Resubmissions

10/05/2025, 08:02

250510-jxmzbsbj6t 10

10/05/2025, 07:58

250510-jt7jkav1cw 8

Analysis

  • max time kernel
    232s
  • max time network
    233s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/05/2025, 07:58

General

  • Target

    https://github.com/enginestein/Virus-Collection/tree/main/Windows/Source/NoEscape

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Downloads MZ/PE file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Drops file in Windows directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 5 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/enginestein/Virus-Collection/tree/main/Windows/Source/NoEscape
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5784
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f4,0x7ffaf055f208,0x7ffaf055f214,0x7ffaf055f220
      2⤵
        PID:672
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1828,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:11
        2⤵
        • Downloads MZ/PE file
        PID:4400
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:1840
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1408,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:13
          2⤵
            PID:5016
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=1988,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
            2⤵
              PID:2348
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3352,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
              2⤵
                PID:5228
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:14
                2⤵
                  PID:3880
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:14
                  2⤵
                    PID:5452
                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:14
                    2⤵
                      PID:3464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:14
                      2⤵
                        PID:2380
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:14
                        2⤵
                          PID:3580
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                            cookie_exporter.exe --cookie-json=1132
                            3⤵
                              PID:876
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:14
                            2⤵
                              PID:3980
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:14
                              2⤵
                                PID:4536
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:14
                                2⤵
                                  PID:464
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:14
                                  2⤵
                                    PID:5196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:14
                                    2⤵
                                      PID:2804
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:14
                                      2⤵
                                        PID:4132
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5744,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1
                                        2⤵
                                          PID:3112
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:14
                                          2⤵
                                          • NTFS ADS
                                          PID:5576
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:14
                                          2⤵
                                            PID:5820
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
                                            2⤵
                                              PID:2020
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5692,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:10
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:984
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5788,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:14
                                              2⤵
                                                PID:4684
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:14
                                                2⤵
                                                  PID:124
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5668,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:1
                                                  2⤵
                                                    PID:2432
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:14
                                                    2⤵
                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                    • NTFS ADS
                                                    PID:3728
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7036,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:1
                                                    2⤵
                                                      PID:1328
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=4872,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:1
                                                      2⤵
                                                        PID:5236
                                                      • C:\Users\Admin\Downloads\CookieClickerHack.exe
                                                        "C:\Users\Admin\Downloads\CookieClickerHack.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:5548
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4736,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:14
                                                        2⤵
                                                          PID:4032
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:14
                                                          2⤵
                                                            PID:4676
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7300,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
                                                            2⤵
                                                              PID:4816
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:14
                                                              2⤵
                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                              • NTFS ADS
                                                              PID:3284
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7316,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:14
                                                              2⤵
                                                                PID:2292
                                                              • C:\Users\Admin\Downloads\Trololo.exe
                                                                "C:\Users\Admin\Downloads\Trololo.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:3808
                                                                • C:\Windows\SYSTEM32\taskkill.exe
                                                                  taskkill.exe /f /im explorer.exe
                                                                  3⤵
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:1032
                                                                • C:\Windows\SYSTEM32\taskkill.exe
                                                                  taskkill.exe /f /im taskmgr.exe
                                                                  3⤵
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2516
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                                                                2⤵
                                                                • Drops file in Windows directory
                                                                • Enumerates system info in registry
                                                                • Modifies data under HKEY_USERS
                                                                • Modifies registry class
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                PID:3624
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x254,0x7ffaf055f208,0x7ffaf055f214,0x7ffaf055f220
                                                                  3⤵
                                                                    PID:5324
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:11
                                                                    3⤵
                                                                      PID:4736
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
                                                                      3⤵
                                                                        PID:5968
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:13
                                                                        3⤵
                                                                          PID:1496
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4536,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:14
                                                                          3⤵
                                                                            PID:1512
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4536,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:14
                                                                            3⤵
                                                                              PID:3448
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:14
                                                                              3⤵
                                                                                PID:5092
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4952,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
                                                                                3⤵
                                                                                  PID:2596
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5276,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:14
                                                                                  3⤵
                                                                                    PID:4944
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:14
                                                                                    3⤵
                                                                                      PID:5036
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5656,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:1
                                                                                      3⤵
                                                                                        PID:1648
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                    1⤵
                                                                                      PID:2836
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                      1⤵
                                                                                        PID:3748
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                          2⤵
                                                                                            PID:4816
                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                          1⤵
                                                                                            PID:3712
                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D8
                                                                                            1⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:5976
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                            1⤵
                                                                                              PID:4560

                                                                                            Network

                                                                                                  MITRE ATT&CK Enterprise v16

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    77f231115428df1ae61c19c07653d5f5

                                                                                                    SHA1

                                                                                                    a9d330be63ea969636b04ac036d79dc9ab0747d3

                                                                                                    SHA256

                                                                                                    52086d8f1ca9ddeb556ff85914c1e17d29abb42fe8e438293fa99f3c665ee57e

                                                                                                    SHA512

                                                                                                    f8e735d01467e529194f0a4024ea46a24a8d4b667d1f89d703ed1ed833f9f14a768da52d6c92f1c0e535c4d738f9245f42fd425867d2630959cce981e52dd247

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    186f308617c276bef642380e84c73fd8

                                                                                                    SHA1

                                                                                                    b77392f924929880d51ddac635201b3320ce60a4

                                                                                                    SHA256

                                                                                                    1fc78659310bf1adcb621129fc8c80baee7c0fee9a6dd3683d7221be6ecfc97f

                                                                                                    SHA512

                                                                                                    90053f19c608a4ae5b11252202e033e7be8770bd593dd83ab6748ed4509a80aaeb6d91e9e4c31b236314d1532f5e5cc936af7bb5226c5eed93b86ed686dd19a4

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    420e88562823ca3f395b23d13f66496c

                                                                                                    SHA1

                                                                                                    af85c0c19b87ad965ebb2b1d628f466a99dfe8ac

                                                                                                    SHA256

                                                                                                    f15866a511f3f13b09d9f7d41aada5c47ec12db60b551de3101b48b5f08b3412

                                                                                                    SHA512

                                                                                                    fd307c3aa0610d88da0ec6ccd3e157187bbbc215f105b5e067d1d0d326da6fa5170129ff334f65dab69a5ffda32c9a18d0a745cc663ba97b2804fdcb2d9ae6e8

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                    MD5

                                                                                                    df06ef7a77fb71de10cbbf4f7cd91f32

                                                                                                    SHA1

                                                                                                    794846bb2c78e7e6874bcc959be1dcef0de00e34

                                                                                                    SHA256

                                                                                                    cc2ae6724f0751a1e9993286a68460a6c1a5b5feea57cddf7c0b5ce625077d7b

                                                                                                    SHA512

                                                                                                    7613bddc4bc35b5d2492ddcdb3c7976765a45db4cce734ddfa21a3806f28ac9eb121f4f718d0c4a0443659956a44ade937a5f3cd53f7de13d58e03562f050b75

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

                                                                                                    Filesize

                                                                                                    520KB

                                                                                                    MD5

                                                                                                    d0b80097fc74c67b6a5ddde30112a316

                                                                                                    SHA1

                                                                                                    9d84631688f9bae6e68de8c3bcf0fee1cf3e7463

                                                                                                    SHA256

                                                                                                    d13e86eb88f1ead85835cefd69e963b89fd832d08b5f9425816e5739476b1676

                                                                                                    SHA512

                                                                                                    f6daf325cf165580ab2f1797dd3fa71c5389f45b41c2d5a7caed99681bfc34bfa0bd95a061affd5fd0734887293a098f2726bccaa6e6f05c7509d9365b687749

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

                                                                                                    Filesize

                                                                                                    1.0MB

                                                                                                    MD5

                                                                                                    eb26dc192bead94151d8bdbf92e6aa26

                                                                                                    SHA1

                                                                                                    2363b4ed6b68bd5c49bdb77757fbb79812b80e8d

                                                                                                    SHA256

                                                                                                    e0b3ddd2bfab18a9c2282d53097eaa3440062c13a39fb8923d825596adeb3fa8

                                                                                                    SHA512

                                                                                                    bb3cd36b8f49e61373161940593cdf9d48a9ea3bc1e096b395182b3b2a2c6d7337597df16ba00edd8a1ca234a7013543985c341e19d56f23473607f7ea36fcf8

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

                                                                                                    Filesize

                                                                                                    8.0MB

                                                                                                    MD5

                                                                                                    efb31ba42ea54ba88c3ff034226f0ce2

                                                                                                    SHA1

                                                                                                    8a81f6e10a67f62ebd664f5c5dfe2779de334c5d

                                                                                                    SHA256

                                                                                                    90489c6bcb404895b555ab28527630a48f98f5d2ccecb020355c0990c0a9074e

                                                                                                    SHA512

                                                                                                    3039f65fa72231c05516d16723a2257ed3763d5c9663e22bd2613f5f002ab309c0b54452f44a5e9cc10c909c36698c087b3968ec41115bb1fd1416c0541a57f1

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    75c740cb3a1502e37d87bf8aaca7a959

                                                                                                    SHA1

                                                                                                    e3dd9a1a9f9d692a275b208be07d674a277975c3

                                                                                                    SHA256

                                                                                                    d93cdbbe197cd7aa6af24de938837624109d3619cd4e3a9ae5a1671920fa4f06

                                                                                                    SHA512

                                                                                                    46f7285f4a0ba417e51f99da703a66acdce5a70e528189f61008b032415aa4b2cb879d31cf1ce8e9deb9ad1d81659aba7779694ef97996dab02341a50d4d09b1

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    5d0ae66e99d05cabff039c29d3720533

                                                                                                    SHA1

                                                                                                    f49e567e044ac0c66e57a49f1c14b5b8edefb21b

                                                                                                    SHA256

                                                                                                    067d7cda55868fcde73e1cf81eb7e61e6803868de492c73b391fe6f00bfa2517

                                                                                                    SHA512

                                                                                                    92e8ddf5e1e3236f93cbbe4884be25b7a9d7e4f1b4f254a46572bea8805b53b04c604e67dabbbe57c8ec20ea310d1eca7744dc35c782ca6b4484d584bdb4d406

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    bac1d9d6453f2ff9cf460bee8ce47852

                                                                                                    SHA1

                                                                                                    f09a3d37e82d7b57533f7526b06c81affbd1ee5b

                                                                                                    SHA256

                                                                                                    47c7fdb4e05adbd34d96b458734d1d71c83c2563d4156b19dfab4a29cb18a042

                                                                                                    SHA512

                                                                                                    b5765871f90a53a7663bb7db2ed25b14e33046816e2b2e55e8ccde8dfde115a38b4b302414e6f024d0ebfe3a69e23aa85a24420bfb3d6247c99b46223e7f2cb7

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f0a9.TMP

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    8aea487342f2842d8b7c849f97e0fc3c

                                                                                                    SHA1

                                                                                                    3b4c48c7aec2bfa0181851431713f4428e49294d

                                                                                                    SHA256

                                                                                                    3957761f3e83a841b69b3163c1f2e2f9e3ce26bc98333e480c632f430774d321

                                                                                                    SHA512

                                                                                                    1da31ccb994ca80a7cfe25c9ea8e2e33ff2eafd098c84886e3a2c5302f5cff5146ee3a2cde5271b274f7e61852bc198f329e62e6c17ff301a42d43adb46178e9

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

                                                                                                    Filesize

                                                                                                    264KB

                                                                                                    MD5

                                                                                                    3b7dcd64b365b8b3735894de2733482f

                                                                                                    SHA1

                                                                                                    d46b62b9bd18e33502cb528098a564771e48c06a

                                                                                                    SHA256

                                                                                                    5a0b6f8775b44878dac469d67f281a06bc377413f3b9e1a8e791591340cece2f

                                                                                                    SHA512

                                                                                                    a14d06a87a49688ffa36cebc00e421dde590f132d33f5134e153315fa01b5493097a867e662b147706c77131edf5bf68bdbe00ec0137e150ce520d969183e7e2

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                                                    SHA1

                                                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                    SHA256

                                                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                    SHA512

                                                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                    Filesize

                                                                                                    20KB

                                                                                                    MD5

                                                                                                    8041dc678119888a6c57bd4d2f6e15b4

                                                                                                    SHA1

                                                                                                    d918d4ba0da44258daa3ec6d6ec1b4504cdc85ee

                                                                                                    SHA256

                                                                                                    e052cf3292ca1dbf6762b6c7f87ef4f207b2e4a80656e8d8c280733bfb0f13bf

                                                                                                    SHA512

                                                                                                    3f30db4ffce3998833ce905c0676cb54765afd62e2d844181bf741c0bbc1891c9fa16e6536a9295b842cfb466dc169ee7fcbcf880b870c283f3961c1653a478b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                    MD5

                                                                                                    5fe62dd4858378b0c7a29a78471e75af

                                                                                                    SHA1

                                                                                                    73067f9a79150c9d2223c78ddf2726875814f45c

                                                                                                    SHA256

                                                                                                    bab352e4068499562355c493db42394f47700d7922db6d26ddfcb09e10912a8a

                                                                                                    SHA512

                                                                                                    d14fd06ca42bbd71f87ab1d91d06020476b64d7ddebc0d4ed325164b1f0ba07ed011f637ce21afabe709c55021af3035dce6f4a62ccaa12988db71fa6ce2c444

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                    Filesize

                                                                                                    108KB

                                                                                                    MD5

                                                                                                    06d55006c2dec078a94558b85ae01aef

                                                                                                    SHA1

                                                                                                    6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                    SHA256

                                                                                                    088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                    SHA512

                                                                                                    ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    5eab148c8b02dc9e78c98aad4e203b20

                                                                                                    SHA1

                                                                                                    cdc650831e6a12303c2f8c9fc64f139aceab8c6c

                                                                                                    SHA256

                                                                                                    4cdfa671e79c644bf8c78f683bfcd489af318e332388a758118d9f2fc296c6de

                                                                                                    SHA512

                                                                                                    954e2c3f1d924661362df7f848d0073ef854d7d23fce6c649cc4cf86612c61981cd44d1ea82b64cb1dc94d27cc347327db3a0c46f2e9467d9e0d29419726f6bd

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    67ec4d222dee7c7f5a71aac1d8b11ba0

                                                                                                    SHA1

                                                                                                    98207534b24f38ae6d2e6ce5deb4a4b0bc26ddfa

                                                                                                    SHA256

                                                                                                    0e3aff85c94cbf4c13a9c624c57d9196c028e623ce973079731ecdce7750ccfa

                                                                                                    SHA512

                                                                                                    0620320ec9245e9063aac8cc7bdc1f9f5c0eb3a9c45b751b2ff47d4016ab830ea07f6360aa00fdeb0d0a76cb77fdacbabf09ac7ab99b152159baf419360433bf

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    7a25ae1663331c63321c37121bef683b

                                                                                                    SHA1

                                                                                                    9b209448cd391177d290e7e8b4176de62594ff56

                                                                                                    SHA256

                                                                                                    ebc043644f11fe8c9feb8bd97996aaf5d5f607e096b8afb98d6c395305375d99

                                                                                                    SHA512

                                                                                                    1e0c88ca510b0de4e2f9d07e1e2833295f1f4941f409a42f1f9b3c7ad27be47b0455a4e33a520b59ced99b83daa96a716ffdf0129700073231940b8f03fa513d

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    0e665a1382520e153c89aa2f1afc994c

                                                                                                    SHA1

                                                                                                    22024808476e6fe0b945c7c9bf444906b968e0d6

                                                                                                    SHA256

                                                                                                    e0c4cc5b93e9239ac412e93d4de1a59267c42a3a5b27bd62149c19611a865e11

                                                                                                    SHA512

                                                                                                    89793b539138a39b2d2b92113cd36dc3bb22d519b85064892e6c664da985e1a080593d8817207e36aa53e0acdc259b958211490916586be2d1f1734c709e267b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    d751713988987e9331980363e24189ce

                                                                                                    SHA1

                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                    SHA256

                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                    SHA512

                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                    Filesize

                                                                                                    40B

                                                                                                    MD5

                                                                                                    20d4b8fa017a12a108c87f540836e250

                                                                                                    SHA1

                                                                                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                    SHA256

                                                                                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                    SHA512

                                                                                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    18KB

                                                                                                    MD5

                                                                                                    f10b3af7a6b0351602bb9d72288c1936

                                                                                                    SHA1

                                                                                                    e097023e66a9bc5f947a581a2ef1a8d53dcde17f

                                                                                                    SHA256

                                                                                                    1653e96b5b2f0b80c176597937af6eddebb1330771aaf6e72fe6a803d85954b1

                                                                                                    SHA512

                                                                                                    bf2a291da3581d51c74a7d355bd927ccbcc814dfaa4c4a86e77c27c05fcd78fe21d08e6c800a56c96945a1fd0a490dc5f58b5a33ab1717b9947b36360f7c3764

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    19KB

                                                                                                    MD5

                                                                                                    7997c037d296c644fa3b1e6ac0dab333

                                                                                                    SHA1

                                                                                                    163fb4895cdfcb7b0abf4495c2c6efd94e355070

                                                                                                    SHA256

                                                                                                    a7824dbd0a2b86b1ae6708531c837f2601871c83ae24440b2fa178f3035b173a

                                                                                                    SHA512

                                                                                                    23f8c3ad368b4b6488f5da1cc26812d09d743a466ecbe72199646ee7119323c17c795d07dfbf29f29bca66b8692d473ece079f2eb42ab299a0a50d2ce3d72edb

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    18KB

                                                                                                    MD5

                                                                                                    bc6ea2b2792fd15735d3a4962dfc5ce0

                                                                                                    SHA1

                                                                                                    b46384cb752f48e15feb3753796601377fc22bf8

                                                                                                    SHA256

                                                                                                    784d8fd73a8405e6a625ee7d9b5653dbee98c7ede9af5870d027b46d52d14a2f

                                                                                                    SHA512

                                                                                                    cbd861ee76b7866a75a1a29847bf07d2e7ed6c48f5bb994f5d8d3893244a1df611f73cc42fac572943522520419cc62f6c46560c6666988941b66947f73d5ee4

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    17KB

                                                                                                    MD5

                                                                                                    8c7421bc4532b41cba3d8e05b4b23d50

                                                                                                    SHA1

                                                                                                    782e4c9f9379bcbdd4ab6b7b425da271862a9a6c

                                                                                                    SHA256

                                                                                                    759891c025dd6df8f587651779169fa82e016ab08bdd1b0e14d4bfeee52e70ef

                                                                                                    SHA512

                                                                                                    f12ba8b3a152c4f8b1b133f83cf2adb22bc12616c4fec6c79b37046de50fe6739eaea4507aa8614a67c1e46c47fe8f00dc58792e690aec9790945dde10a73e71

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                    Filesize

                                                                                                    37KB

                                                                                                    MD5

                                                                                                    45d13df293bd6cad9cd920fab8fe85fb

                                                                                                    SHA1

                                                                                                    5c75bd2c332ac4f3a25cdb6c5bd22299c23e3780

                                                                                                    SHA256

                                                                                                    8c06b4ba80fa158548ba808ca59eb6b43b40355b09173f0ac5014546deb68071

                                                                                                    SHA512

                                                                                                    b37ce578bfe38090b10c1c740c7a2b39b78063ab827fa8bf2f9f363e2f8eaba95521af4cb4e3585409d30dbee31e43be87cfbb4365fab1f99e7215ed24ec4aaf

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6571856-371a-4f7e-b43f-ce86e2b0351d\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    aec2b66e2f070b4413a87adb852d394f

                                                                                                    SHA1

                                                                                                    54c53f5777c28cb26e0654ffffe4554b27c2f28a

                                                                                                    SHA256

                                                                                                    5e29b69d1263c3dece4674943cdffed953f51747a75ff90ca57ac173c11f79d6

                                                                                                    SHA512

                                                                                                    c2eb4b5c92fa3d6e83a9b7cb4213c2fc57142a6d1abb297dae3a2c33754ac7ed51a2c7312a7372aa5d32729d8c9ee1cc592ed3eb05d2f4bb75f591d070af2933

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6571856-371a-4f7e-b43f-ce86e2b0351d\index-dir\the-real-index~RFe5ad2e2.TMP

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    dd15c27e3be275d8f881f71ed184f5e6

                                                                                                    SHA1

                                                                                                    e5b70584239631b71ec0bacedfc6f559f8be5eb6

                                                                                                    SHA256

                                                                                                    4cae596156e273fe29ce26e6e60ce5ae496168dbb52e1383ee01e7930338e8aa

                                                                                                    SHA512

                                                                                                    6eca270f05313db63d569f121f3ceb8a0e32f8e01fbed56abbd6ee1bdfa8a765076eae82bbdd156cdc9a13ad9b67235d297bb08c21105c4763fe9020176da447

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                    Filesize

                                                                                                    335B

                                                                                                    MD5

                                                                                                    14e7b00e7e99bcf7c30a9fda6fdbf0e1

                                                                                                    SHA1

                                                                                                    c08439044c65a6b36c10698cd99aa020fe01bb1d

                                                                                                    SHA256

                                                                                                    b6a9f8449d830e8f6114fd1202f6efc7b911b290ee3ca529fb885bed7e839d14

                                                                                                    SHA512

                                                                                                    97c80945acef744fefe44d7c20ceab2e6a623e25f82b18f32757e2f8cd3c77dad57fc4708ed2819934c29a3a079c7f6cb2a22f52bf8ac29b3e0ebe065621022b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                    Filesize

                                                                                                    347B

                                                                                                    MD5

                                                                                                    0eb525d66a5b8505cc6d9e2ec730e7d0

                                                                                                    SHA1

                                                                                                    a91daddfa19b13807f098263ee2a982dcc1f255b

                                                                                                    SHA256

                                                                                                    625b6300083c63143390be7abfe61f6546a975cb2d9538eaa1ab6594f725d231

                                                                                                    SHA512

                                                                                                    e4ab05bf5399a7112d25ccd777802726e5e8948994927d258a7af4246f762bc2179beb0660b7198363b88e740757f6191cc517c91719e27388b65ce09f4e6bc7

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                    Filesize

                                                                                                    323B

                                                                                                    MD5

                                                                                                    5a83d815588459a9fbce0a394d6a839f

                                                                                                    SHA1

                                                                                                    4e7f8886b1e6288f693340ff11ce8e139cb14b9e

                                                                                                    SHA256

                                                                                                    12f88f6bdb16023aa25090126dfeb4773436327048ce4061a6561bab163999c7

                                                                                                    SHA512

                                                                                                    5884b796d5b2d8611a621650c5fd45eea7f531e0a3955bc9d7890910240ece4b28f606fe6faaf8e7e0b0f66101155e0d35f08ee2ef841ae9c38c9166a4b92971

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                    Filesize

                                                                                                    22KB

                                                                                                    MD5

                                                                                                    2634fda2d1ec6f76b6b26dc4b77d6364

                                                                                                    SHA1

                                                                                                    d8e62308d00186f4b97c8bed69275340b33b9124

                                                                                                    SHA256

                                                                                                    99a048572bbb5ecdbc93b57ae468eee80b8097ce9772a03eb7dac086b5c72de8

                                                                                                    SHA512

                                                                                                    60f891ac3228f23b8be9ffcba42718aa66ade7afd1fb860003c22699c89ff20187ca682da411768c82ab7ed7d4ab36ccc2cbe1d6b07a5a385bf12290df17232e

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    MD5

                                                                                                    c6e522c466c8716aa4f5ce28927c4efa

                                                                                                    SHA1

                                                                                                    14d0e7382f1108c94ec6156c457536d465d1f2ed

                                                                                                    SHA256

                                                                                                    e8df060b9648bdc0b5edaa039aa0df34770a4c1f3b3f9298c5efb2a81c1ff04c

                                                                                                    SHA512

                                                                                                    f186ea521f552bfd319e24103f9d4d38b6ba4aa4846356f1407369024c1404e1652654e31eaf8d7302067e449a1a268d5d84a24fb6c801823d018ec184a4c62f

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

                                                                                                    Filesize

                                                                                                    13KB

                                                                                                    MD5

                                                                                                    256c40bace492c4e28451ce149d2f9ac

                                                                                                    SHA1

                                                                                                    b48b0eaf986b9efc91d5c8dd394dccb6d82e2adc

                                                                                                    SHA256

                                                                                                    f9e4da319fe1f5a7d497c452421f4648a24ec7588f309ebea0f0cd61a6251eef

                                                                                                    SHA512

                                                                                                    33b38d1ced015798722180fc8c8ce6daedb18cd5d0e4b3db27d6176c13cf3ccb1bd79f2e68ca390d6eb43ac508c29067e8f1a3ee9f0167cabe37ebbddf6b0ec0

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                    Filesize

                                                                                                    462B

                                                                                                    MD5

                                                                                                    2e0600eaa46107608586ae685e7f8837

                                                                                                    SHA1

                                                                                                    e6694c27dd832e297b9300d811aa6111b6d6063d

                                                                                                    SHA256

                                                                                                    20807117a5eefd2a70cd18b5eb24135da90b1bf55d034efeedfde95c39e841e4

                                                                                                    SHA512

                                                                                                    cbeb8dc8b5bc45b8582b191a89f14c62febf014430f81fdf66b5b8945fb6c143706ec5eb37ce2fdf96a2b01b8a5cf74f2a812f91b324c5ca482f8205e8f0d118

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                    Filesize

                                                                                                    13B

                                                                                                    MD5

                                                                                                    3e45022839c8def44fd96e24f29a9f4b

                                                                                                    SHA1

                                                                                                    c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                                                                                    SHA256

                                                                                                    01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                                                                                    SHA512

                                                                                                    2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    61KB

                                                                                                    MD5

                                                                                                    4c3fa29c3509bc0a89be011b915abfdf

                                                                                                    SHA1

                                                                                                    3941301486c34deec1217df81a67627dac1904a3

                                                                                                    SHA256

                                                                                                    746c78eb2966b5a6515ba0b1ed580fac7e84253f8d8b5e296301912c9359bb0c

                                                                                                    SHA512

                                                                                                    5045024cb68e2348ce70f8cf523b15339bc1ceb1c1ca45e9088f55460ba0535d911bee5bc1412c48c9c43cf248ac9c1bbc47f575a6870686ab84344b1918ec3d

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    53a880146332afe7f5a7dec2d3e50bab

                                                                                                    SHA1

                                                                                                    35cb694ec140febdb8940dd56b50785f87bcaf3b

                                                                                                    SHA256

                                                                                                    e7655312764b70953fe08cf84c0dbf81edda8926d8f92448eb5d520473ce4533

                                                                                                    SHA512

                                                                                                    2873f25ec0dced769ee2ddfadb49bb476664f04b34f936a8ad18f0dfe355131926535f1e254f0965481bc92e1d321940f89f39cc269865004373a479c1711cc2

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    40KB

                                                                                                    MD5

                                                                                                    bbffeaae613276b53530b9143dbe80cb

                                                                                                    SHA1

                                                                                                    fb642966e4e9e0efe1ab60215d01123115912bf1

                                                                                                    SHA256

                                                                                                    be35730e0b470b7d93fcf5669a92fcd5337988f99ac81107e94ab8f70c9b9f2b

                                                                                                    SHA512

                                                                                                    5eaf69e7e2e5fc71f9ec900bc6c5f6e8079aedb3372fee5cbc08b0cfdc8a9ec2bdc2f8e95d918462c8537812b6f9976426090c6b9d99eb4428664f8f7f96710f

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    cd91e041e6cac485f9b703cc36c882f0

                                                                                                    SHA1

                                                                                                    75d5d13fde0d47895b6e1ee70f849e78ce2ddce7

                                                                                                    SHA256

                                                                                                    b126b7fe5839967eecab5302ec0ead659816c9ee553f70886df48bbcd6274589

                                                                                                    SHA512

                                                                                                    f1532ca48b5143ee48c002340b5430851fb2cf8deb80c83cf466b0eac3506c6168e93479404dcca7ef81a43e655346f345fc60d573903847f36a09f7710348de

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    099b85c3c489d764da38f2887ed65e7a

                                                                                                    SHA1

                                                                                                    f43d92ac2ece69793de096b6315ca73a77e22fcf

                                                                                                    SHA256

                                                                                                    788984e0d2106d334c776ea06f3b0d47a85c56b9a15bc852926114d97fc030e4

                                                                                                    SHA512

                                                                                                    a91e22cea1835a1be5b5d38c9045d9e9472c9c2ec95907103c98fbcb2cf447a54bfb9a2a0ab3ffaa6638904faeaab212aed708459224b16b8e00faee971247d1

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    61KB

                                                                                                    MD5

                                                                                                    b6a88ef572581fcd12433e35844ce5e6

                                                                                                    SHA1

                                                                                                    11741449e679b4d6be55d048a5a414f81f4b18f3

                                                                                                    SHA256

                                                                                                    8660f22a1a129e17ebf87ea7744782e4d9d229b53758a5d910924c26dbefac35

                                                                                                    SHA512

                                                                                                    13694b1e10e38508953b4f4c83891c5db807e47c46c2a6b0aef7051bea25482fb04c57a332093a303fd7f7d79a19de42ec1a12cd5cb14c14c478d32bda7ff6fc

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    40KB

                                                                                                    MD5

                                                                                                    e99308bfce325a030a8ef6d9781f97f0

                                                                                                    SHA1

                                                                                                    90c63c99e82485a660aad19ccc1579f5b6af7916

                                                                                                    SHA256

                                                                                                    169caa7eab52656efc664b7ae6c0145196eb5c07602aa59e794dd38e7bd0422d

                                                                                                    SHA512

                                                                                                    c4d7a43fb65a00d517212cfda091d2d55cede59ea99e3f8368382386c7fa078ef33d3ad38a34589a2aef0dc7334752022a2226b5ba1d86ac9935364d7b9511da

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    25097501c162903faa99ffbe0a2b3e62

                                                                                                    SHA1

                                                                                                    65cd33f24077ef385190f20cf3dd0d97b04437dc

                                                                                                    SHA256

                                                                                                    5f4f82a63cc98fe829dc6292bbc4976607b72d58e1d4e279915ab20e35829d9a

                                                                                                    SHA512

                                                                                                    270b432ca1cb43059d3033fd34fceb68c72053894ac4c0575c74bb46787f49932cec03bd2abbac217918d92d6506c030e328c57a1985d1e44a5cfe3f6086e005

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    cacbbbce31771977b97688c6bd2c7374

                                                                                                    SHA1

                                                                                                    543fccda8f4b5781d7cd78b51f17a7e61a50edca

                                                                                                    SHA256

                                                                                                    a07d92814c31e7852d641d606420be4f89f363bab0d2a8f495992e5f54091386

                                                                                                    SHA512

                                                                                                    c44536fb2a0521699eaddf9861c5c38f22723d90c5ce5db9843bfc87b585fcad4020fa3cc1046c2038b890824a779e175c7d970912ee25af37359445cc2773d7

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    26f9fce46631c73ace29c07ec2680a7f

                                                                                                    SHA1

                                                                                                    0127afa70fbca06a4e6ec906649214d439e9cc8e

                                                                                                    SHA256

                                                                                                    446a2a373bef14ffe5bffdf411b6c016ddd6c9d0992eaa783ae115384ecaba83

                                                                                                    SHA512

                                                                                                    3fa438bdf8e04cafa08a6e09d05edcbe25e77cfa8359d44d00f01cd1e53d07b6f8da1a9389acf3db34a4487e8b168c425a299755b9ff7bdcdfa0965c18c3981a

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    2e46fdb400607d253b499a72f51a5319

                                                                                                    SHA1

                                                                                                    67ff99bb28da0c1d19f50020ae1a0cf5afbfca73

                                                                                                    SHA256

                                                                                                    fd43bf3ef2f99b9e0a9ee9e6d3f1c3e96421415aa0b8ed309f9ef6660364d1c6

                                                                                                    SHA512

                                                                                                    7bc7270cc8c1b181ab5331df1dcfe007cc0461d81eabf2aedc97df60a85568d3fb3418a1120b9463d3872a7201123aa085f053f27d8b588cc62423b478d0c866

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    8e4ffd99bba92617a61655e57ba280d0

                                                                                                    SHA1

                                                                                                    db1acdcaf676c427327efb66b135d6bf5f6175bf

                                                                                                    SHA256

                                                                                                    88ff2b00bd9a5cd2ba2936f6235efae3a3700b79d70f6180b5f825ba3cbba962

                                                                                                    SHA512

                                                                                                    ed5097c673dfc091f8e3397537ba648c91a4aad9669a0e9cbfb90bebd05d3f0becfc4686b8c54e3384abe410f3b9a8b126fe80f3b98167b146da22b6b824c734

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    563580c53a186c6fda68085b059dbd7a

                                                                                                    SHA1

                                                                                                    673d5ff02885119b65d1398dd766f30b145589f9

                                                                                                    SHA256

                                                                                                    feca7235ee894cba6bc7df395eaaff655971319ee10cf492fbb0dd2378dff62a

                                                                                                    SHA512

                                                                                                    7052006b63728b6c0d986258d06364dec7da4dc9b3a51dc717321a538276f2adf3e8360949509ff843753a0b69ff49728680e60a06e4d549ad524b0698c73c42

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    0937ccdfe97da46f1ae2d5c6b67f8a67

                                                                                                    SHA1

                                                                                                    533a15d74be3f7faa6a94745d82265b88b29501b

                                                                                                    SHA256

                                                                                                    212f977865dabf91f83df710c9ec02786aeba26c614c586e1a34ed6f1ceb294f

                                                                                                    SHA512

                                                                                                    fc59f18694772be908efc332564a80b53ce42ee199a6a002f35b2998fcf168aed72359c5be1aef71def665c9284e68c0565a8081e1215f33be7afcd58bc749de

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    6ec98056879385c65a772f9c28439947

                                                                                                    SHA1

                                                                                                    5806abfd2026e76de686953bcdd99cd58f9a3575

                                                                                                    SHA256

                                                                                                    320bffdb879c0fc9346dadbf5aa27f4c206deb6626a09cc3fec5baf38d91c0b6

                                                                                                    SHA512

                                                                                                    0d47ccb4ef2ebfd9d7f26620e3b4394d0d3ad1d5d0b9d8e0b79a4be4e6604e14e2ea5b344c1705dc6652a390e191d1963935d0ca4c0cd257194adb845e861424

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    abc00830e83e4d1395485d5dca26e049

                                                                                                    SHA1

                                                                                                    cf79729c6d7a2a974ee4a20705991a2e3da8b6f5

                                                                                                    SHA256

                                                                                                    d8728e89d71ddb0a03c2315a693dc18a45be9477e637eaa2e627b41d603f04bf

                                                                                                    SHA512

                                                                                                    079712b9c1ae4c86c36ae5e698118dde7fc239755881cf0ebed3f628ca447ab581d943378b3a5b21ebe87629872f41a53cc51f68606be0d202e084dc5d738252

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    41d9385a4eff8de6bc016ac17215c03c

                                                                                                    SHA1

                                                                                                    35f108bd9028a1145f642c49f6938655f3f1a572

                                                                                                    SHA256

                                                                                                    0860dbf3b42aab9d277167be1098c09debd5e79ccf817ee0f303bf4edc0e443f

                                                                                                    SHA512

                                                                                                    042736b92902a0761403d536fe26c4648d1f00a7657591f60069955a97e115e26bfa806c06def9f751e10f27b7a25ddfca029f5b13917b3119b43f27f36cc283

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57c004.TMP

                                                                                                    Filesize

                                                                                                    392B

                                                                                                    MD5

                                                                                                    266fcf7ae05e4885dece090adfe1f325

                                                                                                    SHA1

                                                                                                    308b493b4a3c3320f645763aa6cd0a8e14421c4a

                                                                                                    SHA256

                                                                                                    b062a1c9a04137fe432a9c5abbebd404a5270f17e7492ac78dd7b5e54c186b39

                                                                                                    SHA512

                                                                                                    4f66f1e5b09d8d5299c68d0cce52dfc1d326f440d7446504ddba2f560d45b536c9b615c7546a8622d95057869d7bfc5d67777de5074035c8aed7232d0bd8dd2c

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                    Filesize

                                                                                                    264KB

                                                                                                    MD5

                                                                                                    719f725bb1709be7cc3e7375998c86da

                                                                                                    SHA1

                                                                                                    11ea3c281a61b3e5be036f929814d40f46d8ce5d

                                                                                                    SHA256

                                                                                                    91a7d9c230ecf1bcfc56155b5dbf7c62acc03f1e99f8263cf93da45dbda5341f

                                                                                                    SHA512

                                                                                                    3d4466ce84024c2cab962b384670885bac2a5f6e992e3dc6bbf137aa2b1b11f7aa3b67ffb1d8f91e790b1e6152baad20e2aa72e1cb5b469af2ded019eecee48c

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.80\Ruleset Data

                                                                                                    Filesize

                                                                                                    2.8MB

                                                                                                    MD5

                                                                                                    3cdc93384b8e09c529d6dcd2f9df18ad

                                                                                                    SHA1

                                                                                                    4840919262721c45a058004024748e4ec898044e

                                                                                                    SHA256

                                                                                                    b55d5717a543625a2aa3671e662bb59201548076fe9c3fb41e604c7f54b8b030

                                                                                                    SHA512

                                                                                                    0994f3d74b0e23f83e92fc72db02d92d5bc7f7a0ea13b8ea92ab8b07ccb97450a101bbfa684159c5b6d56724f64d6fee9c3378f7ad40088b802851c80b7c2ef5

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

                                                                                                    Filesize

                                                                                                    1.8MB

                                                                                                    MD5

                                                                                                    faf01ed2c0020f8fa512ff379d82c211

                                                                                                    SHA1

                                                                                                    233d104dfe718231837e33c5543085b6dba5cd8b

                                                                                                    SHA256

                                                                                                    192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750

                                                                                                    SHA512

                                                                                                    8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

                                                                                                    Filesize

                                                                                                    24KB

                                                                                                    MD5

                                                                                                    aad9405766b20014ab3beb08b99536de

                                                                                                    SHA1

                                                                                                    486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                                                                                    SHA256

                                                                                                    ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                                                                                    SHA512

                                                                                                    bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.9.1\typosquatting_list.pb

                                                                                                    Filesize

                                                                                                    67KB

                                                                                                    MD5

                                                                                                    a50b46aa311787328482750c251d2633

                                                                                                    SHA1

                                                                                                    eaa327f9a89e5ec13301979f4ce49a36fc871049

                                                                                                    SHA256

                                                                                                    019b9efc88e3e5939912472d7a9e43a8d9b675fff7ebf9b7b445042f6de4b721

                                                                                                    SHA512

                                                                                                    a6820b29aa645abebeca3683ceb91372d69d8e589859e03f653ad6b2f3470ce2248603ce265c5d11f3da4833776d22493f3371e8e297591b678fa364bb5dc149

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                    Filesize

                                                                                                    86B

                                                                                                    MD5

                                                                                                    961e3604f228b0d10541ebf921500c86

                                                                                                    SHA1

                                                                                                    6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                    SHA256

                                                                                                    f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                    SHA512

                                                                                                    535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.22\manifest.fingerprint

                                                                                                    Filesize

                                                                                                    66B

                                                                                                    MD5

                                                                                                    c00b0e76dd1d6803e161f3064b6e6692

                                                                                                    SHA1

                                                                                                    0d7fd4a321a38026b31b2b70c6d2a9f84db47fff

                                                                                                    SHA256

                                                                                                    e3dd51712598d3fc268cf56a6859747e596e79402cdd4099da9a79a4faab8d82

                                                                                                    SHA512

                                                                                                    d594f2c56571845110a0b221ec22e06f0aace0602b7035acf32f0af4e3e4e6791bd5c9be1088f3310a5cb4b607014ee3fa6e71ead190be7ddcddde8cddfe2e9e

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\hyphen-data\120.0.6050.0\manifest.fingerprint

                                                                                                    Filesize

                                                                                                    66B

                                                                                                    MD5

                                                                                                    1d09a9a5e62b846125cd7b929cccbe44

                                                                                                    SHA1

                                                                                                    5271237c4d13f7735689a5acc52e48c491669aa3

                                                                                                    SHA256

                                                                                                    1703e4e777b285aba435e71256890a5fe92d24cb01e0eefd03baddca228eee2f

                                                                                                    SHA512

                                                                                                    cd2a2acc126ac6a7dcc81088047c894a427a44c5caa96003c1f3521beac3b46c117f0794e564838de14a18a3f65cb7988ba86b404e690ec77a57518247c03fbb

                                                                                                  • C:\Users\Admin\Downloads\BlackDream.zip

                                                                                                    Filesize

                                                                                                    166KB

                                                                                                    MD5

                                                                                                    aa50bdf934d5e3e82b343e513cd08d9d

                                                                                                    SHA1

                                                                                                    63b4188400fb1028c3fd20c4fc321f3febd87f6b

                                                                                                    SHA256

                                                                                                    febfa45cfc764dbf6895ce12f312ab85408fce2be85cf52ae11110fced7b1682

                                                                                                    SHA512

                                                                                                    23961f5b0feebb8e9dbe3c53818903286c1f918bd1f396b8e7f8cb5019f94efb996ab2654696ec2ae7d434cb7c2ffa520573024f5d0668634be7799ee570ba47

                                                                                                  • C:\Users\Admin\Downloads\BlackDream.zip:Zone.Identifier

                                                                                                    Filesize

                                                                                                    55B

                                                                                                    MD5

                                                                                                    0f98a5550abe0fb880568b1480c96a1c

                                                                                                    SHA1

                                                                                                    d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                    SHA256

                                                                                                    2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                    SHA512

                                                                                                    dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                  • C:\Users\Admin\Downloads\CookieClickerHack.exe

                                                                                                    Filesize

                                                                                                    68KB

                                                                                                    MD5

                                                                                                    bc1e7d033a999c4fd006109c24599f4d

                                                                                                    SHA1

                                                                                                    b927f0fc4a4232a023312198b33272e1a6d79cec

                                                                                                    SHA256

                                                                                                    13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

                                                                                                    SHA512

                                                                                                    f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

                                                                                                  • C:\Users\Admin\Downloads\CookieClickerHack.exe:Zone.Identifier

                                                                                                    Filesize

                                                                                                    26B

                                                                                                    MD5

                                                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                    SHA1

                                                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                    SHA256

                                                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                    SHA512

                                                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                  • C:\Users\Admin\Downloads\Trololo.exe.crdownload

                                                                                                    Filesize

                                                                                                    3.0MB

                                                                                                    MD5

                                                                                                    b6d61b516d41e209b207b41d91e3b90d

                                                                                                    SHA1

                                                                                                    e50d4b7bf005075cb63d6bd9ad48c92a00ee9444

                                                                                                    SHA256

                                                                                                    3d0efd55bde5fb7a73817940bac2a901d934b496738b7c5cab7ea0f6228e28fe

                                                                                                    SHA512

                                                                                                    3217fc904e4c71b399dd273786634a6a6c19064a9bf96960df9b3357001c12b9547813412173149f6185eb5d300492d290342ec955a8347c6f9dcac338c136da

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\manifest.json

                                                                                                    Filesize

                                                                                                    116B

                                                                                                    MD5

                                                                                                    a4edf901d950a9758ffe578ff1b03212

                                                                                                    SHA1

                                                                                                    cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5

                                                                                                    SHA256

                                                                                                    aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd

                                                                                                    SHA512

                                                                                                    835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-as.hyb

                                                                                                    Filesize

                                                                                                    703B

                                                                                                    MD5

                                                                                                    8961fdd3db036dd43002659a4e4a7365

                                                                                                    SHA1

                                                                                                    7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                                                                                    SHA256

                                                                                                    c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                                                                                    SHA512

                                                                                                    531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-hi.hyb

                                                                                                    Filesize

                                                                                                    687B

                                                                                                    MD5

                                                                                                    0807cf29fc4c5d7d87c1689eb2e0baaa

                                                                                                    SHA1

                                                                                                    d0914fb069469d47a36d339ca70164253fccf022

                                                                                                    SHA256

                                                                                                    f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                                                                                    SHA512

                                                                                                    5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-nb.hyb

                                                                                                    Filesize

                                                                                                    141KB

                                                                                                    MD5

                                                                                                    677edd1a17d50f0bd11783f58725d0e7

                                                                                                    SHA1

                                                                                                    98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                                                                                    SHA256

                                                                                                    c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                                                                                    SHA512

                                                                                                    c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\manifest.json

                                                                                                    Filesize

                                                                                                    82B

                                                                                                    MD5

                                                                                                    2617c38bed67a4190fc499142b6f2867

                                                                                                    SHA1

                                                                                                    a37f0251cd6be0a6983d9a04193b773f86d31da1

                                                                                                    SHA256

                                                                                                    d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

                                                                                                    SHA512

                                                                                                    b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2102106451\manifest.json

                                                                                                    Filesize

                                                                                                    117B

                                                                                                    MD5

                                                                                                    ec2d07974ef45152a83c82d09a08e138

                                                                                                    SHA1

                                                                                                    cdfca8778648c74844b359b2d0f1d405302de8f6

                                                                                                    SHA256

                                                                                                    bd6ad3cd015f36a4958892945f666703aeb10b2999422f58b699ba2d0895fa87

                                                                                                    SHA512

                                                                                                    a9ec4562f90d2400229c6b30259ba569181398e20ede3dee4e8199a3c46f7607de5f78ab2ca115d83e7296f4e373625790ebe00108f1d0568b8f6f42cbc26dde

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_630909388\manifest.json

                                                                                                    Filesize

                                                                                                    176B

                                                                                                    MD5

                                                                                                    778202dc964e7fb0ab5bed004f33fb14

                                                                                                    SHA1

                                                                                                    932ed013275e2c1172575885246c937c7cca87af

                                                                                                    SHA256

                                                                                                    4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9

                                                                                                    SHA512

                                                                                                    9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\LICENSE

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    ee002cb9e51bb8dfa89640a406a1090a

                                                                                                    SHA1

                                                                                                    49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                    SHA256

                                                                                                    3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                    SHA512

                                                                                                    d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                  • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\manifest.json

                                                                                                    Filesize

                                                                                                    85B

                                                                                                    MD5

                                                                                                    c3419069a1c30140b77045aba38f12cf

                                                                                                    SHA1

                                                                                                    11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                    SHA256

                                                                                                    db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                    SHA512

                                                                                                    c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                  • memory/5548-1100-0x000000001C980000-0x000000001C9CC000-memory.dmp

                                                                                                    Filesize

                                                                                                    304KB

                                                                                                  • memory/5548-1099-0x000000001BBB0000-0x000000001BBB8000-memory.dmp

                                                                                                    Filesize

                                                                                                    32KB

                                                                                                  • memory/5548-1098-0x000000001C820000-0x000000001C8BC000-memory.dmp

                                                                                                    Filesize

                                                                                                    624KB

                                                                                                  • memory/5548-1097-0x000000001C240000-0x000000001C70E000-memory.dmp

                                                                                                    Filesize

                                                                                                    4.8MB

                                                                                                  • memory/5548-1096-0x000000001BCC0000-0x000000001BD66000-memory.dmp

                                                                                                    Filesize

                                                                                                    664KB