99d251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
5c8ff1f2af5525982a9bd338fcda008b

SHA1
1ba3f7ba1c89e159b731924f02c0007333d0dbd0

SHA256
ee6fbedd06b23f7ccccfca60f72f08f83bf5af49fbdb03a57476d57780949d5b

SHA512
94e4d45c4eeedfd034b870379425cdb31d808bebd4d072ba20f2451309d61c6c93f06cede7fc19c42f561e1ddfc41d2ef479ea6922d7bec18634f127049d4c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
fa0f2c4a5c3ca41792431bb563d9b14c

SHA1
f391ae49ed47771b2a6cfb0a1ffc98bcff8f46f2

SHA256
65657153e4f6aee5ea96c13a2b6713014f90c64025992dc00a4e0320633f799a

SHA512
d57b19d2c1a01ebe33ff36961562fcbfb6ddee92d1a7414355c75327bf1fb64608f31d792168e155ff6c07dba7981f75fb8692df5fa8a4ecad654f178cdc8f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
22460b1c1ae86d75ad60af0a3a55a1aa

SHA1
837430a90983573d442b176bbcdf01d12ae83e1a

SHA256
066e331c1536f7fd5db64a435aaec31e2cb07a0a40644d894078e9a8566ead0f

SHA512
2929964e0b52e41038b6f9eca6c1bac640977020a473606690bc9495304c1b194f7cfde4281780ed7ecb67693ff737e6639aba96b19aa21ea57526a4ecbe218b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
d92101e657a74935bd5ba7878a66c773

SHA1
cfd9bdc1c59a2a20050d3a20da8c9d845e85d1a3

SHA256
fde0929377d4cc4f1716a212c0d35cfb30246c68f5caaefc9a4c2a142c2e1385

SHA512
d6633bed76d215d986e0367c6be4114c72a699e6884aff51789f3b67748533f15ca4ddc1773a69bec28b7e075488eff849ed505807a39819366e8401836025d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
672127a68e4ac81d4dfa684bf837cabf

SHA1
2e11afbe507003583ea22c85a435057bb9a35e39

SHA256
9eebe9fcc84d24bd101c3d4da894ff5be13cfbcf62629eda5688fbf47cbafbfd

SHA512
ca6fa28231e5d64238e9381b6bbbbd066268939731da49f1706d4b5f3293df900e4f696ea1904f0d89503a3854167b5b4b5b614f8498d2cf678d15029e4f2ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
86dce1456faed4e08db8d31bf5e05cdd

SHA1
6b9281270e5abd8c4f267971b75ce4e33f6d51f7

SHA256
0d03bdc0392e07edd97aef1900cb238be50cf1276e6f4d730ebf8a5c7a7599ed

SHA512
f9180455a10dd25a5730905008b86830a93600c791a2acd1ab715999ebf35d54f75b71f11871a2c1b43b199962cce15d7ef47ae62fa66e603043ac25c9c51924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
4e2b440a174f1753f886523a735f7930

SHA1
8659db0e097b7884c8a7482fdfd4e31185a04830

SHA256
08941f0f5ce111fc0f21f77d3836e32d10d786df56c31d5cb057ce03d4fe9e45

SHA512
ef16380ea374d926691abe32d62349b200c83ba8fccfb60ba1bbbcf2d648cac2b2998734418a5fe5d319d13df36d3f97dfe50740a94fd911185a410054ce5fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
72fdc5dc9bade554eb64d3fb10193119

SHA1
7dbd7f441f5105425b438fa7e87a9483ef4f89f0

SHA256
38a37264347768f4f54e866264c776b2c1f6980e5ccb2b4cf1c0fdb59bd4ac08

SHA512
42cd34337a1d9ed5a98b49f93cad95bcd4fbdea1e2c2d5e045fcba296513ad550584ec77b9bfe4ccefa2a363df0879696d2da461eb97f2795173be0fd642a21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f6db6f3c200c6a51210e717526b97b4a

SHA1
3745dc69ad59402a56051b18888d0feaf1f046d7

SHA256
e4e72f293b1986e9193986ca4d6be40da4e6d75f0612e10b36c57b23d50267fc

SHA512
9b0221983ec0d7c198085eb4f131754b9ba38caa2581273685c4c51b22eec3d4d184c4c87bd4870ce5d77726ad9566f7a58010e6f9b1e46d5ac6d40fb067a467

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp301C.tmp.exe

Filesize
29KB

MD5
cc65ad514684506f9f22c71d94c537ea

SHA1
36e2bf3159d14552279fc1b80db80a8c177925f4

SHA256
d215b8cc095e913f2d3adbd88ae7691be657104dd52340efba670d04eff1e368

SHA512
5c505b4c49df8e7e83af47719f79018358a39f1df552b2b90dda244b1e41a30559cbe66b1d415a836f403452c5493b26e28ef170376eb5f1a310733e65d8eeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6D85.tmp.exe

Filesize
61KB

MD5
f4407493019fe05f34b074539519ebc4

SHA1
b3f5ff69ff4fee493440c133f033a0d05a6edd43

SHA256
a5c1bdc7b8c0e456edac031568c8acca0524eeec7e91977d63c41c0a82c608c5

SHA512
24668bd17617e038544ed5cc92385cba01ec1b70725930457a5deb6f4ef1a079e3af8d7f592dad851fb1685387daaf47cc02a6c406042dc7ec1f406d2ab3bfc4

Download Submit
C:\Users\Admin\AppData\Roaming\app

Filesize
5B

MD5
112317d572ce0538d2d1b20d7f32170e

SHA1
c7f3714c4806b907bcff7f79aa1d1c9373b77d1e

SHA256
fd9e9a8be71786826787d6eb9aa28371d09b0515ddf0c19b082fe7bac57a88a9

SHA512
265dbebc83c74dc97770e650580b0321144990d133403bab2bc1de4618cde63dfd4fedfa56b5e4e259b510585db0f7a59042c356356c56bea3ac861d4be5337f

Download Submit
C:\Users\Admin\server.exe

Filesize
93KB

MD5
3060fc299e17c7783df72a4e5f031f39

SHA1
2b1a867cf9dd435670d3c638974b4ad3c4a6ac87

SHA256
cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0

SHA512
490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2

Download Submit
memory/2936-1333-0x000000001C110000-0x000000001C5DE000-memory.dmp

Filesize
4.8MB

Download
memory/2936-1336-0x000000001C830000-0x000000001C87C000-memory.dmp

Filesize
304KB

Download
memory/2936-1332-0x000000001BB30000-0x000000001BBD6000-memory.dmp

Filesize
664KB

Download
memory/2936-1334-0x000000001C6D0000-0x000000001C76C000-memory.dmp

Filesize
624KB

Download
memory/2936-1335-0x0000000001410000-0x0000000001418000-memory.dmp

Filesize
32KB

Download
memory/4296-24-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/4296-29-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/4296-23-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/5236-22-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/5236-0-0x0000000074BE2000-0x0000000074BE3000-memory.dmp

Filesize
4KB

Download
memory/5236-2-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/5236-1-0x0000000074BE0000-0x0000000075191000-memory.dmp

Filesize
5.7MB

Download
memory/5492-1439-0x0000000005600000-0x0000000005656000-memory.dmp

Filesize
344KB

Download
memory/5492-1437-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/5492-1434-0x0000000000A10000-0x0000000000A1E000-memory.dmp

Filesize
56KB

Download
memory/5492-1436-0x00000000059E0000-0x0000000005F84000-memory.dmp

Filesize
5.6MB

Download
memory/5492-1435-0x0000000005270000-0x000000000530C000-memory.dmp

Filesize
624KB

Download
memory/5492-1438-0x0000000005360000-0x000000000536A000-memory.dmp

Filesize
40KB

Download