discordrat | 445e8e980c9ed096e55898149a625d436686b24d870c0ed08ae81b97ed4d5866

Resubmissions

16/04/2025, 23:26

250416-3e3rls1mz3 10

16/04/2025, 20:05

250416-ytzw2syp17 10

Analysis

max time kernel
641s
max time network
642s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2025, 20:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

frie‮gpj.exe
Size

521KB
MD5

fa686ae2f0713ae1b02296047ebcc87d
SHA1

c07002d6a973789c28091495fc36e7ce1f2db93d
SHA256

445e8e980c9ed096e55898149a625d436686b24d870c0ed08ae81b97ed4d5866
SHA512

1ccb1877fe52a399a1dc4c2ac1de8c3f56772b13cd0bec053558fc90334bd291894b49f57120f0f9388431498df91be082ae5ac7bc18db3b5abc367d521f3f51
SSDEEP

12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8XIAVVsaz1J/CS:ZuDXTIGaPhEYzUzA0qpdzHaS

Score

10^/10

discordrat defense_evasion discovery execution persistence privilege_escalation ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MTg0MjQwNDY2Mjk2ODQ0Mg.GbO_ZS.7BypD_7qCEnOjM1Bcz1ic7kfHpyO7HfeBvYCVY
server_id
1361842784121782312

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4440 created 616	4440	Client-built.exe	5

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5372	powershell.exe

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
229	4440	Client-built.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5036	NetSh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation	frie‮gpj.exe

Executes dropped EXE 1 IoCs

pid	Process
4440	Client-built.exe

Loads dropped DLL 1 IoCs

pid	Process
1020	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 24 IoCs

Web Service

T1102

flow	ioc
214	discord.com
42	discord.com
45	discord.com
46	discord.com
163	discord.com
196	discord.com
229	raw.githubusercontent.com
34	discord.com
44	discord.com
232	discord.com
238	discord.com
165	discord.com
182	discord.com
197	discord.com
221	discord.com
226	discord.com
227	discord.com
237	discord.com
30	discord.com
220	discord.com
222	discord.com
228	raw.githubusercontent.com
239	discord.com
207	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp518C.tmp.png"	Client-built.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4440 set thread context of 232	4440	Client-built.exe	150

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_606007242\product_page.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-ec\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Wallet-Checkout\app-setup.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1467863701\manifest.fingerprint	msedge.exe
File opened for modification	C:\Program Files\edge_BITS_1020_1351096314\BIT7FAE.tmp	svchost.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1572577553\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1430785806\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\ar\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-shared-components\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_606007242\shopping.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-shared-components\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-hu.hyb	msedge.exe
File opened for modification	C:\Program Files\edge_BITS_1020_1188617805\BITE04E.tmp	svchost.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-ec\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-tokenized-card\ja\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Notification\notification.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-mobile-hub\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\wallet\wallet-eligibile-aad-users.json	msedge.exe
File opened for modification	C:\Program Files\edge_BITS_1020_1111184481\2132f61f-f790-4ae6-a355-8cf9a1533800	svchost.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-shared-components\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Notification\notification.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\driver-signature.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_606007242\edge_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-shared-components\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_671068375\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1797856241\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1158701653\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-mobile-hub\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\de\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-tokenized-card\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Tokenized-Card\tokenized-card.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1467863701\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\manifest.fingerprint	msedge.exe
File opened for modification	C:\Program Files\edge_BITS_1020_51948576\BITDFD5.tmp	svchost.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Notification\notification_fast.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-ec\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Wallet-Checkout\wallet-drawer.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_671068375\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\Filtering Rules-AA	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893075686464165"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{F8672942-48A3-4AE0-9651-D42EBDA7052F}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{72DE36E9-2F04-4C93-B656-7F084F036D2F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
4440	Client-built.exe
5276	msedge.exe
5276	msedge.exe
5372	powershell.exe
5372	powershell.exe
5372	powershell.exe
4440	Client-built.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
4440	Client-built.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
4440	Client-built.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
4440	Client-built.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
4440	Client-built.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
232	dllhost.exe
4440	Client-built.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5412	msedge.exe
5412	msedge.exe
5412	msedge.exe
5412	msedge.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	4440	Client-built.exe
Token: 33	4236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4236	AUDIODG.EXE
Token: SeDebugPrivilege	5372	powershell.exe
Token: SeDebugPrivilege	4640	whoami.exe
Token: SeDebugPrivilege	4440	Client-built.exe
Token: SeDebugPrivilege	232	dllhost.exe
Token: SeShutdownPrivilege	3436	Explorer.EXE
Token: SeCreatePagefilePrivilege	3436	Explorer.EXE
Token: SeShutdownPrivilege	380	dwm.exe
Token: SeCreatePagefilePrivilege	380	dwm.exe
Token: SeShutdownPrivilege	3436	Explorer.EXE
Token: SeCreatePagefilePrivilege	3436	Explorer.EXE
Token: SeShutdownPrivilege	3436	Explorer.EXE
Token: SeCreatePagefilePrivilege	3436	Explorer.EXE
Token: SeShutdownPrivilege	380	dwm.exe
Token: SeCreatePagefilePrivilege	380	dwm.exe
Token: SeShutdownPrivilege	380	dwm.exe
Token: SeCreatePagefilePrivilege	380	dwm.exe
Token: SeShutdownPrivilege	380	dwm.exe
Token: SeCreatePagefilePrivilege	380	dwm.exe
Token: SeShutdownPrivilege	380	dwm.exe
Token: SeCreatePagefilePrivilege	380	dwm.exe
Token: SeShutdownPrivilege	4440	Client-built.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5412	msedge.exe
5412	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4440	Client-built.exe
4440	Client-built.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 4440	3216	frie‮gpj.exe	88
PID 3216 wrote to memory of 4440	3216	frie‮gpj.exe	88
PID 4440 wrote to memory of 5412	4440	Client-built.exe	93
PID 4440 wrote to memory of 5412	4440	Client-built.exe	93
PID 5412 wrote to memory of 5940	5412	msedge.exe	94
PID 5412 wrote to memory of 5940	5412	msedge.exe	94
PID 5412 wrote to memory of 4464	5412	msedge.exe	95
PID 5412 wrote to memory of 4464	5412	msedge.exe	95
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 3864	5412	msedge.exe	96
PID 5412 wrote to memory of 1944	5412	msedge.exe	97
PID 5412 wrote to memory of 1944	5412	msedge.exe	97
PID 5412 wrote to memory of 1944	5412	msedge.exe	97
PID 5412 wrote to memory of 1944	5412	msedge.exe	97
PID 5412 wrote to memory of 1944	5412	msedge.exe	97

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:616
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:380
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{329b83c2-bcc6-45d3-a2fc-f68c51caf21c}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:232

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:960

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1040

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:1068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1216
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:3084

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1476
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2992

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1656

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1700

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1764

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1772

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1868
- C:\Windows\system32\AUDIODG.EXE
  C:\Windows\system32\AUDIODG.EXE 0x4b4 0x394
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1968

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:1496

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:1808

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2128

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2432

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2612

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2684

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2708

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:2980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:3040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:3172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3340

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3436
- C:\Users\Admin\AppData\Local\Temp\frie‮gpj.exe
  "C:\Users\Admin\AppData\Local\Temp\frie‮gpj.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Downloads MZ/PE file
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:5412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffd8682f208,0x7ffd8682f214,0x7ffd8682f220
        5⤵
        
        PID:5940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
        5⤵
        
        PID:3864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:8
        5⤵
        
        PID:1944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
        5⤵
        
        PID:384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
        5⤵
        
        PID:4984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4920,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
        5⤵
        
        PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3596,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
        5⤵
        
        PID:556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5152,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:8
        5⤵
        
        PID:5332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,1491701434042341798,16733525799060512201,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:5156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Loads dropped DLL
        Drops file in Program Files directory
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1020
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffd8682f208,0x7ffd8682f214,0x7ffd8682f220
        6⤵
        
        PID:5736
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:3
        6⤵
        
        PID:4812
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
        6⤵
        
        PID:4884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8
        6⤵
        
        PID:4720
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:8
        6⤵
        
        PID:3480
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:8
        6⤵
        
        PID:1716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
        6⤵
        
        PID:404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8
        6⤵
        
        PID:2268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4300,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:8
        6⤵
        
        PID:3352
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4696,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:8
        6⤵
        
        PID:2444
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4576,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3132 /prefetch:8
        6⤵
        
        PID:768
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4976,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
        6⤵
        
        PID:4480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5104,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5276
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4688,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
        6⤵
        
        PID:2516
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
        6⤵
        
        PID:3660
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3364,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
        6⤵
        
        PID:5336
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3924,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
        6⤵
        
        PID:4368
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4036,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
        6⤵
        
        PID:3964
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3176,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:8
        6⤵
        
        PID:1812
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4764,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8
        6⤵
        
        PID:1624
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5072,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8
        6⤵
        
        PID:5352
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3120,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3108 /prefetch:8
        6⤵
        
        PID:1912
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3200,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
        6⤵
        
        PID:4584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=748,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
        6⤵
        
        PID:4300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3108,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3208 /prefetch:8
        6⤵
        
        PID:2000
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3104,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=3124 /prefetch:8
        6⤵
        
        PID:840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4348,i,4198602657913771833,5507678512944418053,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8
        6⤵
        
        PID:2540
  - - C:\Windows\SYSTEM32\NetSh.exe
      "NetSh.exe" Advfirewall set allprofiles state off
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:5036
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -Command Add-MpPreference -ExclusionPath "C:\"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5372
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C whoami
      4⤵
      PID:844
    - - C:\Windows\system32\whoami.exe
        
        whoami
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
    3⤵
    PID:3412
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /7
  2⤵
  PID:3520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3548

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3728

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4100

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:5044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:5060

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:5800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Modifies data under HKEY_USERS
PID:2332

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:2988

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:796

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4044

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:3992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3408

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Drops file in Program Files directory
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:4140

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
1⤵
PID:4608

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:2280

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
1⤵
PID:2636

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1158701653\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1158701653\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1430785806\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1467863701\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1572577553\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1797856241\manifest.json

Filesize
118B

MD5
b8435fa56036ff5ac2b3b95cca535196

SHA1
2d7ada6f7fea8142daac15c8098df9bbc08663ff

SHA256
1c262e30d188bec0a1698f0e4f37f19772e468a06ef9442a088db5b442b36185

SHA512
b5285d826ca081eb7265afe1ee37f9d82bac47b097682180347373f2330db854fa431515fded5f3bdf8f7dbdc7238ef3f0b578eb24d1ac5c66f4bedccef33d23

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_1986789421\manifest.json

Filesize
122B

MD5
0d77c27baa669b0714c49b73e68447ea

SHA1
65103c9707e083c5503ad9979560ba1bb7634ae4

SHA256
c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516

SHA512
1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_2053648145\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_321933722\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_606007242\manifest.json

Filesize
145B

MD5
6d9ce9f996b9f9fe10bf9546dd82f952

SHA1
0bcf62c147fab9f8eeaf575902c2b6e77053b88d

SHA256
c94951578b17215081e5ca755033993f5d50fc812b8d5e8cd4bf6a6c68b36a55

SHA512
ae6ba65587b6b8b087c57a2f0fcbb529764891eb9e4d3b419194501020256872878af14484a1909cf2293a3fa80c0e74db13dbb3a6b5289c62df3f69a4c7e3b3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_671068375\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_79923180\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_831965556\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1020_980599363\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
576f64b8f21f4203eed3f6c7b065f527

SHA1
e0c4e8f914319e112a4b3562d2d6f4107750aba8

SHA256
c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

SHA512
af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
d619414875099222d9afe51a35c0515a

SHA1
e420debc85d24a1b967504f370df305a692ba0fc

SHA256
d2acce89f0a947a0fbff96bedf475e0dc79a3151eb4d71b88031d3b2a2405d07

SHA512
5319c6160496e1f807080abb9e0cb2c524f5681bb0f3165843a23e913fb12df53e853f1aac82c2bfebd10b3a4c8d4c76d695d1ab5e3bf12f79dad66e9fc81b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
711102d0610b83876e9ce59d456b0c78

SHA1
e2c99e076410625f8804dc60ccc5857f7c33d373

SHA256
b3c5684be9096ce484e0006db9565c8be4db48c5ae563ea7f2f7de144525e70a

SHA512
b8166d49db00deb8c70b965b8ce458322f5e4f6a3d29f6c95aab06134f35d418b6da6f5197b251bb270be79511198ec87028c7f84a7d9b91964a50627120338b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a73863912c55954974d38031f177b686

SHA1
0c308e6c865f783343e80bc069488ad053fe6ff9

SHA256
733eb5976742c6f3be80d5b123519de12d0119bfc702a3005181a0a7ee665072

SHA512
ae1d357a797a4b727222f36cc521c16d97dfc24965e5d5d9e780bdb15e5646b99eb6aafb1cf6e09c9003598f90c79f821b0a210feb3ef96e07a3eff4cfd911e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
68ba8cbcb7df26099f323aa9b8a3d9a4

SHA1
35abb48b153e290c894a7e4c654902ce6341bf75

SHA256
eeb88241e87844323da9ef3ed047e4a5ac4e20e30b36872f4839deca55887001

SHA512
97a77af14695e516e7cad6edb6b2f2ebc178d004e628107c2918c875cabd59528b025f82914310186e3bb77620758d7de6f596a39e5eb6adb9b8ca418af6a21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
8439ede5c01579527271df5c2c347a4f

SHA1
a01078a4b1b4e3db17114a92c542da7826d5a6ff

SHA256
a9d8f3d96c693284092df57e9483d8716924274eb33f736b262a3ae87c9562a0

SHA512
fe46263c9d9da5d0e6106888df710b3c567dc0d2ceac24a91e03726a1aa39b8d216a75a61dff2da7839827838fc2911fd8a937f8d930e52766fd3e0b31a6ab65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
246KB

MD5
f9b96efa65f5184c5d4b45c8ab0509dd

SHA1
b82b276f33768cda0a0367ae86d50b672f7c0b37

SHA256
c898288a00c09f87dae802d14bf19bf3aa40f50a7f88a382fbfffbdca298ce79

SHA512
976814a4c3ba067d7ecc0e1d82fefd12c1bcab0876d11a17027b0ad8a025b27f3f69ea9b09c6be89320234bcd56a5053fc5b0739ff3fd4fb58ee540f2c6f7bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
1.6MB

MD5
7001d690f5a13fc6bc72e3d11b9e22f3

SHA1
7a342603dfb12adac9aa9129a7ae74390c837d23

SHA256
d04e5b633b1bad15263a3bf27fe5c66ed86fb44fed5f1b19c36e56b74ef73e4c

SHA512
a59a9f42cc75cd440ecfc19574a16447acc02ba08f68339e6a03e482a3483b03e57a1bcea6c010a0bb765aac71fe33eb0bf31bc37bb8741420e73fca63ed7847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
21KB

MD5
4ed7064123928ecee45ead8c8d1e8761

SHA1
bff99b298efbdabc1ca67940ae48162fd1bff155

SHA256
bfe0d976aeef7dbe42f3030ce8c4ce97c649ed4f1868b3fe467503f477f778e1

SHA512
c7beed7d0c1b9d2f65b59109d13d0182aa256a30b4e7e88d685a10f9b8cffc738cbaf4bad07d30d7981e096002ec46ab7a77c4a2747f20515cc7fcaa12405ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
31KB

MD5
2d0cbcd956062756b83ea9217d94f686

SHA1
aedc241a33897a78f90830ee9293a7c0fd274e0e

SHA256
4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2

SHA512
92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
52KB

MD5
9eae696ee077e7b7d3c859687a3e86f3

SHA1
6e523115d53b887e2e7385569b02e35137933f20

SHA256
1ac2b1aff8d1b24a0e87a70f840cad4ae70882b0753f62ef25787164ac8a77a7

SHA512
7c0a6a6f9bfd8f89197982b643b143bdfdd93ec056c6bf3bdb84d5bbac2c3bb927a24090ec2b8d5a67842b1c50a52d079effe89b5cbd9d8acb623815a2b673d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
647KB

MD5
0d347d1c264a0ca5c99d91b5b32c2c9e

SHA1
68aa5d37060df74bf6fe068a5373390e562c66f8

SHA256
8eba5122ce8416fe72ff1b2068c95fe52b6daed4dbb059e7e02e8905cd8926e2

SHA512
9f6a4116b4bed97fc5dcf18da5ce107e61757a5a95a276727d4a930757fcbb8ed17d9ab1e9ad0a4dd1db24257425711301d2e1b9cbd00bb3e7f3411902a25235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
34KB

MD5
a57f56e5135e99d65bea05086cf79345

SHA1
556c4f025bce66f525ba0d22601691232ed1b0d4

SHA256
47e49ee6f24f6959a467766c59c9318e9a710d6e6578a24cb433534eda1bb345

SHA512
382258fe948c6deba0e478166bb3ca9263eba2bb8350740ef4349c1999337019c357d6a148a7560043f9ecbb850e9658a2aa21c513a1f327719054cd499d63e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
34KB

MD5
c580d9056e1aca5c29a909c9cc59b263

SHA1
3a77b4fa7f3ed9f763aafed3d1f0c0c55374c8d4

SHA256
31f2dc93dbe03273a579cc28245af3408723dff0f12294f59b63b0ffb4722ca2

SHA512
06c3986810189243e3d6f73044dc1621e55b8fcfd86895f6388d49d966afe9f33b66a03f8c04617337e30261de264458e9af28975fa457ecca520cf33abe354c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f9795d7d423ab06ed748c60d24471f39

SHA1
e1a5fd21961d448bfd6db991e4a8ce0f2369b678

SHA256
5f004f33bdbb045e638e3daae24549b9a19c5a7c20e72a6251e4b416262d9d97

SHA512
9cef5c9d9406ff7eb71727850118bc7bddc65e55cfd9b00171c2d23c696a51f4123392fbfa196d64f961794182717419b4d224bfbe39463abdd8e5fa2d0366ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e2ce.TMP

Filesize
3KB

MD5
f202f72de772adb5f916b74156541ae5

SHA1
c6ad60399b88a01d4045ab3d7b20325e6043348b

SHA256
ba8c3b27829a1f6d7ca09fbdbee1ae2fb8a366712dd24754a3e638d01a3a4177

SHA512
7296efa9ff8083950c5e37d517ad1f365a02188a1ae2fcbb7d141e78bd55017e661a9270348e8a3d640bf1bc6f215937fcc4b99d912477a56eb2fb95e5d3c135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
970f0336ee7c905d69674ba748dbbc57

SHA1
0045c88900b387c55630ba7f71b0c984ebaf9e54

SHA256
6f8b817bf1261e8de1007bc013a65b70e5f0651fcdcb3cd3eec710c5379e25bc

SHA512
8d7265004572cd776f4cdf00bef6d89101b9016cbdf1520766ad8589491440619b14ab1073d6ef851f30ee226041bd145d9271341ff02a56ba6d63c5eee20e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
30d97d8a6a0836e723ccb690c90b13b8

SHA1
683acdd1d2b81f3cb1cbda71f9855ee49ebc50a3

SHA256
8ef0c1f2886883abb3fdd763c428f82c9439c16d0024bb2d997d9ca19380ae3c

SHA512
7cdfb027f197e0172cf8ee3276882b97adf3b25988b8e682a374a58949dd4827284460714a07ddafec22ebd89595804614fee05ffbaa305aadf1d5f0dfee9608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
7964044e98a8bc8db0d41a3b7061f316

SHA1
e75fa70b0201d40b33b675832a070e125236008a

SHA256
e6be928f45290d547b49f720d33b87547eba3f8ba60e8129043e78d3a5c19606

SHA512
841a730c40f701d955f89bfa20656a770565f551aff56efa8b8b8a081defd8d9f4c5df0c8cbccf6d54b05e5fc3253d86aff5bab41e4deaf93f74c9740f2ac9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
135KB

MD5
00045c1e20b38067c2b87e0005175954

SHA1
760d61a7059bd9174370a5f1fefe96ed1a67ba3c

SHA256
e87f09c9db63529b32100a2d51105fe7e05f20a335d363d7e9310f7564e33557

SHA512
9f3bf04a38cb9596d7b9c401b1f9700406da0847b2edf7a33d8eb20f5c0458a67bb75765e49263b59eac2dc16b8b7b28612fefad81cf7704402a20706a5a8e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
353B

MD5
bc8e3f568cadc74f242c4f6133f6552a

SHA1
21f9a8f6b2fe2e173894956c48de2a5f38bdfe6b

SHA256
91acc5ddb0cff2a38aebc3c4a82bc61fb9c2072f4d6cb17ff76a292a325c7dd6

SHA512
f93805cb4d162e74589a33c94a9b9f06c78086fc2d03a5529e22be2c15ad8626fbaa5a20950b50feec68035c7f6be71cdf518b8062e21afaf8a35095042d885e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
828B

MD5
ed8d8c844a8d114a4604b7346dc66748

SHA1
1ff54f11e62711d9b03ca78a1c8fce936c9e465e

SHA256
8867a9f2750cbe415947c89ba32bf8faa7dd1f6664a956c504e1e77cdfbe8a52

SHA512
619505dcaa33b7643aa66648199c1209f93b66f2814f46472f2b9247b16173cd925e3d0821eafbef2dc8fac37073063729e81d9ed5e7ea5485a363c1ef7c0ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
88e87f75837d4d672fd7a967bc0ff0b4

SHA1
0362e6aa9058166d0eeb34713fe5fd1d678b49ae

SHA256
931caa24e2dafd20018b37ae3d14af8041c0f6585189bb472e4128f5ec6e7ff5

SHA512
f8d21eedad9664036c1cc42d8fbca6d3f544671242777e986433bd756e942ec6b35c7815a9406cd0fc443b1eb2b8f8288d701b10c5aafeca85ba1654e2088fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
57349c4ff435f103d2db2c9222c11717

SHA1
048dfc593e8e71ccb0cdb207dc20d4bc48531215

SHA256
43bc7b400aec980cc5c4351107a138a46f2c8639af8202ec5bf8772f9fac77ba

SHA512
381208881588e69226ea31097acfaae42bf1ecd70211b96ec6032b57593360a4d5c2284845b360bcf23d88a429c276313aaf9068e2588bcaa270c1bf5105805a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4f2a846d603bd95744ea01b31c9e71f7

SHA1
e5b319831f5a3005963d1ed02b3f72aa1fa02245

SHA256
592c8d1a809feebb3c8eb593b6597281c278fa0340d74a1e83748796846b3650

SHA512
e790f445f095397c90f06f9483975a6b90b738a40bccda2d16da85f4a86ffd1acc0e3facc1e7ebf53433b30c172dab718828e6867cfc54dd5fa4cd2a7d064ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ea033d1852b6a46626f8990290eea33b

SHA1
fe33aa23d88c3c6217b5fb01b9691512a5d88980

SHA256
0cc363c6ba835b07673c12d0dda9ed417dd3a15bc0a26c9de7fc3d6eec25ef5a

SHA512
ca5dae111c62a70ef1d9e7f73ac233435d549d5e9ef50f91ed977c113b62862ef84e278af0b5e50ccc9deb3caa279d44e5a001fc38903766011aab5912b06060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
958db7bf6e6fc551c875c2fa003096b7

SHA1
01cdd7a42f1ec96dadbf22cd382c773bcc76a922

SHA256
8c2f0fadd6b637a076f29d52b2fbb53efe0b27fa6c85b194d6f597f6e8306ada

SHA512
90800d21faa85d5b595075b71f56a40f1231bc392c007038e3304cfc8df1a9d59c7430594ff16ebd126fa81d196e6ed190a2b10f8e8d7de6a66207e0f0463164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
fbb3ef8a6cabf242127413ba6d271f11

SHA1
ac6bb3c0e514c0fc736a585f1e97df742bffa9f0

SHA256
ce7394412a85d9de84c1a18d51a0b6e1f8c8d2dbfe92f8770c209fda3dd9da4b

SHA512
97fedddf169ff5c67fc9990f082c8f89c95b7de54c64876d6818211953e7d146bef911f9dc3e131ef29ca36dc744b07f86aeffacdfb4dbc19d21c1444f73bbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7246f1189d11db73a2ffb9557340bc24

SHA1
38800cbf041b5d96ae0b268247a4af21e8222c8a

SHA256
230c07f924db3268ad102f9a12a3560f82811539a69eb975914196419ac08ac5

SHA512
2d0d28926509c3c839df01f31ed6fdc0a1d286b2b3952152641ef437530864f1fa752ef7ed9f6973ec192f9efc1b2215f30f041e2b4fa8d0af9622214ffaef0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
9cea39de93d3dfb693c86734b3453cfe

SHA1
de6ed995e3f5a0ca6bafb0b16f6beb8c8e8e8555

SHA256
51fb308ee39307021e113f891958dcf6657769a862d37bba031cc53d17d8dc86

SHA512
946a06a89b4133a6506d175aa207e06ef92a171ea7c067e5c3cc2de9fa63565f474008c694216b92b75fe50cd184a65503ea1130e426304c4dc901408e48ec50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\20047136-d9be-4108-a1f5-d9fee7783c0f\index-dir\the-real-index

Filesize
2KB

MD5
fe7aba456d8916a77815a3669caa7803

SHA1
9f1b4a231dbdc620a5a79b2f1b233a0eb8b29a63

SHA256
b90aed78e7d18c11d2133a7012a45d48fa7c01207564d5bfa67f2e63f2ed2df6

SHA512
f1556e68b4826546176386f9731b43dddbb30f36ee8050cdc8edec322b75e05a2e0d9ec32bfae347bd4b3394124240566b5b690c80d956910975c2cb69a74db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\20047136-d9be-4108-a1f5-d9fee7783c0f\index-dir\the-real-index~RFe57e2ce.TMP

Filesize
48B

MD5
ad987ce0a75a976430b7f656e7ca1eec

SHA1
fbd5ae5d8a4031f3ace47dd104151cbe29bf4495

SHA256
e2025b32cf78c01a9e6c8fabaa6fdbbb0bee54667a7983d1da1892d0dffff612

SHA512
ab496c1bfd8fc1a152a07d81a2c2804e07e636c777bc9e44b3914527d90c6f86416514c90347215244e60cf41a55ffdacc11bda143f4dec850691caa8c1531f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
2ebd07ade0115a4ba58250e5a87719cc

SHA1
f815eb2612007636c1c664e448dabb686c5a00d3

SHA256
f3d40fa06ad53f909523d28d40a28d3f384e5c7a5400f3482b10ca4fb6f827b7

SHA512
34ae82e54e931809f032820bb128f9153a03a6554cbd1abbaddc7a2f0cc6cf17a71e394ea736ae774c6b0c98d69277e549ca1b7c1f4b0b08e52e80c739c588dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
5d6006150b870d045e446b3ac4795e29

SHA1
fa3e1fb05e5a1b1a04b77b6894f1ec2bad729ac9

SHA256
673f2b8211f06e0e4766c0bbb2ec963c0aa7c3fa4e3690ae3691690ea5121ee5

SHA512
2403540fb50804f93adcf22f61bff732c780d95a8241111fa021aa50a3cb89274186b21ebcc2efc907c33e6cce3634be5d21926412943264108b9cb2eb4b0002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
5ed09cdb714b306111a83ca392e13b13

SHA1
ba8477e633d5a0884610d6e8263a76378a5ca9ba

SHA256
89a0119872e8dc4d2da25238acb77ca49a83e9f1213850981deef01e05143c22

SHA512
1a96c1e987148cedb4288978048838fa82377e0f7c92b2f715d1c1f0d81e773dbca6854c7a49fe4b23522edd13761487405aa8d9db3fda2d5c53e1cd7ff28798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57cb6e.TMP

Filesize
119B

MD5
a1c7902885cf54c47e68c6fb8a02730d

SHA1
3bb78156129c47adb860293d8d0fa15bf190238e

SHA256
29da10e0ecf659ec8083cdf896a959ca5c4ad57828652521a771081f32b34904

SHA512
cfc7b605183e35b4cd7de860430d72e1a828daec7fa0d7c7f8362aa5ca4214dd87473704569d91bd0f1e5c5d143e094feb3f730b76b4e620d38b949abe7c631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
1KB

MD5
08691034cb8957ef37bb8c086c3e8b22

SHA1
fb961388028d7102fb1ea305527c8ab2a3cd70ec

SHA256
21842f3049a26f171492a985fad0bd5566953171ba9a13e88624cafbd941c093

SHA512
ef66652116a65eebf466c39223ddbb573ae2debbfe99306438e99a71628c3a98e159ed011dc6b456bbef6325eba803d0ababa17f28a0e20c99ea134f4150cd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
47e9542ff56a95a6c3c130e46e773634

SHA1
b6d70f52bbc7ea03248da3aa7eb94f8d87f968a2

SHA256
43c0755211d5900c902e80469d88db912267d89e6faae4bed2a4385adec12705

SHA512
72c42c4b7e2f1d328ecf644b458d3cc66be8b69a9f0f40e78def0f83d8f60e4e6a1822830baf2ed00679811ac8a1572f0db505af5e42d0e578cd0f8704b771cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ac221826bbe95e9332ca29acd43bfdc3

SHA1
e5a20c642370fb899da9af61a269ee0906c9c1c2

SHA256
712a4788bfa859857cd2840e34288ab5cc6e9e519379bc9a0c95c45eb8db24a3

SHA512
5bd511fb4ce9c36fdc405439ef4e061d165866349fc63e700917d73d33918df150dfbec961ebb7ba4492ecab920e1cb9b12345aede7457a4d7e2217ac1daca7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e2bf.TMP

Filesize
48B

MD5
6a7aaadc1313f4c7aeeae7ff98ca7f39

SHA1
a659665921c01be66d9890e1e39c63dd962f6495

SHA256
d9b5204c51cd4235905add7dbba2184391e63d0165cd6593279fc8e20533946e

SHA512
323e0e2e7a5debf337aa35da7e3a715b24bdfb905c261338ecc72a9cf478d0ba6d80b2a5cd836322211cc8dce21e370ccd04c5daa0dd2590dfef5477c54d12eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
a67b599df80deeedd1e2997df9a4da64

SHA1
93b5b6a2e775316cfb964be216b13780709d3e1f

SHA256
7bd674158d1d9032c20901f53fc8b9ac5debf7024e070d8499f2569f82c6d47c

SHA512
1a07c720c1c0c8ad0bc9d2946f4bb3b18449ff6b23247f3d25765a4e5a0e02fb805ab3ee0d113e659678f50257950aa3669e1f21511a57aca62cfb53330d0f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e9beaa0c0aa4bee1167bd4c8fe383470

SHA1
0bd04f56e8054c21be77f658d2accf7064476826

SHA256
95b21abea851d23a2e0827c32fa9e36680ab353bb2505a630006b4f16cd14f78

SHA512
a4d6cd35239f528b16f535dd628bf482b2656d5cb47dfc34d3adb1053cca2a7f1591d0ea558e533c39c7ad085ec19d9cccf98c986b45bc2685eb0e7b1e6538a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
5fcc8e1d80a9977ab16bcbf5fa45b22b

SHA1
da89cff30dfbe0369ee608368015f609932081ba

SHA256
7cdb35870e9f679dfc6105fff2c7845aebf0ce63304ac57940841463a3f86e5b

SHA512
6c42d9eef41d1a4f31a9d4869544e54286c8eea398b8f26b9a2319138d74e98125cacc07870b7269fec53c8851af2b2537622ed368fc7f00eeaad132d73eb7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d300f7c0bdff329910dd252415e96834

SHA1
9e05adc03a641f665eca45b55b16497e4328e5f5

SHA256
f8bae38e8415b2849e7860a47b8ea02ee9c68cf29c98083231b4855980f4bb9c

SHA512
0c3a709cfae4e2a234bd21b6bb3f4c9e6469d60602927b5c9934732d0dff010f4eaa9f7c7fa87211fcc46df07953cc673283c498fce6da9ebd34eed5fd2d1327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
13KB

MD5
cf9a0cd1d5f9c8cdeb87ef3f7d30d15c

SHA1
c543e62aab24c205db6014414161c13375e9a71c

SHA256
b24f36278e4c85a8fcd66021d48c69d6b07be605673e02f0fe185bf3319f47f4

SHA512
39ad5c5753e5398906b94ab039d2eae7fe420fe35a53f190bda84d4f9262f3b14841cdf4ec76cdbff6a4578a26ab1e6c4b11ba326ec8cc38a2e2904a6f2c0d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
684120b3e76d1e3263bf50e7c14a9413

SHA1
64b81744f3dece9d4027ff198780abaff2c2483c

SHA256
4a74b77730311f4be22467d5950f63a90ce9fd2a2cec141c6d94747c951a1d06

SHA512
6f754be674c4a95098fb9a9746e4e5c46f04af2238160bc06038b09cc859cee1ddc41231ffee61388113138a4a133a7f5e5f63ac48016144d0acf3bd08d3e661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
53a81614cc4c066cdfc13586a2bee74a

SHA1
4410bc7aac87de209c8490cd42c5752393d5d5e9

SHA256
716691657982e9df2552a56fe588cfad7314eea7d849dbda6379afe38adb7f7c

SHA512
c06097cc623d4c681c131cbe880dc991f6fb07471786d7d33747a2163a56cdd5d139307bc7c440339092811d9ddeacce66a80db01d556e760aed773382b807c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b0b403eb302768b1995b975d936adb19

SHA1
d15045352c3facb52ed7fcf3c523630acfc7a0d1

SHA256
9d926ec4a45ec987e37bdc9ca1d8d368c1e56241b06c53b79d872d54259823d8

SHA512
87c5adfe8ca9feb21cfa4ac6203cfbb923ae521ace2258f18df3e50866a91b3d5ab742c9d64831ff75295cc171a3488836b2d4397546051d2a37f91fe57c9fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
6fdc1ee222cd62126d509e83329c35c3

SHA1
5d4f5935f63a7996aea8a565de581fc712a37832

SHA256
071d9216d7588d202d7929c319e5c490e926f23022376e851321ed51d489bd32

SHA512
0183d44db90fad39b1b9996b69be5477c4b823bc339f915e2e14308d4d35c476b96922ed3ba41af147d71c911a0fb0ef2e32234750e47f30d38e5b93165e81a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
050c77d8063153e44765b10a90429df0

SHA1
e39abc6969c41bfba006820628e315df1ecd96ba

SHA256
bb535a37fa1d86c03dc11ff810b93e7b13c0b1a6f9ee99fa0a78a00b2c49c123

SHA512
7f987e99b4076daa5124c145ffa3b72a833ac57ff0e809cdc2774d6b15297ed7038c3e379df81f826b24e315390d1f338a988fd01b4236edbb88a2c1dc82ae17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
7caebf7524a3c92992b6f47a5ae404a1

SHA1
860936431aa6e67a49d0cf423047604e9269c0e7

SHA256
384d9a7baf100501ed2e44cbaf1f4208ad956e752dc337739dbc6767b2521802

SHA512
4856ddf436feaea037b8285fc971676211e7e552073a3648bcdfa958c8fd44aff2f16ec005b8c494585a3081db4244102d36860b97c3f83e515e6b91e4459789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.38.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
7e5fa4ed6aa17f661f32f60b1528b8cb

SHA1
fb8fde8a15183eabc587e9e141499564c36e73bc

SHA256
5699c475bac8a24c856db71228628d0cfe1a6ba6b1c6be6a14e73d6aa835cd28

SHA512
18968db3a1cd8704ec7e9e619dd025c457085e81c27ffd3ab4af707a2daf8e870790175d93a0e6992181187a62bfa19b818c262bb0a1514ac15b3598a7e91551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

Filesize
81KB

MD5
05f65948a88bd669597fc3b4e225ecae

SHA1
5397b14065e49ff908c66c51fc09f53fff7caed7

SHA256
0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0

SHA512
ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
0f7a4537a4df36cab7ee971cd2035a9b

SHA1
76dcc03661a3c8b94a2f5c16a0937442b31f834d

SHA256
c319cae46969cddda778ec087010038187cc124a580b51072a9d7c065df33c5e

SHA512
f216adb67a48b0f54f02f1398a6effca5a6517e69e9c7a3f97f373b6bb3926829533ba13f65389210e9a4a35325a86a1fee3270733dad50bec4aed73c1dea754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
25d71d53819f31fdec346dcc4fcfa95d

SHA1
f4817890600eb2db291a8f2ea4999b7c81319bce

SHA256
cfe3772d0004924cf854b292f7c31d5c89aaf0400a2740cfb89f054396fe5bcf

SHA512
485228fe4fd6bab73b3a49f8f3cf5abc4310f4b4fe32ddf81a2817c242eb307f0fe516b2f33fe0eb504f68f9eeab2aab1fd5c6d709e6b0311e590b29f687f2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
9dbbff4148d2000430ae01cdb34d5575

SHA1
c2368641afe0945ac9847c423b20c1276f78e96d

SHA256
552fc371fd71b3f6e45e70254369753fe8f1942539947f4d7cae6fd374ab69da

SHA512
a1859c195eee276544b3046e4e4c9fd74f2d8f6dd2854ef935981f1c8403b80644325914f4ca88c01810a958318d4b95b6ecbf0881b118458978573b82d3d78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_000001

Filesize
16KB

MD5
7be1fc8b911462b5fe38a30407e140f8

SHA1
4f530a02b4326732500256ed9d92669c92ad091b

SHA256
2b0b0f156f848407c9035f4e723d1ad8019f65ae5c2acf1da1e3391d57f4cffa

SHA512
6807b97459a2c530577a536dc34716118e64b57292c954337fbd19fe32aa28761465a9a908fd7dead028fcf9f253a422671000f01186ee2c16f43e9f366f0950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
30f3b8199038e69184ea3b3ffee92a7c

SHA1
56c35443a1c62b1cc9c88e5bfe7d0284f7112cd7

SHA256
3717f51246e392f85bc5cc9f14801e9c18b1055a62655cef36e1dbb6d4cdc695

SHA512
45ca47abf81c7a4be130fbe2d1b2e52a9836ba666a895c3df82e0962ebe4b9d4f0393f604cf95b134f058989ad04c52c40ebcadd05b2459099d7a7a719f50477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
daa97a2c2c88505dafe3072c2783c1ab

SHA1
35a499397ebda7b5f39c64b1e78d9d7b764e089c

SHA256
b0eb623f4d0cf26faca202432c19c830b8e13a3c1401c62167cb2a2a4234dbb0

SHA512
21b28421830a033aed7e31f6f64fd815496e4fbdb2410e83862c8fbe8ac2afb972cc6829d5bd1e8bcb60699c8512797fd60ab77189e35a436b5f6a46b9a850e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
efa97bf1ef8379151e49121994795c69

SHA1
d707168cd89be3f12f8035a337de1bcf0cb9dc8d

SHA256
1cf432605d87c45931777205d6c58b08504e71dad15cefe75f8334ea20948020

SHA512
47da3c6225a8dd339d1d7513d2f0e8f7781bb857efe0ef1f8026fcf96ef4a0685aef77498edd4865991afb3aa9c723294533f2901e3e0bec060b6f0118b87e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
88429f456b07854bb08f19e9240bcbec

SHA1
224b322d97c061c40b05c77d21629850f731a26f

SHA256
cc3e2aff29c6cbdd23838aea653b00ea20f7ee7cb07951cfdfe084aa44b5729c

SHA512
25511ad2a58a4e9e05a6f49ec4e75bdd018dd810244f58c2380b69754170d23a06d9520fd830e9527fbac9854e16d14b5716003e34eafe2fad8060d63bee16c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
0e3b305531982a162d54ef2b6978ce70

SHA1
b60511ee3f29d7956ee67621cdc7bd9f1a7519e3

SHA256
89f6388075572bd2444fb5009d8fc4f7c35c05a31d083597567cf298fd37076a

SHA512
b7d6ade68de0f27d92edf325f7138e64b4fe5b2f6bf797edaddeaa3f444cc5c9fea611e8b3d77e4acb44324a57bfca0ca7a7dc09e93b85974511c46edaf4a9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
917339d8e319c195b1cabd8d9aff26f7

SHA1
e519f8232f40519cd041e241b8b97bafe8cc69c1

SHA256
63dbe3da8d20a46eeeff3788652ba2af37083f7f03d357959c5e215d5b437472

SHA512
a1aacfc11e08ec137e5e54f2063cd9ccb040c925dce5ad0c57b80a5c908935dac86e7048eb91e6f079d69fbc498f87e83594106b4ddc9208af70a24c4d205b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
38bf04a9fa737c25779be3ea94155e6e

SHA1
ffbf0679bb228a56c8b4c0eb59b65937f00e5cd2

SHA256
206f9213bcaf5347a02774f3ce1f279baf46ebc7c4bf3f4b2b9a199094caefa4

SHA512
479f25cdfbdff557eabcf00d26828ca9769f723a4f19917736d7793a9c22a571024b34a1fa4dcb3c81d3d9b523e9dbae9de44b3228070112eee709079962ef4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.16.1\typosquatting_list.pb

Filesize
623KB

MD5
efe2d1b6a7a71b28f1af830983f6174d

SHA1
10c212bd4c687b896415d56043a74af12be6d2f9

SHA256
550bc3df5154df6f52d541448794a642eed5ee44c1ab90c27feb35014157e1bb

SHA512
739999121a9bf35c00060fce196b1f772d892b6e5ce1d869f5cd543225519b42deb584138a0f432dabe20e241216e433dcbf265c5193b272968629d6f300b774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client-built.exe

Filesize
78KB

MD5
f218c42ef38080b9cdeeefc930a9323e

SHA1
007cdb5163614a1de3fe6af210191e6ec53ae6e5

SHA256
7d76d3c6e37efdd8910316fccfbe5bff4cc745a192b71ed3e8aeda9517744a21

SHA512
fcd22e044fe66ac7881b0319ba01fb00f8cae89c5d933adbfe80ea2cd685c42ac79c06969626b2f1e0e1635291b7959c5744744f95f559d2c71f1e1df7d606cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2bze0g5k.5o4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/232-956-0x00007FFDAA2D0000-0x00007FFDAA38E000-memory.dmp

Filesize
760KB

Download
memory/232-953-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/232-955-0x00007FFDAA630000-0x00007FFDAA825000-memory.dmp

Filesize
2.0MB

Download
memory/232-954-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/232-957-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/380-969-0x000002E32E730000-0x000002E32E75A000-memory.dmp

Filesize
168KB

Download
memory/380-970-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/616-962-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/616-959-0x000001A871DD0000-0x000001A871DF3000-memory.dmp

Filesize
140KB

Download
memory/616-961-0x000001A872200000-0x000001A87222A000-memory.dmp

Filesize
168KB

Download
memory/676-965-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/676-963-0x000001DFE0800000-0x000001DFE082A000-memory.dmp

Filesize
168KB

Download
memory/960-973-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/960-972-0x000001A9F17D0000-0x000001A9F17FA000-memory.dmp

Filesize
168KB

Download
memory/1040-976-0x000001A683970000-0x000001A68399A000-memory.dmp

Filesize
168KB

Download
memory/1040-977-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1068-983-0x00000121D5730000-0x00000121D575A000-memory.dmp

Filesize
168KB

Download
memory/1068-984-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1076-986-0x000001B7DECC0000-0x000001B7DECEA000-memory.dmp

Filesize
168KB

Download
memory/1076-987-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1216-990-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1216-989-0x000001EC72AB0000-0x000001EC72ADA000-memory.dmp

Filesize
168KB

Download
memory/1292-995-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1292-994-0x00000202AD590000-0x00000202AD5BA000-memory.dmp

Filesize
168KB

Download
memory/1332-998-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1332-997-0x000001BD841D0000-0x000001BD841FA000-memory.dmp

Filesize
168KB

Download
memory/1348-1009-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1348-1008-0x000001A5D0960000-0x000001A5D098A000-memory.dmp

Filesize
168KB

Download
memory/1456-1012-0x00007FFD6A6B0000-0x00007FFD6A6C0000-memory.dmp

Filesize
64KB

Download
memory/1456-1011-0x000001FCD3890000-0x000001FCD38BA000-memory.dmp

Filesize
168KB

Download
memory/1476-1014-0x000001C754EF0000-0x000001C754F1A000-memory.dmp

Filesize
168KB

Download
memory/4440-643-0x0000014000000000-0x00000140000AA000-memory.dmp

Filesize
680KB

Download
memory/4440-952-0x00007FFDAA2D0000-0x00007FFDAA38E000-memory.dmp

Filesize
760KB

Download
memory/4440-951-0x00007FFDAA630000-0x00007FFDAA825000-memory.dmp

Filesize
2.0MB

Download
memory/4440-950-0x0000013F9B0D0000-0x0000013F9B10E000-memory.dmp

Filesize
248KB

Download
memory/4440-20-0x00007FFD8BD90000-0x00007FFD8C851000-memory.dmp

Filesize
10.8MB

Download
memory/4440-19-0x00007FFD8BD93000-0x00007FFD8BD95000-memory.dmp

Filesize
8KB

Download
memory/4440-18-0x0000013F99AB0000-0x0000013F99FD8000-memory.dmp

Filesize
5.2MB

Download
memory/4440-17-0x00007FFD8BD90000-0x00007FFD8C851000-memory.dmp

Filesize
10.8MB

Download
memory/4440-16-0x0000013FFFE00000-0x0000013FFFFC2000-memory.dmp

Filesize
1.8MB

Download
memory/4440-15-0x0000013FFEB40000-0x0000013FFEB58000-memory.dmp

Filesize
96KB

Download
memory/4440-14-0x00007FFD8BD93000-0x00007FFD8BD95000-memory.dmp

Filesize
8KB

Download
memory/5372-909-0x000001B3BFB00000-0x000001B3BFB22000-memory.dmp

Filesize
136KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads