hxxps://cdn1[.]dlproxy[.]site/download/mWOaXG1bQce66NPmNID6EQ7qJDpF5He7BqJgut2qPhwLy_HPcIY2EnSyvpbSPgbVp-FFiGbIY29JQWf5RAO1F7FBVuy3MIboMcHuDF0_FWkVz6qD3bKYZr_BkTM4l9W8JmjoxWNVLiaW9mExfvOJNU6fPpRhY5FsKl7gGt-aUXznyQa6AJeJ_9CBpm-Pyrg4H0WOcBanRxaLasXPHtZgBDVEB_XXILp7N7PjOLxrCz1dafkP0G9VZX_hJvUOQLAMOl3RmmqkrgacQQhOwzU-mBMYdmdtTXkMQhHDdUPk2nS4IJ9ByRaM18ukjgEVuF2_a4nTVKqnPc9W5IXJXEsoH2JAId3ztR5kXusGt6fqFScAu3W00Ot58xrlGkRuyP6AkF_Pg2McZMwXDsP-3wIfYgx43zLt7R6pFQxcHlOh8rmZGIM7BvySNtKM_Uhf6O73veBeikNNmWgRQsRhlvA0fANRcP75aWnx_8Np7Jb0kZW8p92KwRjmf6Hp2IykhMIUkS0aw6NwwhoojPhrVwS-8p3X-c5QhNMprnPRkn0SbgUbnnY2jOuLNTJQTcwThjrA?sig=JYRq4zvjPF3odU1MQWXarjEJf0W2YTWHidgCEBFUnF4

Analysis

max time kernel
158s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn1.dlproxy.site/download/mWOaXG1bQce66NPmNID6EQ7qJDpF5He7BqJgut2qPhwLy_HPcIY2EnSyvpbSPgbVp-FFiGbIY29JQWf5RAO1F7FBVuy3MIboMcHuDF0_FWkVz6qD3bKYZr_BkTM4l9W8JmjoxWNVLiaW9mExfvOJNU6fPpRhY5FsKl7gGt-aUXznyQa6AJeJ_9CBpm-Pyrg4H0WOcBanRxaLasXPHtZgBDVEB_XXILp7N7PjOLxrCz1dafkP0G9VZX_hJvUOQLAMOl3RmmqkrgacQQhOwzU-mBMYdmdtTXkMQhHDdUPk2nS4IJ9ByRaM18ukjgEVuF2_a4nTVKqnPc9W5IXJXEsoH2JAId3ztR5kXusGt6fqFScAu3W00Ot58xrlGkRuyP6AkF_Pg2McZMwXDsP-3wIfYgx43zLt7R6pFQxcHlOh8rmZGIM7BvySNtKM_Uhf6O73veBeikNNmWgRQsRhlvA0fANRcP75aWnx_8Np7Jb0kZW8p92KwRjmf6Hp2IykhMIUkS0aw6NwwhoojPhrVwS-8p3X-c5QhNMprnPRkn0SbgUbnnY2jOuLNTJQTcwThjrA?sig=JYRq4zvjPF3odU1MQWXarjEJf0W2YTWHidgCEBFUnF4

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
620	5912	msedge.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
4272	EzExtractSetup.exe
3708	EzExtractSetup.exe
1256	EzExtractSetup.exe
4828	EzExtractProApp.exe

Loads dropped DLL 21 IoCs

pid	Process
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
4272	EzExtractSetup.exe
3708	EzExtractSetup.exe
3708	EzExtractSetup.exe
1256	EzExtractSetup.exe
1256	EzExtractSetup.exe
4272	EzExtractSetup.exe
3708	EzExtractSetup.exe
3708	EzExtractSetup.exe
1256	EzExtractSetup.exe
1256	EzExtractSetup.exe
2832	regsvr32.exe
3016	regsvr32.exe
1536	regsvr32.exe
4272	EzExtractSetup.exe
4828	EzExtractProApp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_507794535\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_507794535\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\manifest.json	msedge.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe	EzExtractSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_507794535\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\manifest.fingerprint	msedge.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\uninstall.exe	EzExtractSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_507794535\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_471731763\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_471731763\manifest.fingerprint	msedge.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll	EzExtractSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_507794535\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5684_471731763\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{2F569B12-EF5B-4C87-A91F-3FD144CE2FB6}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzExtractPro.Archive\ = "EzExtractPro supported archive"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{09F6AB2C-0008-4C05-84EC-EAFFFE98C624}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive\DefaultIcon	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lz	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe
5684	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4272	EzExtractSetup.exe
3708	EzExtractSetup.exe
1256	EzExtractSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5684 wrote to memory of 1884	5684	msedge.exe	85
PID 5684 wrote to memory of 1884	5684	msedge.exe	85
PID 5684 wrote to memory of 5912	5684	msedge.exe	86
PID 5684 wrote to memory of 5912	5684	msedge.exe	86
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 3508	5684	msedge.exe	87
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88
PID 5684 wrote to memory of 2336	5684	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn1.dlproxy.site/download/mWOaXG1bQce66NPmNID6EQ7qJDpF5He7BqJgut2qPhwLy_HPcIY2EnSyvpbSPgbVp-FFiGbIY29JQWf5RAO1F7FBVuy3MIboMcHuDF0_FWkVz6qD3bKYZr_BkTM4l9W8JmjoxWNVLiaW9mExfvOJNU6fPpRhY5FsKl7gGt-aUXznyQa6AJeJ_9CBpm-Pyrg4H0WOcBanRxaLasXPHtZgBDVEB_XXILp7N7PjOLxrCz1dafkP0G9VZX_hJvUOQLAMOl3RmmqkrgacQQhOwzU-mBMYdmdtTXkMQhHDdUPk2nS4IJ9ByRaM18ukjgEVuF2_a4nTVKqnPc9W5IXJXEsoH2JAId3ztR5kXusGt6fqFScAu3W00Ot58xrlGkRuyP6AkF_Pg2McZMwXDsP-3wIfYgx43zLt7R6pFQxcHlOh8rmZGIM7BvySNtKM_Uhf6O73veBeikNNmWgRQsRhlvA0fANRcP75aWnx_8Np7Jb0kZW8p92KwRjmf6Hp2IykhMIUkS0aw6NwwhoojPhrVwS-8p3X-c5QhNMprnPRkn0SbgUbnnY2jOuLNTJQTcwThjrA?sig=JYRq4zvjPF3odU1MQWXarjEJf0W2YTWHidgCEBFUnF4
1⤵
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2e4,0x7ff8283cf208,0x7ff8283cf214,0x7ff8283cf220
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5768,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5128,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5072,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6440,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6624,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6884,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6800,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=3676,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6468,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6976,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3584,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7248,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7660,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7072,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6848,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8020,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7008,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7144,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7000,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6672,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7128,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8400 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8200,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8396 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=8684,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8624,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=8452,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=8652,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=8332,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=8588,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8828,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8724,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=8568,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=6492,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=3696,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8728,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8548 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=6732,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=8904 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=9184,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8740,i,2923163862224154595,4827798133362572030,262144 --variations-seed-version --mojo-platform-channel-handle=9504 /prefetch:8
  2⤵
  PID:5340
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4272
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2832
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3016
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1536
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
    3⤵
    PID:5360
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3708
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  PID:5324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff8283cf208,0x7ff8283cf214,0x7ff8283cf220
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2560,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4572,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:8
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4572,i,10008289767157567671,12780677689800172743,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:8
    3⤵
    PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5664

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5920
- C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
  "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4828

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe

Filesize
881KB

MD5
3b67b6026237810356f5aefb373d2b15

SHA1
1a4d565f81195adb9c048f8eb7fa7d77018ee3d1

SHA256
554ef8f1d2b201421a53dbbf897fcbea20dbba9d6e8fa881ad0b52be60c11f5e

SHA512
4e4a7445b1580c2076174c336414d5918a3fc0afbb13d56d29bd1fc18ca114affad1ced06fd52624292012dff2b95a76b19f4e3f9940c2d9a333c290a95d4641

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5684_471731763\manifest.json

Filesize
118B

MD5
38a783f9ed173a04e5bef70a52292fc5

SHA1
2329da12d659d33a964ce876541d3ada1929abc1

SHA256
49bd6d2f7f3242bc71f47eacde83a0a1a0e7310074f30810223ea2940238bfcf

SHA512
3ae1c4d0ba65528b9476dfd6035144215227c2718104ece92f9c00bdaa505e2c80d1d30f6e1556f1ea5cbbe6c4f2a2a085ca5b3a2e33cdee74d65e5ef81951f2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\deny_domains.list

Filesize
12B

MD5
085a334bdb7c8e27b7d925a596bfc19a

SHA1
1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2

SHA256
f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85

SHA512
c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5684_561682443\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
576f64b8f21f4203eed3f6c7b065f527

SHA1
e0c4e8f914319e112a4b3562d2d6f4107750aba8

SHA256
c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

SHA512
af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
34KB

MD5
c6975c159a1f5fe625ae9cc86f0eae55

SHA1
8d585360bf715fc24a220f6b3e9cb79943843679

SHA256
54ff81636bf6da76038b97e76a28eb7670d2da02f0079d37683ef42c62e75a89

SHA512
6aee047af22ef5055e9bad028e8cd3c16ab75a23f1975e2b3ff4c7e00885962aaf4c6393f588fe2a90067e265bc4e3d79c2ed3343e17542c291f5fa9007f3325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
58KB

MD5
12f2389211d1835eb8c82e77cfb7058b

SHA1
7af7e9ce59f81a347160e520273a73ada1e64bd0

SHA256
cebe0fd3cad72dc8935e708260a84f990b35b390def225ff6be33d774d14680d

SHA512
76c66240ff9fb35f20f6c074014096fe1a97c9dd4bab74028e42436827e47095be95874ce9164228288a6205780ef10aca6b1154543571ba6f1a3b0c9ae55ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
100KB

MD5
f989b3df1da7e8451d64c0ffe01afd82

SHA1
6d40a628150a04b2ac77118d21aa0d9c390f9d8d

SHA256
b3dd5fa06cb6876e60aa8ca688701fb3d3632058904efeb7fc68ce8fe160aefe

SHA512
544d93570f305f9badc0ced4b257de50223769c779094e7d279d1270d8e409224a02eca6d2a887cad337371e43928cefaee10cb5c34bf43c6d1131364360a7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
355KB

MD5
0b97a6c74f6b441f830cf5e4c66a7a35

SHA1
5f47e0ca5c7ffb5c961c88b52ca5b606042482dc

SHA256
58619024dce5e6cf3f694a6eb423cf49c5ad2b7f8070f7f9959b0942c8e5f876

SHA512
9f5fad36abd1bf557440e599656dca5b75302abcfc20be3361fa6b14fbc1e1a92ba23fe650b9eb3509f74b212c3b5b2557f8b384b069f37f29673bb67b274b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
163KB

MD5
ffde1097334109841d54bbb359432566

SHA1
3aa53ea5cced8e9265913c338a599c24466c479a

SHA256
797dfb2b6d2e645d294ebd88f6bfce6d8f5b6892f1b50210229ef3755b61ccfb

SHA512
8e4d51780655a1c07017c318e2a3853b5b31065cbdf4d5a08a2d4c01351221c86efefe4f60f6197aff5e64de085c9b8e131a0d9cedd1bba074410520671a7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
256KB

MD5
d50df859fac0f2587beed99950a55382

SHA1
9389a43a2661575dd5afdbf9f4521abffb9be4eb

SHA256
0f1fe568a93ba617348d6cdca8a12cb85e4ea8f6f6ae3cce1cd0b8fbed3de935

SHA512
b7205c1bbfb83c07a08241c106678c79f4062e1c700f2c61f71ab7288c89700a5fb13e733e4c8e3b9f12a68dba1365674c9b940af84f95bce7a38af4f1618195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
27KB

MD5
a26cdd2f5fd03b75b30b11fed48ab36e

SHA1
4b594eb679c2af4482b9ae12e657d75a8f6aeb10

SHA256
3c5e8c739a2bbd47a912f6e36d08a11d048f58b04037eb59efcc742b975686b9

SHA512
b97c528a2c0bbe296983bca277433ab6e36ffbeef4ff86599d0622951938871e657e503e5e8468b68023573b2d95bad072e9c47bbe2a61df134d40e44fba8129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
22KB

MD5
c423dfc12c455a61259c03729e2d94b8

SHA1
937e49c0a3571ee14dc8a7eaeee5bc27a9515437

SHA256
7b7a5512d6e0acc9b2ae95fa28092aefda7233a072eebc443179970c8f6589a6

SHA512
f129579a5422e3b1a6e86ac2b6f9ced7401e972a05e2c12e98458460e6e93f80adda3aab9ab7c06bab16c03ee4e54318832c0f51227fbb33b037590b1397ae55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
19KB

MD5
1b90c8b35a01d4fbe7ab2606feddf723

SHA1
f4d3eabf52452fbd7d703c9f56e49ea135a9f3a1

SHA256
4d27f5217826d010314afafea3af47c2aa2a21fcecb8f5783d430be6a09355af

SHA512
6da9cfd8bac965c6ede948f80c210dc831b80c12b472d3308e69d05335790bf081b13530400bf5e791637c0fa78b66d5683aa140048eb134c6657c2b180181ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e1

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000170

Filesize
346KB

MD5
b94efea0499826e752346cf591569944

SHA1
b4c8061b9a3ed022d3edd296c92b5e4c6523332a

SHA256
bfca8f5bb98ae33467e330865ce99948853e300ea7447bcaef84b693a86f8013

SHA512
4a4e6d6640eec93250924d35c6dfacd329c74692a1dbeea5e860461043eab8cea95325871bbd0208f87a1f8c90cb58025e3c536a7066aaf635129e1b5acfd065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000171

Filesize
20KB

MD5
1c808d3cf8d81487666fe00bb29bbb39

SHA1
ceeb2f5c16e453fff53047698beb986ab083e73f

SHA256
0a579c514f42af20746b2b0616906e6967897f9b47adc92be6780fd1ebc39e46

SHA512
e42c7a00e3909d60e145a0ee389a2b51f52db3f16df0b07081c43e61adfa1e51a3a4f86e4a708ab7c1d02f1035d52ec3f6ebd6fdcdeba8418f90ecda3f3d6422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000172

Filesize
18KB

MD5
bded034aab97754bb36a8ff43f005528

SHA1
8d2eeb3ca3d5635b0dce98d3659fd3bcb0da458b

SHA256
a785ab60648d0714e7f98037d210b34575213a8ea7f00e9ab802720e10fda8f8

SHA512
67029f1161ca1a8e4c9150551ca55e38cceaf9716289321d56d5beae1da79435875822c0a37ff42ed56838ac6df24cdb3d95dcbe79a8b2a0add24396cd5022bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000173

Filesize
26KB

MD5
77bd61b98f7b67af56639229724f8dd4

SHA1
f04f07dd8ff53e58c32b738f81b71a014bca441d

SHA256
8ce54c3b77bf31899b27b29188ff4936b580f2bd2b3222d43dda2851ba272e24

SHA512
a9b7587db1ddb25b335b700d3f4b91af4ee24b06030624ab48570a8b6e4b06ea2e86ff89d41790e17ba6f7991eb9893692ecb6b38652a0b6f5c51675b4de7467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000174

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
9279a9ce4fee99c322cb086aae90d85d

SHA1
4a22e75c0da59f45e045c6602d90e41d196b833b

SHA256
e87fc7ef66896f06e25949f4c3c460fcb2251b944615220196f803954d358e4a

SHA512
129551e22b8fdffec2af23d3c73c67a17a892bb7e5aa3c46c3ed92acf51867aa96853dbba59fae45adc101f3e5980b9fd7a3e1d8bad856b66d2c4b6d301e85e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59ba2e.TMP

Filesize
3KB

MD5
3d608b0ac6928df622e79fe88869b479

SHA1
bbe2076c847dcbb68a5cd4e3111cfc2b27178cac

SHA256
b8073106426481b6ab9276405a8864eabefcb2316b114ee1e4f7bd6254a9a4a4

SHA512
203d9e54731697c62cb820414e99544354405e89e923f7c35cd446ce5afad999963897a877da7179893dc4e60166c125ddd4134d1145b5d4f6a2aa840cababf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
674e2e04cc45249fc5535aef8150b7be

SHA1
964deb348ac1bb0e87c8c55f7f72952666ddbaff

SHA256
2275cfa428c0689832f79a5f4f30638ee44f401acf16f035a3a61382a0715733

SHA512
7efd92aa7c05407ca6a6842afee366f8fbbf1cbb166af4ddea0987ba390259b496de00955adb3f0870a94027b7f3d6b905a074808a90cfde5ff4c8678ab2d5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
e89f2f9bc9388bd5eb9b723ee90b60fd

SHA1
cfbb6ba3c60b2760f0feb933f309bc0959bfc02b

SHA256
ed9f5e0f9917f8dffc7363315c4904f51a73013be929fde178b0e60ecd272247

SHA512
6e516fce28cfaa55c2edba2a9a9d9bd5685fe6808e26a4c5e35c58c84bdedca58c750f6980dc7405edad5e9d80d5ad471eaadb4103f415cec6021062065f594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
361e2b100a941879a41e8fe402055911

SHA1
ee262389853aba5df70c717b4e600130c5667c8a

SHA256
ba92370f6f4d1ab31d556b8b8726775a1917fc3880cb8f2cc1ef4cb0b14af090

SHA512
9461a299548da6288b863cb80d45314c071b893d5d8c087a04983ab80bd4cd7b7dc5ee24c22757b81731e667246f8a862d436fd44621d6d0791707dba68702f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
b83273479607b096bce00135c61b4335

SHA1
235455f5ee561c6b914633e49339861a41032553

SHA256
c3f89956cf9842fa9bd6822cac281c0661888bc49086745294086fd347129ab2

SHA512
c52097951f851e1bff88f3d4269fc3e03224395f0e249804333191ef341997ac51b98d8ea5b5eff5b69fed1f1c9a8fec09976f34e25d8c18d27021a572aa4bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
54f3a7f039c1ad4f79d853b5e0ddb82e

SHA1
71323b2026557bd85e625765d0613c629e31962d

SHA256
7c0f8e6ecbb004be26280ab7d7c6bc0dbf3575a45cee5a65baa9344468ff3d5f

SHA512
dfd0f87384c77a35a6efe46eeaf25040b2160802d249739a4698e64b0e5f964a66beac40b22a0d69597bccaaf34b862884eeef5c4263cfe4113622eff0d9d880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
275732f882d3e5aeb0636ea4f5ea6db7

SHA1
dfbf2755cf45e69a7aced54ce0be94aef29118f5

SHA256
0bd1985891e4f1690ace199057892f7f6da6a3179282a80c95e8a23db1bccefe

SHA512
2454b721030fdb4122f527566d27f157910ef4202455243dc7d473c9d9b571605e97007cf24d26af5d5277529f37374280c7eb23127c1721dbe608bf1f3c4381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
a997725071c15d5762e12e112d6b2847

SHA1
1cd37e3eb6a4efff11ad3ed4a301668eea25aa10

SHA256
c04882bdcb0f722cc610b0c67c5aa1fdadd56ad964f889750d77e5da6664172e

SHA512
698ac818a377892cf223ae239204f3fcc6a9aa61f83e5a256424efdc7c9a2f02a5d61298d345d6cc8a8871c8aa75c7b6bc6b273df95bae35f92da7e69cdee7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
6836c2853390df66fa4ec76a0250cc8f

SHA1
934777eace755dcc03f0e4eb4eebea39c59cf460

SHA256
f7cc8583340d36f933269426a4435e65f1ef76072fe68b7e52e05359fcaeeda3

SHA512
342ac5b6a8439c699fdf59fe61cd85e5156f317d74a79e5d863177d42ac4a68f5c20f53e6d566e2a24ace3ac823adbf9db1e31169f0e88a627bec199af24c813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
92f7b28c314e66ee34c1eeb5608f81ed

SHA1
fb9f29e587e81bf7834a65480d5dfb0c6d446664

SHA256
dd5a07a73a3c60f57e4e624e4fc31ca2e6353b2c73c7c941bd764c6c4982111c

SHA512
6a483afba9d9708da6b32b590af63496dc0ca2b554d63a8663de108363c904ba7a134778b7e3e420b0c37b9449ecfef98bbf478a821f65be9c4dcde9256056a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
d7b54c19ac40f68f7303b01954121991

SHA1
11ac8c75bc67202ac2a187c365a06918c4f1297f

SHA256
dd573fa287cd9a65d64a44df86bd4e06885db847d1938f35c51f8e8bb225eb23

SHA512
9e84f2d7dc7532bf7c69b045cfa2c8eb10d8790d67eebccb3de3c466d8775570d1064a9d5a8cd231e8eb986390cc5c9c34d389bb7e88411172b62f97d91cd44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
929e5279e6dca2ce1a6deca83e2d3471

SHA1
6b7ea40ccb0a9ea6e8d01d6034aca379a8328c7e

SHA256
ec248888c959e38e1c1a227f27ae471ed9ef495f8c9c8bdcdc330147e0685148

SHA512
737bbacb8d4a5c0a48046426a04e81e4a31e6e9f9136b4b204694307bfb458c66acb2166146347d465498bb9b0038817e075a9ae3babb3d50dfd9899dff55c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
ed3a7dc12059ffe83658a6119471bb02

SHA1
5c7e0d6392d98a4fd469ff3cede2669363b99c0d

SHA256
657fe224be1159d50ce16280b32e47e32a74f2634843e44d94149a737c9a089b

SHA512
535c02303fa7bae01168e70ef24c366bb9dbc721660293991b53192656ec96c1d0ff1238a06e2ce56dcd05750de63d883847b414d9e0e588e2159c7ddf8db067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
7139eba22122dca13e69f546cc75ab10

SHA1
5d269cfb53aa83265915eb38138f70ef9cd5cfc0

SHA256
8dc8ffe5908b371aa0173ac98acdf2e94362f566ccbc5d5b2c99360f4c5ce80a

SHA512
c22539b9e787802b71b57eb231169ec5503a602e8d0f5c941ae05d0f265f82e7b14a93ed3dd2aa56af1bbcfd6eaf9f513f3478e1e42687f772ec46e4107de76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\49b6ba41-f676-4a0f-b055-9ee1d4d44e72\index-dir\the-real-index

Filesize
72B

MD5
f748b5934e65d3606816f5c9a45a3720

SHA1
08d6ab4c7e737aaa008bf4eae53e0737f7999712

SHA256
f4deb7ebc50746c0ce798c29ddae24df39f8aac67d3c794075373c21c6576dc9

SHA512
63f8aba5dbf588e569745447abefff3c6a984426b6dc33940bf9a72b869ee4764dbbf34e69dc645f26f04bbf895e24afa64f407334d691d3c14a187671c61125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6d58115b-928b-4549-af97-143ffdd06b3a\index-dir\the-real-index

Filesize
72B

MD5
1a16cff02274297d943ef9cb007751ff

SHA1
60e65fdaf01d8fc8b71b6017ab712c7fa33a780b

SHA256
f7c2429e6baff87ac499d5d6ad5994d92a11055038890d8bbd25c68eb9410dee

SHA512
7e273ec9d8c94aae584cc0a2e273056dec9918c622b24c1b9872c1fcf1e581b048d14ce805b12bd326d8cc691fda4610c197f1d9f8d1db71cebad58de0c314fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6d58115b-928b-4549-af97-143ffdd06b3a\index-dir\the-real-index~RFe588cab.TMP

Filesize
48B

MD5
dd11efe8c8353852a2bb284965263292

SHA1
79190b5c26c3df25e2ef307dca60b13fb5db3f60

SHA256
bb87a516a2ff6d47ed9883654245409cb4d56abf6cdb31965a26f1cdb6e743f3

SHA512
951a0840bf1b0f3c6d9c63ce25a5d34943d0537d2fdf7ec21f71d5ce2d0e545a0d64411c94f4055dd1912d04b28cf03aca41d8304544fdb4c3b91e93b1521368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cae0f359-3315-455b-b62d-abcfbbbf6e10\ee91b116cc2005be_0

Filesize
60KB

MD5
49115435c8728a905207437d297d2fb1

SHA1
e524de2e8a309b425af1e4f1aacfceb5470d4ea7

SHA256
0ed6ccc4548de088f7221c18dee3d569b5847125378ccae332734077cf661290

SHA512
36c00226e8917dfc7904ccd95da4ab951f6ca2af06127f93f7d70a9c731e445231d086e9603351a0a3a3499fd75471b4027e76cc915eeeee099c5651316d2e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cae0f359-3315-455b-b62d-abcfbbbf6e10\index-dir\temp-index

Filesize
72B

MD5
997b3f483cfc8bb83b9aaea1c1766245

SHA1
811ee33b2c1795c701d473afe51a3399c92e6f52

SHA256
db099cd8a4ae588113b2fee7dba1437283534971ac92f5b61611f9b57a55804a

SHA512
59e8b8d880e28a886ef235deb755d6b3ba42c8d1d51fd109caa2c283654612a6621a7bfc3e54fbdee8e98d2fdb6c3b23ded63e85da4b7a2d23f9bbb5bbc68400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cae0f359-3315-455b-b62d-abcfbbbf6e10\index-dir\the-real-index

Filesize
72B

MD5
7be95a3be0ecabde90f9c2d72b92cc2a

SHA1
33908991d35abc5ad53001b0fc21ceaf569f5a77

SHA256
997f90a54f15a258fe1aa993b3415a6214b3f3cfb91385ab77df072ca8cbc955

SHA512
563d6ee54ac632b236c4c2b289d364f50b5273c18ff8aca68cb307eff84de3049f08aef007ae6249ec772f355defbc19d5d121bd01ea16199491a543b0f70cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cae0f359-3315-455b-b62d-abcfbbbf6e10\index-dir\the-real-index

Filesize
72B

MD5
2166d6a14672f26fe92f7fbf371bd4e4

SHA1
e77845d09b9daa18db99f44083aa684d0255aa37

SHA256
cbc6f9ea33954ab55cb4dd8600a194985617230be89e60d71855b052a530df03

SHA512
e72af38e460f2afd3fdefe20037ee907ac202d8af4710134bb9e99fb26e346dedd2ffdcc66bd400ca5648171a36e0d2c3c5297cc89cefe85cb78035f80b31d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f4c676d2-896d-4e89-b4ea-3e01d7bd1ded\index-dir\the-real-index

Filesize
2KB

MD5
8314df8f48b014073d76e74e1e435619

SHA1
89eb4c2543607cf2b5ca5b33fe56250bbd6a8a3c

SHA256
bf68dc803f6423ebfb533111aa531e2b8139b3622c7c9ec5e7c776809ffbc5fa

SHA512
f8a0de850802d5273d7469fec037eb0733654e096dddee7d53c2083e4f6a30325f3f3e6a0da97b8dbb1575f69ffcef826bfb0b74b373539d3a1f5718962bb42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f4c676d2-896d-4e89-b4ea-3e01d7bd1ded\index-dir\the-real-index

Filesize
1KB

MD5
76d65fd113162166d73c1540afdfab23

SHA1
b34332c6ddea35813d78c2c6704bb7cb54129a4f

SHA256
eca54affd72adbd85e03bd4c964acebd17008afd851bc3feb74fa7a07d7f4656

SHA512
dad1b1b7e79fcb5b1a0a0d66d9df68d1ec10565081fdad11630be5181b46bd32ee33144007faa1a0b40e491009a61f02882b74acaa2d6f7b0326549e4a8bc5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f4c676d2-896d-4e89-b4ea-3e01d7bd1ded\index-dir\the-real-index~RFe579ea1.TMP

Filesize
1KB

MD5
42184c5c97e07a93f4836e4e26412635

SHA1
f4184c8cffc77a83e5405e22bbee2050b276578d

SHA256
701253527a03ed863b11fb645dcf4940bca7dc3b03c69e5f8a1e41573c5472ca

SHA512
a3fe7fb42826859c782cf05a556e0c2f1a4c04beb5d21cd787998c636ca14854427a5c08371647b95c0ce580f9a2e3a411e5069c20113573a01643523ccbee91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
36a9b8e50f3116abfe3df84e1e515aec

SHA1
664b0fa7f1f69d4c1ca22ffda1d94353d6f58686

SHA256
ae9cee96bebdf616a813833ece2c6b0f7643b294b5d591115b31fd7d9fa12942

SHA512
06aa47fe292fff8dcbcb717b33144ad943d866068c0c9aa7b42a5caeee5be0e5317e0a585c812a62ba90a06fe7645e4dcc5d468a6b93122768ae86f3b48564b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
9a8c70dacae64022e24edd5c21bfe139

SHA1
3750ab71fd685ada56731fd5ee1e30e72a3c2243

SHA256
b88175886f1af7cfabec77da8b4e69bc19b15e09782d6f351df2ff85fa11a510

SHA512
64504ecc1efe83c7fb10b0bf560a795b5122ac5933b03e648c74167b0c04e905c72e5fdb6ed3ed702d142b7f19960f587fce6e8f01f1f514fd1569c250763971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
0ffbf1028cef2401b1cf2ab3ad16c472

SHA1
23d183d6209162b4211c0cc7e9b261867a822e3f

SHA256
d143c06b5872710c881c617ef24fb10568bbe68785c55276adef0d46759d7203

SHA512
ff79f98a35d8dbcebd5568a3bc4f6fdbdb05a56259bb092a95735431ddf53d6322c80aed303f3026c5cca99271832be51ec2295d58943f63752fcacc5a97d97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6f2c1bd73eb859fcadbe5a53aa4729de

SHA1
b5d3939297f471779aa918f169d35b5d009549cf

SHA256
6d87d56e54a693ae0ed6a0a69cdcf7c87898447c6c99a587fcfa64de7e168cb5

SHA512
9759a58759cbb0d4aa52d843f824eb9e7c879cb26cea96f527f2b635fa275f964ef10de283227969267f0d0cda47b84f3a0d83eb6bf179cf07b57a02a115b821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583bdb.TMP

Filesize
48B

MD5
f0585882c8a82f2dee5eab1acb18f9a1

SHA1
5a71aa4ac7751052030abb5c0c210700eb4aa9c6

SHA256
587141d0641442ff21aba6a0fd6e95ddbf1bd9432fe9a55646febc1e317eb28f

SHA512
2103b46ead358e8199a0207be04819265e8d0107355d38799e6fa8f5049fe882175f215f1440dc615719222b4da5a3a4ecc634567288a7897e16f03dee51247c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
29b5772e3d5d1e77f813323084fa132b

SHA1
a800014b02a8927cb6dd144fe0be3097215aa1e5

SHA256
aa3f3e6386314bd8a2142e48bb7d4ac1948f33757c590cd61e0538b67dab8055

SHA512
5e2e27fef4293104b7251fb0690a0296d6f433eecc7f2a51bd9f4e5801fb01e97faf3c9a6a8253d92ad864da70742313631d87828c3e68770474efefb30e3b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
a11a538a1070bb00f9b484d7fb432fdc

SHA1
40786c74417d99eabaf0745c630bd58fd2b0056f

SHA256
7309c616708267371008debfb3e0ae1000bd5e5fbcbc7762097166fdfb6c86d0

SHA512
ac916a56423264b1d53b489b2b523d5d5e002085670ef3b5d577f3d0974a65234245516ef86c6ce7eea5951125afef145ebe5907f365ff8c72f08025e2fdf13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
0944b9a4310c81cfb784a94e912e33ad

SHA1
4142abbe5e04f5d0c8b49bdadd764310d4e7181c

SHA256
3b00c39d879e0aca6e0878f73990e3a613298656d0a728718661f9e421e4286b

SHA512
ad7ada40d2ef5418ec231a5b87c08bd5dc0d010b6105f2cf268ca86300913bcef8d8ffbba4cb0e8f7bb8d35a2259354d609f9e5c2672614a4084f90909325a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
90c63b404d2fc2876c49e55f541fa02d

SHA1
54173705bee326ea81ab9d9a07e0e6c7287c9e1b

SHA256
0398686688c2055d8c0e73bc6c3fe356f535f1bbf15f469960cd4548b9ead75c

SHA512
c86dad772ab6562e984609f369cab3223cf8543d2b70efa5c0c542b5c3f992e4d5cb9420f43ffa8ed3b702d1c7f5da23ad977be4f966b5eaefeddfd798cb4f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
d662f9902d17d943fcb2c13f52c27cbe

SHA1
18ddfc4f45577d50b1cbc39f847ef30deecec94f

SHA256
901ffe4580223cf7b4d8d8364b5942170e7e446a7ea08d585325e02fd322c79b

SHA512
1fa31eb9661edf0327bc16ca7191d418ce4c8a453871d0940cce89975b384cb1def0565547c9f90c973102defe1fface4b200598670272e6a47ad2df6bebba33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
e5320273e401210b280cb96092b855be

SHA1
26cf9fba6ce1b82a2022617a101aa57bd45060c4

SHA256
50d70b15805902a5f53faca62addf07b60219e17ea1a67eef99c58e8cfd2ea71

SHA512
9c44e534e1bffa972a73263b4ff388384c0f24798cb341cd36c154e3b26772ec7d5af69687085ba9aa486efce0f3b47b91425a79528014bc4db3d559cd14c4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
62a8346308efac75329fe7b81f20cb57

SHA1
58c396859f8292371e793ac47641c4b5bf009483

SHA256
8b8656fad1ba72e5e745e7b198f12c9afe8b90d9c59699e545678f6bdbc0ffe4

SHA512
5be39a775f8ab69fc5c0fb03691f71e814138b67d4ecf42538fe353a92366819695206edb69969bc552fceb0063c2d44a8be702a36115359090000f41d04e562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
379ff6f0316e81348e3d230f3bcee052

SHA1
a7600ab9b65b846bf04dc719c3ff36a802d49e4a

SHA256
13f176f5b20f23af53d25c524ea8ef62de55dbe2af4c4a8a1a7c5f8d29531ea8

SHA512
2c838dc5610016c3c005f4e8eb04cfaa4f9e22f1057e0496ce8dbe8d4ee9fb3743cdc2d3ea9e1725ede12d0624695dbee784b83f8bbf35e25f00c17d98fa81c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
58b64997a5db07b332fee42c2cfe9702

SHA1
d8d8988674a6377593dd5343f5ad2c45cb7a6fef

SHA256
95ce06a0c6920e6cb3a49d8ead9c46f9fac524b20310227b624d416ee51566c6

SHA512
4e2e74a0f7f7e02dbe989521a7492d1b11f15307df4cd16796ea0cf008f200dcb0e0e0153bc1dfe46ebb51f49dc0414115b8ae3c369e6b14609526e62feacb39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
563d6fecbd98b5e1173b10abcafd6861

SHA1
1e8d9c07795790dd87a27ae7c386ed611cf14a6f

SHA256
df9f33b110fb012d0d7e723d07b331cb3fa68adb5ca5b6ef3e3ae17e043270f8

SHA512
281d7b770065a96faef45445b3e69d4043c174145cf97ee8e69614d77f4744e02646a82dfdf85623584998b6fad9a915dbffeb70ef031a1027e3f6d73b24dda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d9769bebc1bb0ed490bffbfa968234b6

SHA1
b8817aece90affe74137a2be51f3a1447e27ef61

SHA256
502ae77e0c9b2890d62c2986b5fc1c0bdbf663d6967b735d12781a71f277cfd8

SHA512
c2401d12b1cdcf86c91a6dfd132a657a516d450cef1a502f830b377126747bb1b73364d832417745394b4b06dbaa98ffd5a23f059b856ea3f828151dec78b4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
9a5a2f178380dc4e41de32e0b5a46896

SHA1
4cf38a946400b90175c6588d6a142ff4deaad6c6

SHA256
6f327cff23cd441b915603dcecb3f5d591138dbf397e5db9ac9c7d745249caef

SHA512
1f053efcefeff44463329c27c23a891dbf3160b2b0c3603e7cfbbdd7347bd834b54cde3cbab37d484aed930f336f7bd172beade04b18c5a4177ff6626a5c881d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
6892010bcaafd04ccdab65adb01fb26a

SHA1
43b82f09b06e46f54b6048d4f9ff5028225b5d0a

SHA256
ed2e39cdcd1c5f0168b13dd3c646b5fe573bc173895360ecb016145985ae1995

SHA512
109369e2c3d9a1419c798fd9bd5416ee86e682628b27804a86ef6ca14d7f8262fce7ad3e9720ff332133a4c53880191b2474fdd99180e50e239441b44a99cad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0621950dc21c4e79c470b15e215a1ade

SHA1
c323d883bf19f42bcc04ea49ea826fca0ae10f5c

SHA256
0493697abdf015e5b9bfc083cdcf590ebee8c40eaf1d8ecbf4d5053c3ad2a4ea

SHA512
d96433aa9b7c835f4f4f31f1924431a812c1181abf6014dfdd147c2153460a7a09d9103fc30e4b1666d41f14c3f01a91c4f4eeeb85cd837fc841c24169ed375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
353c7ff89349fe470ae2fdc3d2bd638d

SHA1
2137a6af1cb795fc4ac22a84eadb369beda268bf

SHA256
629f4c773ce9d5850750494d090f083833fcbbdaa817eaf3fb5cc17927854062

SHA512
5faf8a7ff6642ed2abbd988adf3f7d25191eff9b0f9e4e167f0cc8610b8236205945eaf89c36030420eef5f04d5d31de77d80280b11cf6b1e45dbc3049cbdd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
babc9b2ca5063746aa147a274541d068

SHA1
983d61d3861263566535bb2dfd3da9d136aa21e1

SHA256
27871e40d56c1aeb214de79f9ebf73818be1e8ad9db9d344b478aed4a8613440

SHA512
b959057d125453db58d9b12c5a6576270df9f83082c5192bd29075bb3c224148dca89c460ab6ca70b5e03a6133add44ce73a520ec1666c9ca028c829e9a42e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ae3607795fabf5c619977f3e85e1b2e5

SHA1
66a58967d60532e32218186c6540435d41829e7d

SHA256
aa2ec94a2d0a0d5b26498874903415dd9fa98c5ce87fb95cd6d3536d32c9ceb7

SHA512
f77b616bd5c800f3210c3f0011906c343b9c8b2771bc2069e6519ce3a3f67eed0e2e82db72bdcfc8be1ddc2b8d149eccf2fc45557acc396ab3912d4a227e3a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cf396d06690047fdcd5d04bdb499d1df

SHA1
94a44f03b84920d3338f6532589a2f2610d775d7

SHA256
c634e1912d6d53cc19614e368844585a686c6003faa926873db1d007b72a4d52

SHA512
bc2c7ae40ddab2c2183aab67bf94c39344d6d8bebce93dd03078191a6a6406ce6ebd5f46d6d66e473f76c462b7b67dbba14a822c7261b076c781014a7aefa072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a931aae1c4f031f76496cb6ca708601c

SHA1
8d40c05a0b25bcde8e8d74c1dee071270b5ffe84

SHA256
72c9d3e78f865348431f268f84de6492a4abc49269fbaa7afea9b37fb8596736

SHA512
79099792e40eb48b4f6a9aa61374df4e64f6b478c96ab2dc3299ab90b0e37ae3d378a730449e3e41dc73d25571792d94ffb61e8ba189535221a0d33a240f2dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57f983.TMP

Filesize
392B

MD5
43a51ac3edafb2c1bfac4a2bb4e80ba7

SHA1
52c280265a3cfe02d17ff79adbe2ddad646f829d

SHA256
1f696b989bc70ac96444d149891478d8cd7d496320a7149c75b33d83f549024f

SHA512
e4d8848990b5f54259412261fecb310ccc651def57394301a663ef82fae16cc54f804faa9b2eda415ceec68db83116732f05edd10adf3840d16d516fee875adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.10.1\typosquatting_list.pb

Filesize
626KB

MD5
0104f1d6d013bd1e93f9d9da98366a4d

SHA1
38291eff21f6fb2680eab78418f54beda8e77114

SHA256
0060831feb8e7c25fa67fb62023111ca8c767e4c48ee5ba8d64ff7b9f88dea77

SHA512
35db78d2916a71e73501d7c3d18f3e7d655ca668863b9142ae4e4f99ec2169b2104e41991835ae3557c533d0fbbbe5474847e6027bc41808e18a4dd2cb3682a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
64d618aea43fd409b44bfe90c3e8f2b5

SHA1
be4f0ddc4b331dafe3244bff5a809fdce233a2ea

SHA256
a0e58021939056ca52968a9c4d102b0b0914ee7b8cc644eb352c2dca1e351340

SHA512
9d4b61fe6094faa30da509085a5ae020f09e9a927e5d1e03067669c70caacd5d7f0ef64037bb983132f5176f614445c901d3ab67fcdabffd25fb49b5abe6b2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9DCF.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9DCF.tmp\NsisPlugin.dll

Filesize
280KB

MD5
1d0e98e6817a35237509731e1398b47a

SHA1
2690a72941f1641495a1cf51ebf5399987a74e5c

SHA256
23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298

SHA512
5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9DCF.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9DCF.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9DCF.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
946d7aef2e17516a10af4ec1c8bab83b

SHA1
7c89ce6d43981350ca61dafc89d9c2f0dbda1bb9

SHA256
6667f3c6ac3ded358f8939e58cac83c86e8097591690deb89c47dbd914eef7f1

SHA512
ed0bb3915f7242e550d117801d3beb03a5fdacc70541ebbf37a435dc4016380d5ebea113ae55f934d70c45618f6bed21d11c678bdc9185bafb05bcc25b760733

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
df3c1633e096a801c2fc0544277d40f1

SHA1
897ac73377bb9d12d10b652ac6f91b349f09bad1

SHA256
e36775dfbd2919fb1ca002051045fc5cc1a921067ab5fb164196e67228732a63

SHA512
079951df102936b0cedae536b8547251d105c1e708eefb5130802b99aaf8ecc9993286d655c76c689b8ebdcc3c62955c9ab299c3aa8329391bbf418850153e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
93f6a2064fd3b90dd2f58886538c420c

SHA1
cc65a7f3b678fd4badc004faf3e91d9b99c03728

SHA256
074e7b7083fe9163ea0ebf5ab179f516ec5ce66a81d142a636190ffc26da52a9

SHA512
46d6b35ee081568b132db594e2242f9b21c93b74a4a847f0a73536ada15a676ca72d0476c42a052b92ab37654d4ed2e93d08684a8868ed7c5e2c14bd6d403b0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
97ae2c916c07d5c13a4fbf87c048dcea

SHA1
438258625bb93cd6b8a5bfdbe9c8776c7ec63755

SHA256
2ee841d5d2b0bb3aabbf33cdf4cebe17cd78b7d26dc513131cd9b6bcfeab0c10

SHA512
e559180c674d0029c620292049dcbb76b5a72a292f20ba13a0047c48a9f378ba6087aa33d1f1ca971333ff220dd5fabeec2a7307379dd995a47861f76235e20c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5934f8ce3178284bfe6a12d54fcb75c7

SHA1
ee777b6b53966c77d9c37256d391ea78b3ebf47b

SHA256
9d7fff7fe6117f05dd646c957786869709d97d9ac93f0f923c57d463268e252b

SHA512
acf3483187ecfd643669db30d1e81a51cecf9d36300a1dff03a66823cc0d0fcd4ef487d57a1f46c8fafcc90d9b20c8922a2fa9aa6940efc59219501991656898

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup.exe.crdownload

Filesize
4.4MB

MD5
7399ebe1e1b9c99f3cb4a2521d424384

SHA1
7a560782421feb72b1e84f162cf0abd0809fda28

SHA256
4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f

SHA512
80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d

Download Submit
memory/4828-3072-0x0000000000860000-0x000000000093E000-memory.dmp

Filesize
888KB

Download
memory/4828-3073-0x000000001B560000-0x000000001B6A6000-memory.dmp

Filesize
1.3MB

Download
memory/4828-3085-0x000000001FD00000-0x000000001FD08000-memory.dmp

Filesize
32KB

Download
memory/4828-3086-0x000000001C090000-0x000000001C0C8000-memory.dmp

Filesize
224KB

Download
memory/4828-3087-0x000000001C060000-0x000000001C06E000-memory.dmp

Filesize
56KB

Download
memory/4828-3113-0x0000000020A70000-0x0000000020A82000-memory.dmp

Filesize
72KB

Download
memory/4828-3114-0x0000000022130000-0x000000002216C000-memory.dmp

Filesize
240KB

Download