vidar | hxxps://app[.]box[.]com/s/vb3vt1yv8nx1qbxwuje9a4z56rkr0ig0

Analysis

max time kernel
351s
max time network
397s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
17/04/2025, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.box.com/s/vb3vt1yv8nx1qbxwuje9a4z56rkr0ig0

Score

10^/10

vidar 77076b8112067904c20207ca37e0f18f credential_access discovery spyware stealer

Malware Config

Extracted

Family

vidar

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Extracted

Family

vidar

Version

13.5

Botnet

77076b8112067904c20207ca37e0f18f

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

Detect Vidar Stealer 8 IoCs

stealer

resource	yara_rule
behavioral1/memory/5556-869-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-871-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-918-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-992-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-1438-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-1449-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-1450-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7
behavioral1/memory/5556-1451-0x0000000000820000-0x0000000000853000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Uses browser remote debugging 2 TTPs 8 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
444	msedge.exe
6132	msedge.exe
3184	chrome.exe
5776	chrome.exe
64	chrome.exe
3016	chrome.exe
1004	chrome.exe
2524	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
1768	Set_up.exe

Loads dropped DLL 1 IoCs

pid	Process
1752	tcpvcon.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3740 set thread context of 5556	3740	Set_up.exe	146
PID 3740 set thread context of 1752	3740	Set_up.exe	148

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_31339623\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_31339623\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1547451617\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_31339623\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_831013197\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1547451617\deny_full_domains.list	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1041092337\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1547451617\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\deny_domains.list	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_31339623\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_31339623\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_831013197\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_831013197\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1041092337\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_831013197\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1547451617\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_831013197\keys.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1547451617\manifest.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5948_1041092337\protocols.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\deny_etld1_domains.list	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set_up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set_up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set_up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tcpvcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set_up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	certutil.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	certutil.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
5712	timeout.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893933750433045"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{3A1F1B40-E7A5-4524-9EC0-39189A58B214}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{7FDB4A4F-DE22-4CEA-8817-8928A72856A1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
1800	7zFM.exe
1800	7zFM.exe
3740	Set_up.exe
3740	Set_up.exe
3740	Set_up.exe
3740	Set_up.exe
3740	Set_up.exe
3740	Set_up.exe
2464	msedge.exe
2464	msedge.exe
5556	certutil.exe
5556	certutil.exe
1752	tcpvcon.exe
1752	tcpvcon.exe
1752	tcpvcon.exe
5556	certutil.exe
5556	certutil.exe
3184	chrome.exe
3184	chrome.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe
5556	certutil.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1800	7zFM.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
3740	Set_up.exe
3740	Set_up.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeRestorePrivilege	1800	7zFM.exe
Token: 35	1800	7zFM.exe
Token: SeSecurityPrivilege	1800	7zFM.exe
Token: SeSecurityPrivilege	1800	7zFM.exe
Token: SeSecurityPrivilege	1800	7zFM.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
1800	7zFM.exe
1800	7zFM.exe
1800	7zFM.exe
1800	7zFM.exe
1800	7zFM.exe
5948	msedge.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
2524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5948 wrote to memory of 2772	5948	msedge.exe	83
PID 5948 wrote to memory of 2772	5948	msedge.exe	83
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 3724	5948	msedge.exe	85
PID 5948 wrote to memory of 3724	5948	msedge.exe	85
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 2468	5948	msedge.exe	84
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86
PID 5948 wrote to memory of 4288	5948	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.box.com/s/vb3vt1yv8nx1qbxwuje9a4z56rkr0ig0
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x374,0x7ffdfd6ef208,0x7ffdfd6ef214,0x7ffdfd6ef220
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2368,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4784,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5072,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4952,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4952,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=744,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5972,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4844,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,10256328112503747385,6616828005493544401,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x268,0x26c,0x264,0x274,0x7ffdfd6ef208,0x7ffdfd6ef214,0x7ffdfd6ef220
    3⤵
    PID:5128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1852,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2300,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=1688 /prefetch:2
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2328,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=2356 /prefetch:8
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4052,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4508,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
    3⤵
    PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4052,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:8
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
    3⤵
    PID:1100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4676,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
    3⤵
    PID:1580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,8217955455113825185,2332508903153069739,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\fb115056-3169-4689-b1e5-4ef176e41806_InstaIler_Officl_PWD_2024.zip.806\Set_up.exe
"C:\Users\Admin\AppData\Local\Temp\fb115056-3169-4689-b1e5-4ef176e41806_InstaIler_Officl_PWD_2024.zip.806\Set_up.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4896

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Install_58.97.4263.17.04.zip"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1800
- C:\Users\Admin\AppData\Local\Temp\7zO80720F59\Set_up.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO80720F59\Set_up.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\1ef6ff0d-1e99-419a-8760-a9d769af8a03_InstaIler_Officl_PWD_2024.zip.a03\Set_up.exe
"C:\Users\Admin\AppData\Local\Temp\1ef6ff0d-1e99-419a-8760-a9d769af8a03_InstaIler_Officl_PWD_2024.zip.a03\Set_up.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1020

C:\InstaIler_Officl_PWD_2024\Set_up.exe
"C:\InstaIler_Officl_PWD_2024\Set_up.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3740
- C:\Windows\SysWOW64\certutil.exe
  C:\Windows\SysWOW64\certutil.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:3184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffdea13dcf8,0x7ffdea13dd04,0x7ffdea13dd10
      4⤵
      PID:1432
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1644,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      PID:3276
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2108,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:1296
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2448,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2400 /prefetch:8
      4⤵
      PID:2192
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:64
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:5776
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4132,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4128 /prefetch:2
      4⤵
      Uses browser remote debugging
      PID:3016
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4484,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4756 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:1004
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5256,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5288 /prefetch:8
      4⤵
      PID:5540
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,11888944382370399563,4103203522744842819,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5472 /prefetch:8
      4⤵
      PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffdfd6ef208,0x7ffdfd6ef214,0x7ffdfd6ef220
      4⤵
      PID:1324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,2480895745173182023,1440027441588571562,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:3780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,2480895745173182023,1440027441588571562,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
      4⤵
      PID:3692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,2480895745173182023,1440027441588571562,262144 --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:8
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,2480895745173182023,1440027441588571562,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,2480895745173182023,1440027441588571562,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:444
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Windows\SysWOW64\certutil.exe" & rd /s /q "C:\ProgramData\mohl6" & exit
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2576
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 11
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:5712
- C:\Users\Admin\AppData\Roaming\Ew_Control_dbg\tcpvcon.exe
  "C:\Users\Admin\AppData\Roaming\Ew_Control_dbg\tcpvcon.exe" "C:\Users\Admin\AppData\Roaming\Ew_Control_dbg\tcpvcon.exe" /accepteula
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\08b3fe0d-9d83-4f38-afe1-90033f0ebcf5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
834dc36a921ad4f970d713ce96bda6e3

SHA1
26314a5b4a3aed94bc9739b61a2c1f23f325810b

SHA256
fd203e187fa3bea6d2a7f5d86f8b21bc6b10ebcdfd386396681b55bc713347ce

SHA512
d04f27aee29d11f028729ce67eb237ad6d9972f4b621a800ae8aac45bba3a1983f3ad574257ebec437a144527fcaf2207fef8f31e77c6df36601c3ab848f6e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
cd6ba8e610a01bceab0b2b1451460116

SHA1
0209fb03686491b653025c822d5fcb262736cc6a

SHA256
c17f584259d976357e6678ffc210325a8b714084a725ecbacf7fa7d7635f9f58

SHA512
2ba81c0e9e26837aa14d3b9710e17bb8dc3417226f46d7e46dd6ac33bf96b3170fe960fbbf309143e79af7c01a9b0a0bcd75946676894812def191eb70e28025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3cb5b81d-3419-49de-8108-391cd3afcd88.tmp

Filesize
40KB

MD5
56dcc685c5775e3ae3ceb354493d6a3e

SHA1
f31a701193b0c0de1f495b4467b813e189c48c83

SHA256
da520e54a46f853bc9b3be35cbf5193710c5463fc7817a7a5f8b6778b7592b20

SHA512
21201d3756343d4fe832ba21e7d1d8050c8419db7408b1ce490b1c38454c5a6df4ed5bafec08a16fddf84e3f31480b39b375b077b9563d97a1e3745d2f7a0d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d73d507b2d833282ebc9665d9b3ca78c

SHA1
fa07b71f38f98ddc75580f24891e0a076c8c8aed

SHA256
bcb04042e7c28206e0a91e2238a3a5b88bc5ed21a26a383f166918069fbcf285

SHA512
b4a6ce4488e63a80f34661ac0f72c27a296e96416a1f449091ec5f33693c04a17a870a358326791ad343dc4ca61d9d515731f84e51967a2c20355410bb07f74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aa9afd16e8041e8c80250b50ea6899e4

SHA1
a3a698d431952253255c343f2b35f74e73e63088

SHA256
2bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926

SHA512
344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
993b37af8d5f42f2926dff7d1f9e7c97

SHA1
1295f84ed0bb9c043fff44355e38752f552c94d9

SHA256
1034b648dfb677619ce992d427271720ccc7702181a7570c75998dd8bc1df930

SHA512
28c9b5eae7d2847b0b5156550a8a19d5963e0d78ff0acfc8c0a2e8df2b06c5cba3f56ae3340ed366d10b54705657165fdccfef75a98eae5db0242fcb09d8cb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2260fcf97b5c080e83f1db662aa73af7

SHA1
a0e996855d410c6c2029d1f7561bc3e72f358102

SHA256
87f2c90b3fa1c46a442544f3775015adda2baef3351252e75e0af99c35d0fb92

SHA512
167f2577faa6eee15d55421b6a897969edfe7b371f5bcab0872203416b6817299939826ec6e99b8e3eaf878e9d91d35139251a02921555031b0b5e23a35f8452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\702c999f-f27e-4dec-8af7-3a5ff8f35ca9.tmp

Filesize
16KB

MD5
48474ce54d8f820659bf4188157742f1

SHA1
0ba63e90f94663d528298536c549dcdabfc3b693

SHA256
4cd475f5462cdcd4a4b284817d3ed8dfd8244d729bcb8622c76d3efadfef8df6

SHA512
ea13372036cca6b0d85da6225cbf1c35ec575f758123d0852e06fa6ec29c7fd76b361da2793fe689043526f027f1c29e53c37cdbc1255fcd86fb4bfe49a097c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
df018f93fbe963020c410ab0f1fb76b0

SHA1
85ca0fb88778a6f7de543b68415e3a63b3b1a5a3

SHA256
c4b20c738d8915968976c3c3092ae93747f04478e7e2b350e669d29ea229c391

SHA512
a0d732f0ed52c52bfad3e8918d17ba27a7ae9b8018862d29278d4c0c6c3c1ccf920df51e566a495fe8424954e33c0e653ef81dcc3320d53450c86bda4043cf81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
edc46c928d64f576f4d135e14f3c8b09

SHA1
9bcb6524db23aa6ec7ee79b89d5915c5c9f2609a

SHA256
03f798b491fbc10ba4307fce0160dedffcb6e966f5e9941427ac22d08a5c8bfb

SHA512
d68bdc262426aceddcec238da0926182424733175502c9972535e90d68ac57d013881d536dd949d8b3db800c7d475360ad2bf07a75c2b552b4e4b39c5bd37a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
dbd760a8d015950ed8d6188257bd3f89

SHA1
55eb59e66e7e0e434c8271a4ecda68b958dbbb00

SHA256
bee8f9c361f2bea0dd69f46d275aaf1a45ab8f91e44a43953ee4d638911a0283

SHA512
4797172e4af242231e9a99e26b7ef3bdf746534768fd56eedf4b225c5227672f1f74bd112f55fb05672c7bd34afbf2556afe3746b02883538431f31fbe37f214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
19b6242d9c8270aa2dcfebb3690e3fcb

SHA1
eb719f18c30bd10387ec6e1b13aa17b000e16e2c

SHA256
ed74e6477c3896367718fbf5d4f345215d96dabb94ae3dd3bfc84227060479dc

SHA512
6f2dde629c4637c52cd47f809ef1ec7a534ef08bd73bd87d7162780e2d1fa819b6af3f91f48c900fdf616198b63d13f5a7f29d8731cbb436e7f4be6f8a544485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
24KB

MD5
f3ecff78fa2dba474dc89ec314f06cf9

SHA1
aff0a043d3c1a7a24fb823b229467a99830e4d4c

SHA256
dd15448ac9e81ef3b7d46d5742401fabdb45cb328c1037aec089ad249d8a2cb9

SHA512
f544a9d0acd2092a17d34767538818c9263a567f4897005ed4351e00852abc84927ddeb25f5422ef415c06ad861c6ef00a8c69165e88eda2040b3a7622dc8a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
29KB

MD5
0efd422507b020f8b982db0a0daae78a

SHA1
d8ed16e119e43869fb12439bb0e8e3080f29ec60

SHA256
dbaf113c43c4b0fa9a538e54a2869d0a367e913a2e2dae439d160b555d2c1262

SHA512
179c5ffa548db29f5514248aa134c362189b21cff4d2ee6e6d1fcbf9be180e7cf25191aa0f7b51b19c2b55b8fbd62ce82736626a8aa831642aabb199931f391d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
122KB

MD5
701dcf3b9bdb3a3d599a3f05fce16d8d

SHA1
8b0e8edd7c7e0ef58f280f077e4000fdf6efbe9d

SHA256
ea777c4c2f93cb35dde1b606df7bdc26b616916a3adf490efa243403203b1a1a

SHA512
aff06fde1e8b178ce8a762cf20f7ddeb89d3f10bb4955594d1070f6ea687a69bb7581a14201edce47169106bd2a0fa0a67617a2f85c914e0cb0f9d4f1f8694f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
66KB

MD5
766b6388ceed49b97dd6a891000f02fc

SHA1
a436c8b1aa2a19da060516778bd5663ffbc40702

SHA256
05218b5466e1b5e81a99efa763af996331996bbb5ce562cab836aed71f93ea16

SHA512
81edcefcc658f90598dc3a158d17088da09e2e120a9d0f2098cca72295fd4cd829c2cc097bf3ebb26083d19909a39ea153eaecfed6484d77c4b08e4cfc606792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
42KB

MD5
9205f6b9fb57457531f3340872151b55

SHA1
1c36d7716790c70f0dc89a64b9d0d1a5abf584f9

SHA256
05829db3b0052e5f4004b5c7cd5c4498bab46dc7c9d7e3a6f7f599283611abbf

SHA512
73458528da5eb47e186c1a5585b8df5843885471567472cb41ff7093ad52a53e89c9caf16fd2408cca6fc2aaea9f653f266faf98b1e418254405f8ce6071280c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
45KB

MD5
f6e0686a4f0a392bc121e233a3576d76

SHA1
10f5b6533c972ace0d46150629393ec60df290fe

SHA256
2233a0e3fb16114ec6d3029f67055d9d95611cd7d8951174e3c1ed56c349bab5

SHA512
341d59f9f68cdcf1156345595aa07d82a9f74ea5e16f0998933950c10d859a2799bdc998f5472c61efb83b9ae75b5b3db155b694616417825369c32463e9e90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
118KB

MD5
276ad1ab6c5bb9f3d1503519a8ec5873

SHA1
bbfa59d3b8c0675ead941a7ab43c93dfe3c0d066

SHA256
575c1be7ab0a2b77f155dfd99bf1341761af1aeb52113bf7a78f12b5bbd72936

SHA512
2a1aa82d0fc03b6eb58cf1c279d1a245e54c4622f3ce307ec086b9c51d9211cb0ee4ed69bcf71a9316a4de719489abde5c4cdfa1ef926c9da7b8f88619bac345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
82KB

MD5
de6dcea5d972e76df5df9ee4f951c576

SHA1
e687389a466fdbfa8e45837833f6411ef9efab47

SHA256
ff1536cab38afeee3ee8574e1d912eea1347466fbc5954bcb592cf36d9d5b65c

SHA512
fdcd21bd1f391fc4c2436101552f550418ae81ccb54aa1edfc32e477e1258b69d7b6d0111aea8c7abbea0ded41c7143d7b959e6e4a92c35724d52435f7a797a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
82KB

MD5
22836f11ccb3836f3c4e72b3f577bb52

SHA1
72795d8c838c49b96d102b28922d105039070a70

SHA256
c07afa93aa8a811cf015f8c6171244f2ddb996e12ee5cfa3d5b9ed098b03c30a

SHA512
7e88e6bb594939a644f885d82132fed543d5d8ee07017769d1740a2b539b26677a81db2463faf941ec6bc819ebe55bd70e742d78fed4c9bf186b908da17b671e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
732KB

MD5
d7839f71ecf4fd3906a9c8fe6aa1fd31

SHA1
7bf079049875ff48b2a06829d41898307a3ea8b6

SHA256
3cf197c831b0434973fa9831fd9cb36ee010ca8d7ed34fb832531f51950cbb49

SHA512
cf0803ca89f4e86affab86354b8b311d8394a03d772b2271092357b83b4fea339c58ac6545b8d836373e61bb89ef930b3051e8d5279f51f20f23b78f117eda07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
42KB

MD5
d49d991c97184ab4853f8f38364a35ed

SHA1
f3a19d491ae37106d118d212c371a90f33a4bc36

SHA256
d56d2c34a0870035239ce107e0a442c4eac80d98fe1873f7637135282a0e08b0

SHA512
c4a9c9e1f75f31eb7e1c5648a3cbbe94d6cc59b9efac0dc0b4ebc7a6c4a6da36067df63efcc066f0be7af50daf4a48d0034ea7b7a20a41ccf713eb0485b09bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
156KB

MD5
77fe745c11222f8dd4e9df95a1ec95dc

SHA1
05712e1f85f1513e158d9ef0ca1e2ca65ef5752d

SHA256
7eae9c4640bb8fed50edca9ffcd404cf983f6505c20d903eeec450febc6fe709

SHA512
ea3965f98baa874d667a9aa4eafc5f309401b16fd320d0905d3d3c00ff1686185ee44d84dd3b85b6b694895affd3bc877453850a9703eddb10938ad1d26858b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
140KB

MD5
97b5ff150ec2053044229cd1bb535710

SHA1
478c917b4a1c0250645bfd1933b39f97ce1982f1

SHA256
c4f35209ba720765a08642e9e91bec8cddac99d815595c0cdf37ff7022ca76da

SHA512
dd23e1dcebb48edcfb23c75be14be568211dd72b118e3bc3ccd4513e80726463dc77d8ba7b2ec0b5d89162b3e842a1341fe81dcb8eb083dfe8adbb4b97f5cf9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
16KB

MD5
b421964c00ac4932ff897caf7b231576

SHA1
b1a4837b797f76b70943c094268a9fb9d9af5c4e

SHA256
2a001ae819d163f870f2e116dc99820cd50068bbf99f3372a077f016290c887d

SHA512
caca4d6d9f5e684e1fe0c345de2e39187729d734a9c31d221e5cdd088e4191041ccfb1e687b5a073f5109aa42a6b9be32c970e0fdfcd82680c8b7b526de52e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
17KB

MD5
00c33651a70692498f306143f11c6870

SHA1
2bac1c578f4252309990313d04c4f518394c84b2

SHA256
a35b08a05398ced7234357c558019a073134ce57799427d2d9ec9ecb44e04e8f

SHA512
6bd1672b95f91993a73df8ebbf4442a93c4675aa327d1148710f5b0c42350e54880639bdcd766a3bbb7cf4422b27fa70fc25ac2f14734845ff58a6362a9cab35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
25KB

MD5
befbe11db3908eabdd2a6317a5ecfe70

SHA1
6f5db53060e02b527d45590917ca7ace6a4da1de

SHA256
f7c9c4a6d7b947cd4507324cdc8773c3f9fe3ff25208428adf45eb49d0c0db44

SHA512
a9a1c121ca7cb90df5a29512aa6c2aa8d011245c9b89fce8ec127514f7df83956852ff99f03fc46dcd438b5297a950d61e69189c884825f1f46f462b430c073b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
38KB

MD5
eff1254298cd88e4294cceb6b31d5903

SHA1
246e7ff8302b5ab7d4da97710c9c23e4695a9825

SHA256
48d35ec99c6f871e09ea95f52c8a24f1fb28d8962722a91ea330bb3aad5cb1bd

SHA512
afe49fcbbe99ff56b9ccbb91835808ab8c5ab6529f4efe53b6f637b278b1374a542bea56c6d3ff3cdfd0821e05f9801a2326b4bb3c97cd365469bae9cd350471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
74KB

MD5
e9b357e9838bf3935f63cf3392048f46

SHA1
4cdd2a6cfb97277acace7f0cbba41196801aa3e2

SHA256
3aa7fb619b9337e400a33cb5e78de50eb7eb86507f960b883fe715b89ae8e5b4

SHA512
2a88e2653fc6702a0fd23ccb4d6840e3223db6bbef3cacf912efc5fd5f70d771a8465cb86c63112beaed99552996e58cfa417b69ae93302755f3159f1197c6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
21KB

MD5
23154ecf8dac5ee92ba16747dcdde3f3

SHA1
2c29149ba8ddd70aae91dbbb539e8ac02d90283f

SHA256
bb6f6b98b9cb96f2a28860485a777492b372fdb2e7833b11f1c96669c3737070

SHA512
c93357edd98f9ac3d7a5f4ac75e4ce21b37b0ae9ecb29ee5df351f4229d3f6f20c84b46e3cb131df8a5db3f1aa65a1d3700c0a859670c716a874307cd46a1b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
75KB

MD5
87d207285f74537857d725957576642f

SHA1
60c496a96eb5f4cb6e745a886d1062481301a732

SHA256
d426640403b89eb3b11600c2e633c5c4748050288e4d7121f1cc8b2d71a0d596

SHA512
e2abc917618fbecfe232927733f3209559df0e03805adeef4ab813b1e73d43a2b5ccf3c37226008279cddadc1db1d7e5389ac695f1de9517f7cec2358e08a614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
28KB

MD5
d30e72c85c55d6e22e6f6b762cc368fe

SHA1
c41ed90059469da8dc51fc57c94ddd00ffa4bfe7

SHA256
e5e0441fa0ce5826a3255db87ff1757a20b6c290205d7d1ff9fca5e76ae5c11b

SHA512
3f8396e2003b266e7215eb753cf482b3cef53d96b0f45777b382c5adcedae59332381b1d8b19cb00ff528b5e37289e21cf287f4345127d6554505526bc28a539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
22KB

MD5
0a67552d408fe6bc83d58c6da6908e17

SHA1
bba2584d53493236efca7f29e9f41e3de0cf4d44

SHA256
6240bfb51dc99340d0e770d814835ba8b93051cbd674e6215426c77200960442

SHA512
bd23522f362b161160586d1c505ef0d395990580a6d7c3459d8ceedfcbf55407c69a10cc87c517c2e8abf26f12d5d234ef40828ba08265a6082add7c14a07079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
79KB

MD5
a95951d12196aafd848d52ff0896bbff

SHA1
dbeee5e9c21fa44cb11f93efb02b9c485c75728f

SHA256
afeb4d4ee1f65373fb5d96afadbdc06bc9b1d878e9788c4fc6441b755834f1c7

SHA512
2f55a690b49e9117bb0de238881c95e419e9a452e28bdf96f058e2fb6edfe17db2a67aeea4030afd6088522f84051f4956c8f3865b66282501f64069e5a6aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
205KB

MD5
a1267ea6b3f87fd59fbd18d8081220f6

SHA1
5c861a38a0887fe0da0055209eb7a68e86ade895

SHA256
4290941aeffa7ca8e578fe1194d96f6230cec6730eb500514868d3064d2cdc57

SHA512
47b82be64ac2f35a4cee6ee22ac703319b0cbf2a861a2aff907ff5d653d8e80cc11741ee2fd65d311516b0fd609b9a4f5601a8dd5ed535e9d1394bef20268d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1ff512841278a1c1e31114fe9d8ec1ab

SHA1
f1bb5b3b4ea7c1c9c45ad22ec93c0941b6348780

SHA256
0e14efdc1e74ba2326cda3dd766e004bc3b6afa8ce9cbd94f6cd8e86add0cad8

SHA512
18545253433a55dff7d12d5fb8885b2e9ff76dc812e526381ccd8fed5053e2f4319202a2857e8cc56baca597c9691c737088cc7b7bb0f3a551869c6a95b460bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fc8d8bc8b81d8336733ae990faa442cb

SHA1
520eacd956a5aa1711dda39c49db8987b46e5b27

SHA256
f19d9c711f2627357d86d1c23ae6887fd23c63e0d52561b354f108f5588aa190

SHA512
e4648ec83f777a496fd7e82dcdb3a2618fba4c8a4615ec5b2eae18a14395cfbe75d12631d78cc7e27049dc9d4b86e8d19ea6d5ca6382dfd7263924502b5942b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580c4f.TMP

Filesize
3KB

MD5
d0a48cb20154922c94a5cb2732cdf120

SHA1
e0291a6e6cb1598ca9407d837c7863153fec5a3d

SHA256
f9c2ea88347cedae92e143ec7a0044ea8572bf065284b15788c05029956a83c1

SHA512
912d6a619d11b4332478555566fe6b6e39ec46e96a72c6bdd20b60077b202a4a01c6373e4bda0062996107b5a2cf55c3ed3c02a09500b2936879dd146f06390e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
53a43437e96b5e36e561aecbe63526d0

SHA1
5c448412620cec129b54b0d0bc48cb88c1b13424

SHA256
3caf918e008631ca16f4143a8306285196f9532e1b60631ed17ff6fae0b4298a

SHA512
8c02927fa62796fc7f19f69fa8aa1d2a27084302a4cafdd02fe435e9e3e1a761ef30f5c1bdb60de54d2b20f704ee2fb4c1a0c5aff9c65aedea1b83d26f9c5617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
58c895a11da8ae5940274a7e69a9eed6

SHA1
809478b073213b32e49798d5988db2160adce792

SHA256
f79c9e6d7ed2d7ddc0849b43136ce44e6fbf0a2d40e0ad5d5d8b09f819516a40

SHA512
228ada02cab313fd034bca1cd6cebf79fe8e0306c193004e436b63b2ea6e6a97c49158ba061ce6f0a9c51d04886bcbc0a068583a9a99530cc0daf49ce8c7a288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
129073061f3efa477cf82b6726a90f0c

SHA1
3554657c53159590bc6c96af6b647b43e6442576

SHA256
2f188d2543b3644fa0ef0103504c010fa1f5bb41c3fb47f8460d1921d4b1dcb5

SHA512
944787e6d0433b2d50d9a7a16db1d7f5be254425aa6561463aab2b41fa47a3aaadbcd99b2de8a9ed7674af5f15aabe63c704e914c11905b1f7568b692e565678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1a378366dc28eae5555575aaf1032aa4

SHA1
c3ffd34d7c7a3d38eac83869ed8f62fcd380a881

SHA256
5339a545d0090f071568d5c7ffc8cc4b34d19edcdde57a0c8ff2e3004b472273

SHA512
13248276d3b9ca2f0785a97919b8bf939011aa943e8365fd602d3a7b76fc04d208959a67cbe5e4e24df61e0a887168b9f73f1263d985c50260eb3812ee9f17c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
571d0daa388d7d676a29e698f366a3ee

SHA1
186fc07557ab1afea39bb8e05c6cb46fd80c88ed

SHA256
8438e577aa1febb01ac74765bf67ae16a850e4908808e8aafe1c0f1643839884

SHA512
dc4f9d26c70fdb76ac891873c29530b2d8046abbad71696ccd64fb4217d651623a8247bc9426820c6dcd2d9066c72afac51e259eb0972c471fb254d37399e0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5f6655d81b284ad408825baf3d82372f

SHA1
fb47885f0ba82419c168e2a8c4350103996240e9

SHA256
3a10a2623d136bfe3999e4e6b8bce2049f525c3b13609232693efda0b82706e5

SHA512
d512f83fae4b1ea119fb1465dea2bdfcc5177997225f48ee0741f020a9cb3662807158c8b60991d28f339041aa54a764cef83149c4c786836b4ac58a1265bbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
370d6d71fba8f4fe1298a417bd696310

SHA1
d20269299a25fbb512466436a5ca2fe95d8218f6

SHA256
33036e211fd878a5ae9d5f3dcbb6941cc44271cf858845d5eb2fe9ac101a0e7f

SHA512
b6cefa69e2f8d8a6a15cc9c45cdfab835502d92e5c5958438f8f243766b2ff4ceb86616eea7f389af23e492ab8b886805e459e4d29a5c6c3469ed7f90c5bd196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
79cc251a56a26f26c09b05e5e11800e5

SHA1
b00fc4aab951c88619fc52244e7f474630965e0a

SHA256
88420abedc159b291f7cb0ef553b07cdb55754413575ddc7ea5d6110f8337bcc

SHA512
828fade9cf5c96256547f091356f7b0dc0a5f40f2c2ed33dacfe645c2d4a08e23fd0942c4669c796e3d9ec882d9f3cc2b44032c11db08b8c5a149b3d152afb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f3c06aa955b31bb394633fc951255ccd

SHA1
5108a23d6f59d9754035695a03afbf15efcb68de

SHA256
8b2849a679ad6d56bf63b4aee99791f84ebff34087433dac2e1f58fea7c48942

SHA512
1beaad77c232d13819a9d50a5ecca8bb82a0577df34b90e6254f825421501fdb571aa7535f153febcc4f906891340eb2d86dc77f09073603a9fa057e108de3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\index-dir\the-real-index

Filesize
1KB

MD5
be0c460ada72bccfb1cda3147933f1a5

SHA1
36bc394f6058a76f6eb0797d330511d245dcb845

SHA256
3cc0a05a959c370535248c817a8c8febfc076ca4bccbccf430a6f8f61f299bd2

SHA512
c193c6a32fe5c2f11013f0a17202675e2a1c197f52e0e08ba8c7bc0dc62e46746e333ea29ca03166eeb039309038b53926886381db298d44efacb5c64e1a9055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\69f90508-8154-4dad-a013-a19944dbb265\index-dir\the-real-index~RFe5b467b.TMP

Filesize
1KB

MD5
cbf44fd786ca5d339773c46ae5ea8ff9

SHA1
ce1c92f49f1bff25e8dd11d603a07531a49a65fa

SHA256
96798f9f72ab833cc7be9ee10c64f95940eb11363d3a3d5ff0c0c5ef05c35196

SHA512
316822d418934cebe9d5250e7a09d16881cfb38affa04df04a5ef20f95ad1ca9635fa2e4c1c076562444deb2e012fd8b2b33b5334ce603bf04ecb4adc8ce897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
de229a4df7065196423ee4996c891b57

SHA1
c61c79f756693e03c60a1437a16cd82ba3e6a7b7

SHA256
62df49e6b1539757492dbe7de42bde17990e48325f4a772a9572b294d2c07897

SHA512
744a3e3d1ae7f1541b4eea4b1e505c65c1a11e473671e868031dab3b8c9aef7c8ceee70c4539a69665db52600e97cbbac66a709a7ec3e039d1fd0e7c26ffda33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f5a816daf615d65c3e4d47709fa81d86

SHA1
2d1a7dd25f698762192403fccec3e61eacf1a0fd

SHA256
c2e1ffe3f02ca64ea9a3d199121e0592514c338a377363ae1253ae8a2e5523f6

SHA512
092583d8f2ce607e48e93b933d23824910a768563f4ecda877727846b58be72625a49c5b5eaf95dda79df3742a6efaf6d32b9b4dabcd95afd6cf0dd36dd20951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7bd18c69a66c47e96f4b566a0395e391

SHA1
b2aac766e4292be426ed3a0eb795f036c41f2935

SHA256
e7d06d39331bfae725050b836279b6038620e84cb0038a56d064bce13e520123

SHA512
f3ea02fddd814492bd3b68af4c765dc3d6fba53311a08377f9ddc3c967a781b95ca6eae431d056bf56de41f15d14e728497cf8b697de97e3db7121d49b3c9a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
dedd1799d83c546b9c13b5fc6881aab4

SHA1
0079d6534b93ab37f4259287eaae5a38a29d175e

SHA256
882aa6d4f59ec13c156a15254fc45e8917ef0c31d4837ca0401ec243d728697f

SHA512
053d48988790db0560d970e39d3ef96c8b31864ef5c4d1dda3fcc1f38593ef87273387484f76185834384e2ed47742a3cdaaa830f021d1c6e9cab77b95e19dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
7d10d75c73819142337b41bf095797b7

SHA1
f8299b6105f19192fbdd19dcd806a858387f9881

SHA256
ee0fe6e701f2d50448059ecba26c69be9e6ff3b0dee4de053527e5b9f63d1340

SHA512
f24b73b851a11a92252f6ae3681cf2f65533aefb8dc26587ba4b1495be8daf11252fd22a922e608abd49748faea03aadea96e27acb13c8a48d9e61c1d3ac6a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
374da0659f43d00351ffffa567f14ca7

SHA1
010b6b4492c51aed9d6fd3c4d338ea77d5af311b

SHA256
2226aacc2dec9bafa82336f1694eee83fbe8d4f38472978f189fae303ff140dc

SHA512
3a2f556d4a744d1bd6c1a6a253f7d4529c099c9f5e383123310ab0e8dd8fc6eb8d02f7e956db8ae1bc57d24972dafffc86302b85cc7b91e75036194bcbcf2c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
39a7c0057747bc617cb8166f65dffade

SHA1
6a5f6178929c862ee4e7729498aa6ab886db69d2

SHA256
8479f2c1c94dc38f40566b67099c71df000cc5b269f458c59a94c63944bdb05f

SHA512
927ea222a3d7fae501d04b3079e43ac311b88187bbe4d66cca4e84b636e60d96121147c35d7cc02417274db42cd592da46fd870a4231c7ad353673be43644008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
c3032fb9919dfbb959191631b3a5edd8

SHA1
cab0eba7b171d0094c61ff30ccd221c9b77e9438

SHA256
3780077f87f266ebc23023e39b28c883604848cb5e32b06548ca889a722ea94e

SHA512
9d51e326765ffff1a009b5eab7daaf9eec246320a57f5b0ee2bd2e893594f29b38682d82c02da71dc46001ce7cc0fc62effbb7c07b63bfcc2ae7c449f3a4b12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
ede12e0576d282476ac13dcb5a88c02b

SHA1
a26521ac76ccd87811cc3aeef07328c9025bf4b5

SHA256
0316d9178a9aa403c6ae67c564b1cee0f06622ef22d79fb60763262e416541b8

SHA512
8ea2deef2c19885bd44565fa75a807a4f0bfb1e92ae309b85269e92651d8fcdd434f5ea189b450153612fb959891fad8f3e8bd13c26487e11cdb5c504f55498d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
de82eb1cdc4c93dcac798307bf62689a

SHA1
9816d8b60aef885d9d93cc6bead6d33efe5347ff

SHA256
a65b7ef88eced626824392c512128e0580fb105ec5a27cfd0e912ed1d7245a49

SHA512
f4ac4350df3ed5906af51978fe1d46f3756e543cf99212e1e7ebbff2ff2ad17af4b07bfcf5ceac83984b3515e4d7a35ce724c2a8d59e645b3cc85a10bb107cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
1af16f7b95fa1dfc967fab7d952a18e9

SHA1
a43e09e0d170858a203b734b04e31b4099fa3bfe

SHA256
cf95f430f2e9cd4f10e08ef62169cee81050aeb95f78a565c83e89fe849e9615

SHA512
acfab3dfc3fc60dbd23d033da8b48ac37cafba2c52ea93cc8ac964c09d5a856d920f560a3f031d4cf96c4cab0592a75e7105b3214accb1cfaf75d2f44db63caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
da8e8108e176dcaa761bdd71496384bf

SHA1
e82571164551369a35ee1466f28bee59fa0170ba

SHA256
31a5400dc1f50b49d7f016d489f881262d103d0c0c168d322013d86673cceac2

SHA512
82ec00041d060d0daab878e51a8283ab311f17bcd7f585409bce70cff73c4a12a5f67a60178e7932654dda3d2e1e942a0a20b8f8dbe493009d3c91992bc06925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
231cf2d75ac0d4cb782cffd1a51c762e

SHA1
5a8e1f10ae5a4242a8f3942511e2b996bc4ac483

SHA256
7a95667b53f2f14c7ad3ffb2924669881e489a9014fb9eb0f389d784c2843cbd

SHA512
f58edfc2a467a60bdf918cb95c68b51bc0be30d6745ee09a6adfd2146a21f1575112ec6c98be7187fb9754c553a0252c65c79a81f03ea7527a1a7f0dc3c5f8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
9886aa0a634fbb1ecdf965450cefdd8e

SHA1
79651ab948978c25074969ebb9fb71d1240a5ab5

SHA256
55af4488408ab6aa30078295623618616dc1fc6b32afd265b181f7cd775f1b7b

SHA512
f1293e9d14fcb0b3d9290e66d92ba5b018ebf06d92bfe95955065817d2ff71223a01f04c09f3396366a89b4eab656cadbdf394d3fe5d175d0da4356fe2140877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
0777777d2916252122bf38e34ec05803

SHA1
df9596495395382a7f25cd2c7a73d7fdb64410c3

SHA256
0d0d2df499129feb95fec9aeaa6c5f56c85d7fc249362eda4a6ed638c0eefc85

SHA512
0f2f8179b6e7e3d57323944785e1280670b5a571d22f165988536e224ede359935133dc45f89cc9b1c60d58cce55ace01846a6316914bb27e83cdd9c808d32c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
793cbc5081af097261e274ee05d92113

SHA1
e77a59c1c59323f05235bcb3cfa914f4dbf4830f

SHA256
7fc3550fac895c05578302f6ebcb93823d4f6253c6f3415ce723be5342833285

SHA512
b3ba61735ec0f9a8c01a14e7b06f9a91a5fdbb9bdbec5eca2394832ad1a64ae5bd8ddc0d0a31af39f1ecc8310a7d24c38285c4d9f600578be0c46fb23b1ea446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
81319b3260ad32d722e7efa761747a59

SHA1
61ff4a200463013cb368fa030115302541c73b3a

SHA256
ed545e529f05bfa3e2cfcd42a64f42ca18fdde15c98eb0c1e36c1094510bcd4d

SHA512
c4ad6a45ad6a5b8e399ea11a7c2397ca2dfe9195809a19d7ef2abbb62729b2c08ebfccf403fde809843a1717ff2d06297d7102bf6088a6483598edf1bbddc2f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
31390225a4b62c039eb8371070b30416

SHA1
f2ab8dd8eeb493ada6b798ac556f64f9e8d2acc4

SHA256
59bdae85374b19ef28c78cee822ad961c78c83e3616500017a076115c17d0096

SHA512
03edaccc9a3e76fffe157ab5ebc48bedda57cf51202c72a8d1f4417d2466d0d91c16c443a8dd82eb1852bf8c82519221b59fa3bb47b1c65e47908edcfdea01fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
1db8f6c672379d66ba82c227379bdc6d

SHA1
4ef926a2d04a23cc88e28019810736a039b84a2f

SHA256
a024d8330c0b3070e39fb8e59ea2be67255dd6d70ebbda642917e77a7355fab2

SHA512
33e65fbc5a1b6f741dacba32c4b27b64feec255e688b0c75d8cec5eb7effc597dde6f318aaa0ef0d3f9c4e850bc774da8868480a75cf3192fd922d997bb314e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO80720F59\Set_up.exe

Filesize
168KB

MD5
aef6452711538d9021f929a2a5f633cf

SHA1
205b7fab75e77d1ff123991489462d39128e03f6

SHA256
e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac

SHA512
7ad84d4d3bab3f5a3e14f336d8931bf4b876299000081b2a94a3fcf698c56b82514753b483c5b8d7ae84ddd92ee1c4043fa5e7fb7c4f7e9eb52ca8c794e508b7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1626730782\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1915930367\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
memory/1752-919-0x00007FFE1B250000-0x00007FFE1B448000-memory.dmp

Filesize
2.0MB

Download
memory/3740-845-0x00007FFE1B250000-0x00007FFE1B448000-memory.dmp

Filesize
2.0MB

Download
memory/3740-847-0x0000000074D50000-0x0000000074D9F000-memory.dmp

Filesize
316KB

Download
memory/3740-844-0x0000000074D50000-0x0000000074D9F000-memory.dmp

Filesize
316KB

Download
memory/3740-842-0x00000000009E0000-0x0000000000AB1000-memory.dmp

Filesize
836KB

Download
memory/3740-840-0x0000000000580000-0x00000000005E3000-memory.dmp

Filesize
396KB

Download
memory/3740-867-0x0000000074D50000-0x0000000074D9F000-memory.dmp

Filesize
316KB

Download
memory/5556-992-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-918-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-871-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-870-0x00007FFE1B250000-0x00007FFE1B448000-memory.dmp

Filesize
2.0MB

Download
memory/5556-869-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-1438-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-1449-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-1450-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download
memory/5556-1451-0x0000000000820000-0x0000000000853000-memory.dmp

Filesize
204KB

Download