Resubmissions

15/05/2025, 11:46

250515-nxep6swvdt 8

15/05/2025, 11:41

250515-ntn5favmx9 10

Analysis

  • max time kernel
    871s
  • max time network
    881s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 11:46

General

  • Target

    https://github.com/GameFirstIV/Wannacry/blob/main/Wannacry/Wannacry.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/GameFirstIV/Wannacry/blob/main/Wannacry/Wannacry.exe
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2e4,0x7ffba179f208,0x7ffba179f214,0x7ffba179f220
      2⤵
        PID:3968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
        2⤵
        • Downloads MZ/PE file
        PID:4016
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
        2⤵
          PID:2908
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:8
          2⤵
            PID:1236
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
            2⤵
              PID:4288
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
              2⤵
                PID:2060
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4168,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:1
                2⤵
                  PID:3392
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4276,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:2
                  2⤵
                    PID:3108
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
                    2⤵
                      PID:4484
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
                      2⤵
                        PID:1652
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
                        2⤵
                          PID:3564
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
                          2⤵
                            PID:4700
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
                            2⤵
                              PID:2192
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
                              2⤵
                                PID:4840
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5408,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
                                2⤵
                                  PID:3160
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
                                  2⤵
                                    PID:2444
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
                                    2⤵
                                      PID:4076
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
                                      2⤵
                                        PID:1396
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:8
                                        2⤵
                                          PID:4516
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
                                          2⤵
                                            PID:1272
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6924,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
                                            2⤵
                                              PID:1620
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7116,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
                                              2⤵
                                                PID:2076
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3712,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:8
                                                2⤵
                                                  PID:5492
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8
                                                  2⤵
                                                    PID:5500
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7056,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:8
                                                    2⤵
                                                      PID:4420
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
                                                      2⤵
                                                        PID:2664
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6988,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:1
                                                        2⤵
                                                          PID:2512
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7012,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:8
                                                          2⤵
                                                            PID:4076
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:8
                                                            2⤵
                                                              PID:4304
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=4572,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:1
                                                              2⤵
                                                                PID:2884
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4608,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
                                                                2⤵
                                                                  PID:3156
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4280,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:8
                                                                  2⤵
                                                                    PID:5380
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
                                                                    2⤵
                                                                      PID:5504
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
                                                                      2⤵
                                                                        PID:5484
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:8
                                                                        2⤵
                                                                          PID:4060
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=868,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:8
                                                                          2⤵
                                                                            PID:4000
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
                                                                            2⤵
                                                                              PID:5476
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6192,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:3204
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
                                                                              2⤵
                                                                                PID:6072
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:8
                                                                                2⤵
                                                                                  PID:3884
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3324 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5440
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3440,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5616
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8
                                                                                      2⤵
                                                                                        PID:2332
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
                                                                                        2⤵
                                                                                          PID:1980
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3132 /prefetch:8
                                                                                          2⤵
                                                                                            PID:764
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:8
                                                                                            2⤵
                                                                                              PID:3876
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
                                                                                              2⤵
                                                                                                PID:2348
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6704,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:1800
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3240,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=1296 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:3280
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3288 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:5852
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7120,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5424
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6780,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:1124
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5888,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:2924
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6784,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:1256
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,7460377108940594947,11967547558438801510,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:2272
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                              1⤵
                                                                                                                PID:3564

                                                                                                              Network

                                                                                                                    MITRE ATT&CK Enterprise v16

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1296796242\manifest.json

                                                                                                                      Filesize

                                                                                                                      134B

                                                                                                                      MD5

                                                                                                                      049c307f30407da557545d34db8ced16

                                                                                                                      SHA1

                                                                                                                      f10b86ebfe8d30d0dc36210939ca7fa7a819d494

                                                                                                                      SHA256

                                                                                                                      c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

                                                                                                                      SHA512

                                                                                                                      14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1495693770\manifest.json

                                                                                                                      Filesize

                                                                                                                      135B

                                                                                                                      MD5

                                                                                                                      4055ba4ebd5546fb6306d6a3151a236a

                                                                                                                      SHA1

                                                                                                                      609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

                                                                                                                      SHA256

                                                                                                                      cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

                                                                                                                      SHA512

                                                                                                                      58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1501504616\manifest.json

                                                                                                                      Filesize

                                                                                                                      114B

                                                                                                                      MD5

                                                                                                                      e6cd92ad3b3ab9cb3d325f3c4b7559aa

                                                                                                                      SHA1

                                                                                                                      0704d57b52cf55674524a5278ed4f7ba1e19ca0c

                                                                                                                      SHA256

                                                                                                                      63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

                                                                                                                      SHA512

                                                                                                                      172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1504483997\manifest.json

                                                                                                                      Filesize

                                                                                                                      176B

                                                                                                                      MD5

                                                                                                                      778202dc964e7fb0ab5bed004f33fb14

                                                                                                                      SHA1

                                                                                                                      932ed013275e2c1172575885246c937c7cca87af

                                                                                                                      SHA256

                                                                                                                      4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9

                                                                                                                      SHA512

                                                                                                                      9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1547434563\manifest.json

                                                                                                                      Filesize

                                                                                                                      69B

                                                                                                                      MD5

                                                                                                                      b721bdf2924d658186ac8868dbd2c008

                                                                                                                      SHA1

                                                                                                                      914aacc65bb7933bd73aa06f8bd2ca0b04de3858

                                                                                                                      SHA256

                                                                                                                      dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3

                                                                                                                      SHA512

                                                                                                                      4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1597280079\manifest.json

                                                                                                                      Filesize

                                                                                                                      160B

                                                                                                                      MD5

                                                                                                                      a24a1941bbb8d90784f5ef76712002f5

                                                                                                                      SHA1

                                                                                                                      5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

                                                                                                                      SHA256

                                                                                                                      2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

                                                                                                                      SHA512

                                                                                                                      fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1608048824\manifest.json

                                                                                                                      Filesize

                                                                                                                      72B

                                                                                                                      MD5

                                                                                                                      a30b19bb414d78fff00fc7855d6ed5fd

                                                                                                                      SHA1

                                                                                                                      2a6408f2829e964c578751bf29ec4f702412c11e

                                                                                                                      SHA256

                                                                                                                      9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

                                                                                                                      SHA512

                                                                                                                      66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_174571227\manifest.json

                                                                                                                      Filesize

                                                                                                                      85B

                                                                                                                      MD5

                                                                                                                      c3419069a1c30140b77045aba38f12cf

                                                                                                                      SHA1

                                                                                                                      11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                                      SHA256

                                                                                                                      db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                                      SHA512

                                                                                                                      c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_1796636239\manifest.json

                                                                                                                      Filesize

                                                                                                                      141B

                                                                                                                      MD5

                                                                                                                      811f0436837c701dc1cea3d6292b3922

                                                                                                                      SHA1

                                                                                                                      4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

                                                                                                                      SHA256

                                                                                                                      dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

                                                                                                                      SHA512

                                                                                                                      21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_2109732011\manifest.json

                                                                                                                      Filesize

                                                                                                                      102B

                                                                                                                      MD5

                                                                                                                      a64e2a4236e705215a3fd5cb2697a71f

                                                                                                                      SHA1

                                                                                                                      1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

                                                                                                                      SHA256

                                                                                                                      014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

                                                                                                                      SHA512

                                                                                                                      75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_244625827\manifest.json

                                                                                                                      Filesize

                                                                                                                      119B

                                                                                                                      MD5

                                                                                                                      4e81f856241f98ee1d9f66c50d82be04

                                                                                                                      SHA1

                                                                                                                      35baa5754a213e3238d8827cf1bea868f9e8187c

                                                                                                                      SHA256

                                                                                                                      3cd3e4d5f61b46b8ce46662b10c6ba8fe34ac8e103e15f672fa7fb222b8416aa

                                                                                                                      SHA512

                                                                                                                      70643b61d2c7769af52a34c2d87f6230cb61985decb865ecf376855b3f1888fdf3aa477573f647e2e09c09ebf036a711b5a57f333f0285d05eae5972c7d31afe

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_525483962\manifest.json

                                                                                                                      Filesize

                                                                                                                      43B

                                                                                                                      MD5

                                                                                                                      af3a9104ca46f35bb5f6123d89c25966

                                                                                                                      SHA1

                                                                                                                      1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                      SHA256

                                                                                                                      81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                      SHA512

                                                                                                                      6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_893995099\manifest.json

                                                                                                                      Filesize

                                                                                                                      238B

                                                                                                                      MD5

                                                                                                                      15b69964f6f79654cbf54953aad0513f

                                                                                                                      SHA1

                                                                                                                      013fb9737790b034195cdeddaa620049484c53a7

                                                                                                                      SHA256

                                                                                                                      1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

                                                                                                                      SHA512

                                                                                                                      7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_906444570\manifest.json

                                                                                                                      Filesize

                                                                                                                      76B

                                                                                                                      MD5

                                                                                                                      ba25fcf816a017558d3434583e9746b8

                                                                                                                      SHA1

                                                                                                                      be05c87f7adf6b21273a4e94b3592618b6a4a624

                                                                                                                      SHA256

                                                                                                                      0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                                                                                                      SHA512

                                                                                                                      3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_92637651\LICENSE

                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                      SHA1

                                                                                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                      SHA256

                                                                                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                      SHA512

                                                                                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_92637651\manifest.json

                                                                                                                      Filesize

                                                                                                                      79B

                                                                                                                      MD5

                                                                                                                      1e4863a0e65ebd37d7380eb076faaa98

                                                                                                                      SHA1

                                                                                                                      188a4b0fa0325ec6e443ee404d7c20c6359c1369

                                                                                                                      SHA256

                                                                                                                      59a0dcc38387be711ddbabf66e60bbf6bdcff991742228850eac5506350c09f1

                                                                                                                      SHA512

                                                                                                                      25cb519ac13b29029cf5750f4c425e1903afe5b17f2ef2bebb585161b5d5722279efc6ef22663401b3df7bb11452e89226a9f3d8a84bac374eef7099a967fd3e

                                                                                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4556_96295886\manifest.json

                                                                                                                      Filesize

                                                                                                                      53B

                                                                                                                      MD5

                                                                                                                      22b68a088a69906d96dc6d47246880d2

                                                                                                                      SHA1

                                                                                                                      06491f3fd9c4903ac64980f8d655b79082545f82

                                                                                                                      SHA256

                                                                                                                      94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

                                                                                                                      SHA512

                                                                                                                      8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

                                                                                                                      Filesize

                                                                                                                      105KB

                                                                                                                      MD5

                                                                                                                      6b75d9bb2c81bcca8182bd8251593e50

                                                                                                                      SHA1

                                                                                                                      3e330ed26fd626ee18e992dd50b698375afe1a1e

                                                                                                                      SHA256

                                                                                                                      7f4ee78a24e42c7c3291be9948dd6c8bb66948a9e40a705320162c6975f6dd4a

                                                                                                                      SHA512

                                                                                                                      f83bdb8cb01f064b7e13a42e563c9bd70fcb952fb3f7c0a4b9dcc8d6f1da395198e5d7482e9a848427dac93061a2d97985b94f59fadb92a739d23d33f7e83186

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      f9fd82b572ef4ce41a3d1075acc52d22

                                                                                                                      SHA1

                                                                                                                      fdded5eef95391be440cc15f84ded0480c0141e3

                                                                                                                      SHA256

                                                                                                                      5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

                                                                                                                      SHA512

                                                                                                                      17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\autofill_bypass_cache_forms.json

                                                                                                                      Filesize

                                                                                                                      175B

                                                                                                                      MD5

                                                                                                                      8060c129d08468ed3f3f3d09f13540ce

                                                                                                                      SHA1

                                                                                                                      f979419a76d5abfc89007d91f35412420aeae611

                                                                                                                      SHA256

                                                                                                                      b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                                                                                      SHA512

                                                                                                                      99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\edge_autofill_global_block_list.json

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      83fa257627cb07f25d59201b73b39c90

                                                                                                                      SHA1

                                                                                                                      4f0997b451e4c4a3b4d6b6641eb9ae27ef2b2e3d

                                                                                                                      SHA256

                                                                                                                      dfe5c91426765e7cbd52598f2de41e5196cde1242dd941a824419ec94224a135

                                                                                                                      SHA512

                                                                                                                      bc7258fb88aa77a36f2145402b3fefbabf3e21473294f1227b0cd7f3a75ee9f1e77bd30e3d5df740340a7f66d25d5637c6299d3cd3c50181bf5beac4f6fb33e8

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\v1FieldTypes.json

                                                                                                                      Filesize

                                                                                                                      509KB

                                                                                                                      MD5

                                                                                                                      c1a0d30e5eebef19db1b7e68fc79d2be

                                                                                                                      SHA1

                                                                                                                      de4ccb9e7ea5850363d0e7124c01da766425039c

                                                                                                                      SHA256

                                                                                                                      f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                                                                                      SHA512

                                                                                                                      f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

                                                                                                                      Filesize

                                                                                                                      21KB

                                                                                                                      MD5

                                                                                                                      846feb52bd6829102a780ec0da74ab04

                                                                                                                      SHA1

                                                                                                                      dd98409b49f0cd1f9d0028962d7276860579fb54

                                                                                                                      SHA256

                                                                                                                      124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

                                                                                                                      SHA512

                                                                                                                      c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      3913928d36a204b8c7a09f9664615308

                                                                                                                      SHA1

                                                                                                                      6f5a2afcf7d4f9ba5d201c4575ee7ea5cbc904bc

                                                                                                                      SHA256

                                                                                                                      5cd63a20006de4c006a47a6b3a922a53b15bda4fbfd14e77b8a5416583c8f9b9

                                                                                                                      SHA512

                                                                                                                      25f2410c171fb2c64bd4a3706a3a3b5de6f694cbebe555cc223996fd3a16d346737594d4cc09a737484d8a5e3a0ea33e0705ac60481b51857bdb3127a7996145

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      6eac9d05429a9358b608d44d94784e10

                                                                                                                      SHA1

                                                                                                                      73395ed98fee0a7a2f8585c37a8811bd8837585d

                                                                                                                      SHA256

                                                                                                                      0bf0ae5a65a11d2714b2ac12a424cd38ed0a8b7e7530ec59362786b1a832eb60

                                                                                                                      SHA512

                                                                                                                      235731c2c6a85f6ada201f4e4c061ce7db201a2e82c04334a5bfcbfdba60f9ac1b99a06e9ac1e9bbea1651b16747fa4e44f68f6882a960671b6b613f51213c18

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51c4ef2d-3e22-42ef-9afc-9e075bf5f8a8.tmp

                                                                                                                      Filesize

                                                                                                                      69KB

                                                                                                                      MD5

                                                                                                                      164a788f50529fc93a6077e50675c617

                                                                                                                      SHA1

                                                                                                                      c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                      SHA256

                                                                                                                      b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                      SHA512

                                                                                                                      ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

                                                                                                                      Filesize

                                                                                                                      564B

                                                                                                                      MD5

                                                                                                                      ba4d7a4ada361bb1533021c2a9989cc8

                                                                                                                      SHA1

                                                                                                                      acd98d4e1cc8b7584d3de1340db24f7ad6e7931c

                                                                                                                      SHA256

                                                                                                                      53d809d24e43b1b97795a101477317ed5f4f811219e564fa907c6b4e677c6b6b

                                                                                                                      SHA512

                                                                                                                      ab5b2bfcc957609d0c65e41bfa7389c9ea03b380125597906369fdaa425fbe36d3da04de0a7bbccff78e59122f7bbe62baefbcdb3dae73d461b0938b1a2ac177

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

                                                                                                                      Filesize

                                                                                                                      334B

                                                                                                                      MD5

                                                                                                                      aa8df1982a128fe26e08566e12c6f8ad

                                                                                                                      SHA1

                                                                                                                      b395683723bdbcd3b8124bac1cfe6467bb79bb94

                                                                                                                      SHA256

                                                                                                                      e5b037f0d87fb50f85a2005c63b8cc5cc064938ad5b8ebb32e4c0518949c590e

                                                                                                                      SHA512

                                                                                                                      7cb934153cbcdc3063e525a12f0af8c2b7c88a120a52551d4168842b850debed202cd256fa3bc629e9125416e97018b6790c2afcaee502aeb84f2f6d428848af

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                      Filesize

                                                                                                                      158B

                                                                                                                      MD5

                                                                                                                      2122468364ed197a55bcfae83d8cc540

                                                                                                                      SHA1

                                                                                                                      61661bc860e0da422bf4c2bd5d059ef9224ed88b

                                                                                                                      SHA256

                                                                                                                      5cf9cc0abff33ba3a12ba7c88deefd01c20018f0f816bc4dd19a28dc93f2af42

                                                                                                                      SHA512

                                                                                                                      7f3453076e487c94d86b9eb26eceacf0c40eef4e7b76ae694cb05afe5378014896880f37d467a7d7a63d7c138315ca5aad41df215cd5c7a8b962cb121c5b5d18

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      5KB

                                                                                                                      MD5

                                                                                                                      498c41ed408cfbb3d7233657c1a07304

                                                                                                                      SHA1

                                                                                                                      6e4ff71938869f6b3c128b38fc6cec863c630843

                                                                                                                      SHA256

                                                                                                                      a59d738e606d366741463920703e8c65ccc3be32737725af0b91ef6889359f98

                                                                                                                      SHA512

                                                                                                                      b9dc8bcabd8433ee633c45fe335b6b2f5b0f480ccdbf7822547ff5e4fb7fbdd9d0323e17efb4aa6fa7755e8e58b36384833a0bfb409308ce30c9c30dca51ee4f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ce6c.TMP

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      ca56b6cd163e1fe8249c2173ad14f790

                                                                                                                      SHA1

                                                                                                                      55ad032ec6f74c35f191fd2409629980386a4420

                                                                                                                      SHA256

                                                                                                                      a8e5fda73ebfeeba0d4d81f5494ef8cfd925f55cd2563f3d4813b8c3462c3a2f

                                                                                                                      SHA512

                                                                                                                      b523ecdbafe7b909c18640d1efef586622d80fbacc6ae87379f06d717de8b4f53342e3410641dfc446b209d1a16def95920102b90c4ff0b070e87a9835b67199

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                      SHA1

                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                      SHA256

                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                      SHA512

                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

                                                                                                                      Filesize

                                                                                                                      9KB

                                                                                                                      MD5

                                                                                                                      3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                      SHA1

                                                                                                                      3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                      SHA256

                                                                                                                      0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                      SHA512

                                                                                                                      315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                                      Filesize

                                                                                                                      108KB

                                                                                                                      MD5

                                                                                                                      06d55006c2dec078a94558b85ae01aef

                                                                                                                      SHA1

                                                                                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                                      SHA256

                                                                                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                                      SHA512

                                                                                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      769690f2ff44eeb44bb33f9f54b5eef5

                                                                                                                      SHA1

                                                                                                                      bbe65c45c1639cae565bdc2463ce41b95016696e

                                                                                                                      SHA256

                                                                                                                      fcd208fce8f3f92e7ade9907911e026ee789d90c46e2646f6a9ede7477a897fa

                                                                                                                      SHA512

                                                                                                                      abb93cd48af34e408b620a4c6039f8dcb5debd612151a918d1b61cfdb07789c5f7f03ed17d61e80613c5f7ed2ec350e5a2b03eda3888ebb740e4ad69d20c2865

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      111B

                                                                                                                      MD5

                                                                                                                      285252a2f6327d41eab203dc2f402c67

                                                                                                                      SHA1

                                                                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                      SHA256

                                                                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                      SHA512

                                                                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      d92d8d1080ceeb9977b4073bb41caad3

                                                                                                                      SHA1

                                                                                                                      2567bffaaba9357fe382b36cf3b9387bd244fcf1

                                                                                                                      SHA256

                                                                                                                      8e03d80f70c36341cf22f94707f6d0fd13ee29a93c56519aecf72022352e6ef8

                                                                                                                      SHA512

                                                                                                                      c7aceba7d8f567a31d8b319e7bd53690dbeca86068273c33cd7c9215268f483aa1b1439f9a92bf9ca94805cc47075a70829fa84383947a4638a957fdb0d481b3

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      15f73e91478c3fcba55715395c5931e4

                                                                                                                      SHA1

                                                                                                                      4dd10de3f1d84dffe08b8806c430c43be6b0353f

                                                                                                                      SHA256

                                                                                                                      9287bdc27cd9304c716fc30e1540423e2efb756d1380b0f7999891bb7061ea87

                                                                                                                      SHA512

                                                                                                                      5ca08c9620cd3a406f7ba01c379aeab592691ebfe6524dd28fa2019db3bc77316b2361d0e2aef64e600f34b62fe47c58607915561bcae06258d5b0c75276e951

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      20284f361869c099fe856091e496e3eb

                                                                                                                      SHA1

                                                                                                                      c99b9ce43f794d48c2dffafb13adc34145ededa4

                                                                                                                      SHA256

                                                                                                                      c8fcaca47f9e059265d6fcaede05ca28333ff9d23ee7166aeb0f128797f869de

                                                                                                                      SHA512

                                                                                                                      a23cf0484e752b59e57620cf98eb95b7227e2298fd71caa389948b125c808caac2415a7e3d2ab2781e98be0fd855136e7f4dfab758e55910454fec235b06f7de

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                      SHA1

                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                      SHA256

                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                      SHA512

                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      15KB

                                                                                                                      MD5

                                                                                                                      bdb7961411cca0201faa120ddb333e4f

                                                                                                                      SHA1

                                                                                                                      a2dfd90b9be2fdc4757d560fc6083ad8bba47dff

                                                                                                                      SHA256

                                                                                                                      4bb847825f56986aeeb5de7963460bbe988cd8538328bd91a53dfbaff136051b

                                                                                                                      SHA512

                                                                                                                      0d410ab870626942143917367c2e37df8525875bed1e693810bb223de5814c222b8955f00f8985200207cf7daf1a28949f50bb4cd2b0566495e69d993ff6dcf0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      14KB

                                                                                                                      MD5

                                                                                                                      8d3d4cca3d629e03edc87d2a97c016a1

                                                                                                                      SHA1

                                                                                                                      58a67b2bf374a1a1c911f53407b86a3765a6a984

                                                                                                                      SHA256

                                                                                                                      d8336c2b6c6c80d29b0b83af2d9153a66bb849bc6e763d3da8e44d92f8a5a58c

                                                                                                                      SHA512

                                                                                                                      756075c32eca244ebf70f72e37aaa7ecbfb59043462385531a6c22560dcfa0914797810e6a139d8835e9e5807a0e03e9a58b9dc9947e01ee1b837a8889adcc0d

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      15KB

                                                                                                                      MD5

                                                                                                                      0b23c4e780b9935b2826bb1ef2b97c44

                                                                                                                      SHA1

                                                                                                                      ad862fb947a72511d04f0ef4eeb8e66581232535

                                                                                                                      SHA256

                                                                                                                      99d0ef2adaa1e98b2d8b3e5bf1c8e238bd222ca9521d4c5ab3e8862864ef78e1

                                                                                                                      SHA512

                                                                                                                      6a2597bee855b4ca9f9e25fa97a44543b9004cb689422d6174d7a4bb3cdbfa09ea8a07338fe3080f76dc0d37056759183d9772a4793d0f736c9c0dc0964b7be0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      15KB

                                                                                                                      MD5

                                                                                                                      9da75efee76668841240f8f721407431

                                                                                                                      SHA1

                                                                                                                      2ceff02ff5c27757b220cff81ccb2374a5a0ada0

                                                                                                                      SHA256

                                                                                                                      afed120fcefa58a6bbc1eadb789a037147a6498c89b6bcd06394f1922b7e8d9e

                                                                                                                      SHA512

                                                                                                                      60774feb152a16f931c0225327881a571ff601b099c6b920466e0244bb33e70edbbb6ac550e5422d20199d0d0e09e5e2f05cd8f5d42b8821b7b249eb9b203e37

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                      Filesize

                                                                                                                      36KB

                                                                                                                      MD5

                                                                                                                      fb41089b40861689450159ac8903fcd1

                                                                                                                      SHA1

                                                                                                                      d045e9c7d6138e15d0570c6163cfd752d14f7c7d

                                                                                                                      SHA256

                                                                                                                      0cb25cac1f51ea562d60ecea83631db26439ad2db8c31e19bfad84835dd3b084

                                                                                                                      SHA512

                                                                                                                      9fa997405110f8d2738fe5eb7927ab67b411852c53b605ee495b07dfb6c7f993b1e7fcaba5d94c34dea0b53afef6bb8f1b3cf83c7cbbfa096a45789e840ff0d5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\863b841d-5c10-44d3-99ed-2b9af6f19ec0\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      9b1f73793012d386bde650359b7083a4

                                                                                                                      SHA1

                                                                                                                      9229cdc33dd542b2a09999d3cf0981a9b40e04d7

                                                                                                                      SHA256

                                                                                                                      0ea172623adfb4327e132df78f17f8b4e5e1fe683d819ff8a776a8e1fbbfc0c9

                                                                                                                      SHA512

                                                                                                                      110a40e020c89bf81663347d7ea91dba0c97704021084208eb1792d934e78213f0b5443542ef802ad786c4ea3c2afe4b3bb1fa8e081fcc1d14065dd2fdc089aa

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\863b841d-5c10-44d3-99ed-2b9af6f19ec0\index-dir\the-real-index~RFe5c10b1.TMP

                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      1b978dd220b78c04f8004a0971d45f8a

                                                                                                                      SHA1

                                                                                                                      a093a4988079a5116180e6a055e16eecca742b4d

                                                                                                                      SHA256

                                                                                                                      805d01a9e32072b32d6f84d6e3477f33d1f10d652e627ae2ba7caa4758a9d36b

                                                                                                                      SHA512

                                                                                                                      844367f341cc02df333df585a95df58ba4abd625fad805a03aad7cc546c81f403d55d7a5d5b8a86a42c1be733f5bcc115e86a7c9354bd2f18befe92044856676

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

                                                                                                                      Filesize

                                                                                                                      253B

                                                                                                                      MD5

                                                                                                                      c72673ea38c452b02882dec80ce24d71

                                                                                                                      SHA1

                                                                                                                      80492cbf6552c70cc9b3d69aa14f858ec5c7b229

                                                                                                                      SHA256

                                                                                                                      ee74fd6a4c10ea6a3829ec5fbed1774d6ab290e73139be65569c94b6c2c24d99

                                                                                                                      SHA512

                                                                                                                      96f12a40de33deb1c12ecb7a347cd173cbf22c168fd3b628f2bf9e106ce334cf5bdee18db2451d7ce6d5acdca5c19245f898146e18a633e1c58a8403f3ac6082

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      d16c760a11e6d783e73d89df7769c70d

                                                                                                                      SHA1

                                                                                                                      802ae69bae5f7f20ed38ab29e31ffb392f5e8307

                                                                                                                      SHA256

                                                                                                                      2a6b31368c2809fc8bc283974a25fcc336f45c2560ea4849b708598dad01db99

                                                                                                                      SHA512

                                                                                                                      68d3d35e05c0c4e9305496983e7cf16e728d847473bb9ff350455b6076d4e9ecee466d7337db741f1e9e3696edcebaa98be9b506c2ba3967c2ff80440f19c12c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

                                                                                                                      Filesize

                                                                                                                      113KB

                                                                                                                      MD5

                                                                                                                      60beb7140ed66301648ef420cbaad02d

                                                                                                                      SHA1

                                                                                                                      7fac669b6758bb7b8e96e92a53569cf4360ab1aa

                                                                                                                      SHA256

                                                                                                                      95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

                                                                                                                      SHA512

                                                                                                                      6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      23KB

                                                                                                                      MD5

                                                                                                                      ae4e4862e9ade9abcdb81c55c093e5a2

                                                                                                                      SHA1

                                                                                                                      59112e9ee744258e4289412d02d738348f714cd6

                                                                                                                      SHA256

                                                                                                                      2a88435e1f886dca0998330906c50e46eabbd1a20146d721c085bacce8a13b6d

                                                                                                                      SHA512

                                                                                                                      efc8304be62c06ccbcf8511a8b9e627e455408a625cfc4bfa2fbc2bd22345090f833d81e6232366a613b753d0313775ff3daae1a9844664cea6d1541dfd23973

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      880B

                                                                                                                      MD5

                                                                                                                      e48aa395acd2cc0a3b8e9ee042df101a

                                                                                                                      SHA1

                                                                                                                      f27f69780466401af1c2cf2a928ed2a778a9c506

                                                                                                                      SHA256

                                                                                                                      53f3807b76fe21d693e64e804be2d6b7d6c2b9ea54c6fa74535fd0eea007252e

                                                                                                                      SHA512

                                                                                                                      8d776d2203c617f775c586683dd8ec6962f874991154a1c9b4aad955aa6f99db9145e9419ea21f928f59f65d062b6c2767f21f5e8bfeb70c1d20112fd3e8f3ff

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585ea5.TMP

                                                                                                                      Filesize

                                                                                                                      469B

                                                                                                                      MD5

                                                                                                                      459ab6e61abb1b8d1794facfb685a08f

                                                                                                                      SHA1

                                                                                                                      8ece09401deed2929312303466446eedd44e1af5

                                                                                                                      SHA256

                                                                                                                      a4f0392ecb70d7516f027014607d6a6be916346d16ad76b7ff4d677404524af7

                                                                                                                      SHA512

                                                                                                                      ff5c9c52569c2d2b8ba92694a1604ea141df3b2dd0e4724117e68b12e5e30df87006604752846d745f09f05fe93eaa1ed3ccebc37274387730bf1ba7359f1bb9

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      3bca8411b45106afaa963d562c371631

                                                                                                                      SHA1

                                                                                                                      78857d33a65e7061ca18a3540c304f01e7e85325

                                                                                                                      SHA256

                                                                                                                      4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7

                                                                                                                      SHA512

                                                                                                                      a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe586099.TMP

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      22ed3cc04fcc2e66b81335c4395971fd

                                                                                                                      SHA1

                                                                                                                      12ef48d70ec6f360644d2573dde99756f6ac05fb

                                                                                                                      SHA256

                                                                                                                      27bffcff6642dfcb87ac33eea61059552bc35ccd3c0d9f4da550398351836df9

                                                                                                                      SHA512

                                                                                                                      9219928d246a8aa761ee289b0baacc7214b028976b1b890c7f1df38ecac61cb3a90e8af1b3861929155d07af304d58ae8f7304466769669a7cd40c55ae61cf40

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      94406cdd51b55c0f006cfea05745effb

                                                                                                                      SHA1

                                                                                                                      a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

                                                                                                                      SHA256

                                                                                                                      8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

                                                                                                                      SHA512

                                                                                                                      d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      9cb7d2fcafaa09c5c2cf9f4b5d362b7c

                                                                                                                      SHA1

                                                                                                                      4cdf7f2d45ef507a017c1779df3e6b73fa21ea13

                                                                                                                      SHA256

                                                                                                                      62cf27c1e5bde558d0aed851ddf990854b903b2633b22797d050cd2ed691b88c

                                                                                                                      SHA512

                                                                                                                      55422aa3d1cf5cbc77a2569f0eff797a86ff4b24d059572edd251b2ca2c8455122cb88b330d8a271673f76225597a5d59358b3642d19f70e4804ed81fe61636c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      29KB

                                                                                                                      MD5

                                                                                                                      e28e45ba6b982516114f92d9f1a68e95

                                                                                                                      SHA1

                                                                                                                      499ba2df443c6819ca95b882f3a8f8693cea9d4e

                                                                                                                      SHA256

                                                                                                                      623405861625c0793faf7fe2297403a5b72c181a7aaea75c33bc66d645995e17

                                                                                                                      SHA512

                                                                                                                      3cc16742b21accede498de01e27ab7f5448908fa1e76bfb603b352eb92751d17758a9afc61706f1fc42a19f89afda092c65e854cbeb1d0df9fed5e1a3d63182b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      5b6af3a2ff2252fcc9a5030a8274908d

                                                                                                                      SHA1

                                                                                                                      f125a9bbfd7055726e60f2c465b365583c29e0d7

                                                                                                                      SHA256

                                                                                                                      b0adb0273dd47a0fceaeefd5e192a945faf1b06116ea2115b96b48be77d4e7ca

                                                                                                                      SHA512

                                                                                                                      8dfa23bc9a8ccaa6d3e7a052767b4f3eaad09e30ebabef58f296d541122d4a466af487c62bcf7e40e1665585da1583c48cf2eb8f0a03125196625cd6ff743f19

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      38KB

                                                                                                                      MD5

                                                                                                                      365f4f4cee81c906ccb3e1a2724a40d7

                                                                                                                      SHA1

                                                                                                                      2c2e7a6bea77129ae2a938625a0f083d3847d1c3

                                                                                                                      SHA256

                                                                                                                      0706c1f79dee28bf58eaa3a4f338379ced3e87971f07e53982d3b15a9f11abff

                                                                                                                      SHA512

                                                                                                                      a4dda3825c79846aee53ce65405ec99fd182b37f6317060bd4ba653e20ab42c06672f19e5bc7741a377f083b7883459653ddfefdeec723be971c8c9bff9a850c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      33KB

                                                                                                                      MD5

                                                                                                                      cd267ebf766dca408012a5bf6b674090

                                                                                                                      SHA1

                                                                                                                      35b0ecccd97063851e7ebdaa3b99474c40546ead

                                                                                                                      SHA256

                                                                                                                      8ab58e34a4b5eaaecf33490d4605e372a9f6488108e5a9abb5d6e6109ecaa12d

                                                                                                                      SHA512

                                                                                                                      480f7b9a28b772431ad95272aff93c8c116f2138be200c1a1b040cbe978690064767eabce54db72a1b9207faab79658f7a1ddd53d7f189aaf5a967f43c0da311

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

                                                                                                                      Filesize

                                                                                                                      289KB

                                                                                                                      MD5

                                                                                                                      2b59269e7efdd95ba14eeb780dfb98c2

                                                                                                                      SHA1

                                                                                                                      b3f84cbc37a79eeecb8f1f39b615577d78600096

                                                                                                                      SHA256

                                                                                                                      ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

                                                                                                                      SHA512

                                                                                                                      e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

                                                                                                                      Filesize

                                                                                                                      8KB

                                                                                                                      MD5

                                                                                                                      811b65320a82ebd6686fabf4bb1cb81a

                                                                                                                      SHA1

                                                                                                                      c660d448114043babec5d1c9c2584df6fab7f69b

                                                                                                                      SHA256

                                                                                                                      52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

                                                                                                                      SHA512

                                                                                                                      33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

                                                                                                                      Filesize

                                                                                                                      11KB

                                                                                                                      MD5

                                                                                                                      0779206f78d8b0d540445a10cb51670c

                                                                                                                      SHA1

                                                                                                                      67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

                                                                                                                      SHA256

                                                                                                                      bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

                                                                                                                      SHA512

                                                                                                                      4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

                                                                                                                      Filesize

                                                                                                                      163KB

                                                                                                                      MD5

                                                                                                                      bd6846ffa7f4cf897b5323e4a5dcd551

                                                                                                                      SHA1

                                                                                                                      a6596cdc8de199492791faa39ce6096cf39295cd

                                                                                                                      SHA256

                                                                                                                      854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

                                                                                                                      SHA512

                                                                                                                      aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      17c10dbe88d84b9309e6d151923ce116

                                                                                                                      SHA1

                                                                                                                      9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

                                                                                                                      SHA256

                                                                                                                      3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

                                                                                                                      SHA512

                                                                                                                      ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.12.1\keys.json

                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      64fed585299e7c59db8b9788c52eb70d

                                                                                                                      SHA1

                                                                                                                      07f2f8e66d430f622be5213727ddf0a1ce11b970

                                                                                                                      SHA256

                                                                                                                      cf5893af6b95eb65ecc00946f63dd0e6c388d0542b90d5301bc87fd4de0f840b

                                                                                                                      SHA512

                                                                                                                      1369354b47d2fb6e3e8f88f156903045e96329ebe6f87f1983efee8d335bf44fbccaac391f6416cb73b4af0f66d9474953e69887cbc030b2dd7771c32701f8da

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

                                                                                                                      Filesize

                                                                                                                      572KB

                                                                                                                      MD5

                                                                                                                      f5f5b37fd514776f455864502c852773

                                                                                                                      SHA1

                                                                                                                      8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

                                                                                                                      SHA256

                                                                                                                      2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

                                                                                                                      SHA512

                                                                                                                      b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      d420a1411410bea637edc21d3e583e97

                                                                                                                      SHA1

                                                                                                                      cc3cc7c6472f75a8005f4b4a11eeb38d90dfccee

                                                                                                                      SHA256

                                                                                                                      3180adef4b17e6482eb5d9f6cf52ef56d837e7560e6bd74ccfb57a4f13658887

                                                                                                                      SHA512

                                                                                                                      d814d5d0e45fb64207f33a9752f98ab35734579b0b67f155e8fdfc3464f276e6a9cc0d1a207d02a470e5d9a7226e177038d9560a4ec43a679db505009e67d635

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\185bd8a0-0240-40b9-a3b1-c55db6387845.tmp

                                                                                                                      Filesize

                                                                                                                      10KB

                                                                                                                      MD5

                                                                                                                      78e47dda17341bed7be45dccfd89ac87

                                                                                                                      SHA1

                                                                                                                      1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                                      SHA256

                                                                                                                      67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                                      SHA512

                                                                                                                      9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1bac9d49-9467-4aff-8c3d-32b80e33307b.tmp

                                                                                                                      Filesize

                                                                                                                      1B

                                                                                                                      MD5

                                                                                                                      5058f1af8388633f609cadb75a75dc9d

                                                                                                                      SHA1

                                                                                                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                      SHA256

                                                                                                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                      SHA512

                                                                                                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir4556_314652710\860f4435-556b-412e-9e18-faa77906728a.tmp

                                                                                                                      Filesize

                                                                                                                      153KB

                                                                                                                      MD5

                                                                                                                      b0917d8e6c5b6be358bff67f84eb8336

                                                                                                                      SHA1

                                                                                                                      a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

                                                                                                                      SHA256

                                                                                                                      dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

                                                                                                                      SHA512

                                                                                                                      cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

                                                                                                                    • C:\Users\Admin\Downloads\Wannacry.exe.crdownload

                                                                                                                      Filesize

                                                                                                                      3.4MB

                                                                                                                      MD5

                                                                                                                      84c82835a5d21bbcf75a61706d8ab549

                                                                                                                      SHA1

                                                                                                                      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                                      SHA256

                                                                                                                      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                                      SHA512

                                                                                                                      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244