Automated Malware Analysis Management Report for {89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Sample name:	{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Analysis ID:	1541127
MD5:	2d3c508321b32b43ee4192d54bc0ed15
SHA1:	e60a6dc0e6374c5adffce59e1b34635769e39767
SHA256:	96003b2bc14e105d7649310c9f5f0cb1b71c809a17b07a6456be4e4841cba187
Infos:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Maps a DLL or memory area into another process

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

Potential browser exploit detected (process start blacklist hit)

Sigma detected: Use Short Name Path in Command Line

Classification

Signatures

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:60213 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.246.57 13.107.246.57
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.114.95
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.57
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.182
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730374811&P2=404&P3=2&P4=eyEJMar66EjaXc1c2IncUP9ze73ukP9o%2fV0XCTSV%2foCCD6NGtFh0LNITjmaYIDF19tiwKN%2bYOzX5ESmgnNrXsA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: ALZO8dbXCPrwsCnxqsS2LgSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: msapplication.xml1.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x8e1a23a1,0x01db2609</date><accdate>0x8e1c98b9,0x01db2609</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8e23ba83,0x01db2609</date><accdate>0x8e2603e1,0x01db2609</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x8e28755b,0x01db2609</date><accdate>0x8e29b5d8,0x01db2609</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 200.163.202.172.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ar.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ar.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://au.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://au.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://br.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://br.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ca.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ca.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://cf.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://cl.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://cl.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://co.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://co.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://de.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://de.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://es.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://es.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://espanol.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://espanol.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://fr.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://fr.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://hk.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://hk.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://id.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://id.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://in.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://it.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://kr.search.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&fr=yie8ms&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://kr.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://kr.searchcenter.yahoo.com/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://livesearch.msn.co.kr/
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://malaysia.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://mx.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://nz.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://nz.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://pe.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://pe.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ph.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://qc.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://qc.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ru.search.yahoo.com
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.cn.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sg.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://th.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://tw.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://uk.search.yahoo.com/search?p=
Source: KnoC6F0.tmp.1.dr, known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ve.search.yahoo.com/
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://ve.search.yahoo.com/search?p=
Source: known_providers_download_v1[1].xml.1.dr	String found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.1.dr	String found in binary or memory: http://www.youtube.com/
Source: Network Persistent State0.8.dr, 91c92e27-0daa-4221-ae09-6c06441a1433.tmp.9.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.8.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.8.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: fc04b53c-54ca-4b24-a922-9aadf29d9a5d.tmp.9.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.8.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: fc04b53c-54ca-4b24-a922-9aadf29d9a5d.tmp.9.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json.8.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.8.dr	String found in binary or memory: https://drive.google.com/
Source: 000003.log7.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: content_new.js.8.dr, content.js.8.dr	String found in binary or memory: https://www.google.com/chrome
Source: fc04b53c-54ca-4b24-a922-9aadf29d9a5d.tmp.9.dr	String found in binary or memory: https://www.googleapis.com
Source: Top Sites.8.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.8.dr	String found in binary or memory: https://www.office.com/Office

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60215
Source: unknown	Network traffic detected: HTTP traffic on port 60216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 60215 -> 443

Source: classification engine

Classification label: sus22.evad.winXML@57/314@10/6

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF94EA510BB99C4B82.TMP

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Login Data.8.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2148,i,17130950267540690854,13973253162782942083,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5868 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2092,i,1275717734434222331,13943601166396774442,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2176,i,13810906325023881848,113091338376837868,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2148,i,17130950267540690854,13973253162782942083,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5868 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=2620,i,4059753573926837572,7725692899582869137,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2092,i,1275717734434222331,13943601166396774442,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2176,i,13810906325023881848,113091338376837868,262144 /prefetch:3

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: appvisvsubsystems32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: c2r32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: ie_to_edge_stub.exe, 00000003.00000002.1756574524.000002A803C13000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1044c			Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.114.95	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.218.232.182	unknown	United States	24835	RAYA-ASEG	false

Domain

Country

Flag

ASN

ASN Name

Malicious

13.107.246.57

unknown

United States

8068

MICROSOFT-CORP-MSN-AS-BLOCKUS

false

216.58.206.65

googlehosted.l.googleusercontent.com

United States

15169

GOOGLEUS

false

142.250.114.95

unknown

United States

15169

GOOGLEUS

false

162.159.61.3

chrome.cloudflare-dns.com

United States

13335

CLOUDFLARENETUS

false

239.255.255.250

unknown

Reserved

unknown

false

23.218.232.182

unknown

United States

24835

RAYA-ASEG

false

Name	IP	Active
chrome.cloudflare-dns.com	162.159.61.3	true
googlehosted.l.googleusercontent.com	216.58.206.65	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
clients2.googleusercontent.com	unknown	unknown
198.187.3.20.in-addr.arpa	unknown	unknown
200.163.202.172.in-addr.arpa	unknown	unknown

Name

Active

chrome.cloudflare-dns.com

162.159.61.3

true

googlehosted.l.googleusercontent.com

216.58.206.65

true

sni1gl.wpc.nucdn.net

152.199.21.175

true

clients2.googleusercontent.com

unknown

198.187.3.20.in-addr.arpa

unknown

200.163.202.172.in-addr.arpa

unknown

Name	Malicious	Antivirus Detection	Reputation
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false		unknown

Name

Malicious

Antivirus Detection

Reputation

https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx

false

unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\017b284d-17a3-4626-99a4-38d66d64d7f8.tmp	JSON data	30E10C8B2CDDADB167C827E5C04E3A4C	EBF31B0C2DA17C993224F05B173F464093B3B272	F1C0A813FE209DF4634A3F6951FE8DE27CB9C1E1DB9E42582CC077B1D7B7F2D8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\05c08225-f68e-46f5-a0bb-e2c8363f3998.tmp	JSON data	D5AD3AEA7743D92659BA4CAF675F8BA2	E99D2F74AC4E35489763639B6DE78D2C536EBE7D	51E87F93B1128743B8E96FF0C60CF5D3C0398261A87E1626D1C905198401386B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0bfa69cb-79ae-400c-ac60-c550f1d28c4f.tmp	JSON data	B797AA00BA01955FDD88271EAA9DF05E	41CCD22BF21B659D4EA0EC14FDFCC1D0B8823157	DA9BD0BA5514D2C74D9FF16881126853609A7478722DEC0AA3C7D64E1898F320
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d88f16d-3ffe-4531-8299-5ba45816fedc.tmp	JSON data	C99F32A55685B9788C084D79CC78C28A	9F30D7809B3398151C0AE744FCA715F5E0A0039E	7389248D575B7EAFBFF79F3755849B37B41B59E0854A95F477FC4755FE8B1A9D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2f324793-a4f4-4649-8a90-9091bf8e849f.tmp	JSON data	566F1D0D6C67CB55FA9B42E30B5BD0E2	764B7B69256F92DDEA8E858E7FBD146B2686E1BA	280D6D75D2AD3839F000904C33F81F468567001A295E0513BD218ED474520BB4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4007b4cd-0a88-440e-83d0-8353dab4a06d.tmp	JSON data	C99F32A55685B9788C084D79CC78C28A	9F30D7809B3398151C0AE744FCA715F5E0A0039E	7389248D575B7EAFBFF79F3755849B37B41B59E0854A95F477FC4755FE8B1A9D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\57598b1d-ac24-4984-a574-7ec0d85fa5d3.tmp	JSON data	D5AD3AEA7743D92659BA4CAF675F8BA2	E99D2F74AC4E35489763639B6DE78D2C536EBE7D	51E87F93B1128743B8E96FF0C60CF5D3C0398261A87E1626D1C905198401386B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\862953a6-02a7-46e9-9f22-91859d1c17cd.tmp	JSON data	9C2893B69E16129AD1249B0A28884945	E24CC1BCC9F0D1E64F8FD6166C553890A220AB52	C54E2467379DAADD484DF202261E64D67413F900E20D81022810036EF298FE66
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\1ac46940-b78c-4400-9503-f7cb3ba58f2e.tmp	JSON data	19DB9AF7D3FDB56FDD8CB17DB154752C	FC38FEED3175DB5F9C8C17DA55B594B7875D0F92	9033818BAA03976518D89725A48837BDB1B8876927163DAE2ED48A2226AA6ABE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)	JSON data	19DB9AF7D3FDB56FDD8CB17DB154752C	FC38FEED3175DB5F9C8C17DA55B594B7875D0F92	9033818BAA03976518D89725A48837BDB1B8876927163DAE2ED48A2226AA6ABE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A3214-157C.pma	data	7C14DF4C200559E8F87A0FB267BA524E	78989525E55FC1E505B3EF4C16291B4FD223E193	714C0CCC0C3085ECBCDA7E0BE39F50C2E5D9CF5D8C98CC1D6947D067EAFD1606
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A3215-1CA8.pma	data	12A0C1CAB8062DFC604A02BA897B8507	655F31153EC4C37D689B0A536F61CCC16B082B96	3EFD65E311D608B7D4B584520C958FFCE76B3819F09EB6C61E151A241D74DCFD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A3229-205C.pma	data	A1FBC35BA71C9FB16C52355203B8307E	3D55825867CC1EAA4A0144706953E505713C51A5	4344DF4CE01A4F5CED7843469301D9E07B9E78987CBBE0D95CE2B70EA29F4B23
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A3231-1D00.pma	data	8FBA45EF7DF2F0931399F41F82611429	815F659391F9EFBA66F5B882D21A148297CD0DF8	DE057C9A0D19CA33A3E59AF3F2625E267A066D6F0DE2690E25B356C0BBD8F500
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma	data	CFAB81B800EDABACBF6CB61AA78D5258	2730D4DA1BE7238D701DC84EB708A064B8D1CF27	452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat	data	74B32A83C9311607EB525C6E23854EE0	C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2	06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35c28d2c-9d8b-4ee4-89b8-577652431996.tmp	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\45dea9a7-c02e-4625-a1d2-af3b73d2bcf9.tmp	JSON data	3029586C53494A3658D62673384123A6	75A552C88F65DBB500BD7E76FE73AD26F61B2570	1F5EA65A5E7C6A12772E0C1BA33F1EF19FDCE2FBF280840E5FC91079C799668B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4e07ada5-875f-48fe-918d-843b58e34c65.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\833d6eb3-21d3-406f-86b1-5113e6d4dd76.tmp	JSON data	F52CC97B8A4934191C578E01A3FC0830	FF7BCA7EFB14813658D7BD8CB6B229DDCFCDCE44	8988C897686D2EC4CA19C47A0ACFE0AD1B23EE0A96F911556C27A224C4C19ADC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log	data	974E8DADA04B9D3A8AF80E5EE643858D	3D5D1F2DCFFF378226045FD9C815524F888579E8	3C7B1737F70B918797678721EAE527AC8E79FA4D5FB7AA2695B8264F19504392
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG	ASCII text	DA0FD6E0514F1C1F988234E5B6C15D19	60B873F839EE113474A4EA63FC761CBD9B4F8D75	0766FC4F22F51D94F7DD0F136A77BDDF89DA767BD914690317F73D4C78BFDDDE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1	40B18EC43DB334E7B3F6295C7626F28D	0E46584B0E0A9703C6B2EC1D246F41E63AF2296F	85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	B9A40E435779B6AAE2C35C3D78EA95C5	7645FB3E14A07774C970998121239046D7DE10EE	75946BB8F9AC0DA7AA2CF5A3C4C1EC3E303DFB7EE17858DA79E158454331135C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log	data	F27314DD366903BBC6141EAE524B0FDE	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG	ASCII text	AAC9DE4D501575209923316B5F349CDC	1202CD9602142C4EC1EE81D2EC084C80B5AA26BE	8B45F097868B45C00BD260AF4117C23D974964084487C9769821631007F94DF6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14	CF7760533536E2AF66EA68BC3561B74D	E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD	E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5	D4971855DD087E30FC14DF1535B556B9	9E00DEFC7E54C75163273184837B9D0263AA528C	EC7414FF1DB052E8E0E359801F863969866F19228F3D5C64F632D991C923F0D2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG	ASCII text	B045F6A5A44C9B34AB7AD9F782977D1C	806EF6155BAA0AA7AF01B0F66350EF51325F47AB	F4C37C555190D6A09D31EAF5D81DE1A0CF260035067322FA644778464412723F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG	ASCII text	DD0524C3241D0468BF3888DACDD4D15E	A4234925EA73AE44EBF029D7BD27EF0F0A29AC8C	095B0D680898FA96E013864DE361EA6D8679C27394B557E77265CC49503B9E52
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log	data	A2A3B1383E3AAC2430F44FC7BF3E447E	B807210A1205126A107A5FE25F070D2879407AA4	90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG	ASCII text	40F77DEF1EF94238D3EE9C512990195C	4F03613D1D2C6E83D92B04397A746692C3CF8955	7E9D31D913D4A510206C7C30ADD0649E8A2F3E9499FE5CBBE862826EB4771955
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)	ASCII text	40F77DEF1EF94238D3EE9C512990195C	4F03613D1D2C6E83D92B04397A746692C3CF8955	7E9D31D913D4A510206C7C30ADD0649E8A2F3E9499FE5CBBE862826EB4771955
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1	2554AD7847B0D04963FDAE908DB81074	F84ABD8D05D7B0DFB693485614ECF5204989B74A	F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2	1A7F642FD4F71A656BE75B26B2D9ED79	51BBF587FB0CCC2D726DDB95C96757CC2854CFAD	B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json	JSON data	5D1D9020CCEFD76CA661902E0C229087	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3	241322143A01979D346689D9448AC8C0	DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1	65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	data	777F145B62163EB8CC827048716E96A0	EF2266A209CAB0690B3E0F4A6866ECB0399A797E	D674C6B132181D259C02DCED25A3E27FFB1EF2A90080DED7FC7D99F8D4B005DC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2	971F4C153D386AC7ED39363C31E854FC	339841CA0088C9EABDE4AACC8567D2289CCB9544	B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG	ASCII text	ACC1207EDB8A503C4532C1977DB7C1BC	664B509F14B1303F744328A9C2F7B6E0B93A2C86	9A56B3FDD74ED98238E6D1A6164AA3F6C25E09DFE76C4BB1D3614A992EC14A25
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)	ASCII text	ACC1207EDB8A503C4532C1977DB7C1BC	664B509F14B1303F744328A9C2F7B6E0B93A2C86	9A56B3FDD74ED98238E6D1A6164AA3F6C25E09DFE76C4BB1D3614A992EC14A25
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG	ASCII text	9C06BEA2C20CDD1255208FD9A107DA58	406C4D42953125C0D21DA9D518585C04C633FA06	3A7AD97A189A28885FE8C68B2AAFE415C5DE6365137030A26F7BD94DB8E4512D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	9C06BEA2C20CDD1255208FD9A107DA58	406C4D42953125C0D21DA9D518585C04C633FA06	3A7AD97A189A28885FE8C68B2AAFE415C5DE6365137030A26F7BD94DB8E4512D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2	C681C90B3AAD7F7E4AF8664DE16971DF	9F72588CEA6569261291B19E06043A1EFC3653BC	ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3	ADC0CFB8A1A20DE2C4AB738B413CBEA4	238EF489E5FDC6EBB36F09D415FB353350E7097B	7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1c9e3a30-64e9-4696-9a6a-ed9848af15fe.tmp	JSON data	3BB76EC23C5506830EAD56540E06159F	94695E47D907E559E91E677CEC4EB763DC0C5CA9	6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3bdb7cfa-7271-41f9-b635-764bc4df9ab0.tmp	JSON data	807419CA9A4734FEAF8D8563A003B048	A723C7D60A65886FFA068711F1E900CCC85922A6	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5ede73ee-fa80-4bc7-91ff-a04c0742b65b.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\85741f60-8010-44f6-b6b0-6a6065c54114.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2ee2e.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3d89e.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4	0247E46DE79B6CD1BF08CAF7782F7793	B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6	AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2cd77.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2d920.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2ee2e.TMP (copy)	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b75175f5-37f0-40c4-aa59-1115aa7851c3.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2f1dc0e-179e-4139-be3f-bb9d416584cc.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc04b53c-54ca-4b24-a922-9aadf29d9a5d.tmp	JSON data	71CA407EE26FC7C4498B52BE9A04A47B	7785ACC365B91687BBDEFD687FD1E5E6CBE8BC42	77CA4C2FF68CAA44EB470E5F8EDB62C0ECE1C1FBDA68C6870680042D2EA30040
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	E93ACF0820CA08E5A5D2D159729F70E3	2C1A4D4924B9AEC1A796F108607404B000877C5D	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF303f9.TMP (copy)	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF33d39.TMP (copy)	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36dde.TMP (copy)	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c3ce.TMP (copy)	JSON data	FF1D84D9CAC43D7EBDF43AAA4A6AEBCD	5E7325D1AF17C8AC36B0BB4E5D102C2B23723329	E6737D3808AE0D9FAEC1A60E0AE3F96E6ED8514EEB4DC6FB19AEC7689A29C204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps	JSON data	2B432FEF211C69C745ACA86DE4F8E4AB	4B92DA8D4C0188CF2409500ADCD2200444A82FCC	42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)	JSON data	0610FA9CD13A5995495DA3661BF415BF	9C45448AF37F384F7D39F52CBAA9A71CF7B0BA69	241078090B2434E0BCCE9AD831227547C322EB424E9995F376CB4ECD1AFF7607
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF31d8b.TMP (copy)	JSON data	0610FA9CD13A5995495DA3661BF415BF	9C45448AF37F384F7D39F52CBAA9A71CF7B0BA69	241078090B2434E0BCCE9AD831227547C322EB424E9995F376CB4ECD1AFF7607
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log	data	8A30A1FDD0459D9EA8B1E78A8E636856	9D7225E97F9CFCFB225CFBFD0B0BBA21D4EFDD20	88FE1D31608930F2738D102D45C75DC77ACDF01A1B69BFB7E7C0281575B75E33
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG	ASCII text	D9000A76E4F4E7D779DF36D205D7C05A	642A30E6F0692CF0C8DF8968573DF0089CC89FB4	C43B97A63CEC428ED8FB3D73B0C84E7D820E8BB49D9847FBD30395BF91355794
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	D9000A76E4F4E7D779DF36D205D7C05A	642A30E6F0692CF0C8DF8968573DF0089CC89FB4	C43B97A63CEC428ED8FB3D73B0C84E7D820E8BB49D9847FBD30395BF91355794
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG	ASCII text	EE3751F1FAA583B2961684BBC945656A	EE6D7A4DCA7F37CAA6C25B038FD9B3E20C7AD250	F943D3831E5001A616D284B0B3C5E51AD5CC9C133DCFF6D1A35D010E88470D16
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)	ASCII text	EE3751F1FAA583B2961684BBC945656A	EE6D7A4DCA7F37CAA6C25B038FD9B3E20C7AD250	F943D3831E5001A616D284B0B3C5E51AD5CC9C133DCFF6D1A35D010E88470D16
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	4D9DC806EBC3CDC5DBC0367FB681F0A7	2B087D8C4AC24C8021707E62A72AA8F4406A61F2	E0682EA70A4B7E2EA1BB39D3EC6B3A04C2981A20185583568F6842DEA04840E3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	403E8261F399D08AE8EF63174F3D6642	318C6C30E1C75A546C8F44A5975D33CA107B162F	DFDAC423BED7B42861198D5A6989A7C920C52801968E0DECC16C21DF8839F7C9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG	ASCII text	FC8A408F8DEA843484498DCC41F71445	7DF58C0E1214181CCE753BB03376D3D13A9C1903	9EF10E6EAA76A87B134DBB6964E7A14554480B1E1EB7A9DAEB8B34C4111648CD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	FC8A408F8DEA843484498DCC41F71445	7DF58C0E1214181CCE753BB03376D3D13A9C1903	9EF10E6EAA76A87B134DBB6964E7A14554480B1E1EB7A9DAEB8B34C4111648CD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\17f34b33-52aa-4e35-b1e9-9352c08d2517.tmp	JSON data	807419CA9A4734FEAF8D8563A003B048	A723C7D60A65886FFA068711F1E900CCC85922A6	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\76efb816-08fb-44e8-b0ff-d7f48cfe0ac5.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8ffe178d-e86a-4b51-ab4e-0a585c248b1c.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\91c92e27-0daa-4221-ae09-6c06441a1433.tmp	JSON data	1192DD11B1F5F8724DA374B0366A428E	CB40812A40613465E160C478DDF991C0AAA00731	8E9C85442D198CE1085D98E21111320C07C08869CDD11853AF32FDFE8B2FDC58
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF300bc.TMP (copy)	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3e1b6.TMP (copy)	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4	0247E46DE79B6CD1BF08CAF7782F7793	B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6	AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2d920.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f1318ee9-5fa5-4265-9b89-820ca029e413.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG	ASCII text	169F0D8A3AE97E353592FAF2A8C61183	F2804F2069AE44B3CE2630AE8AE1C8D992B929C0	EBAAC6D4CA1BC62BF45E2033198D0B784271A75D679CC7E1F06AC5FEE9A67A19
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)	ASCII text	169F0D8A3AE97E353592FAF2A8C61183	F2804F2069AE44B3CE2630AE8AE1C8D992B929C0	EBAAC6D4CA1BC62BF45E2033198D0B784271A75D679CC7E1F06AC5FEE9A67A19
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	7AFC60DD578E2D5E2EB5B5B4C10A446C	60CAFE70723F163E747F064AC01D77715B983F4C	EFD8822521A4FCC1139859DC327F610AEFAE9080CC9D247C94F1E6208D3E16E5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	7AFC60DD578E2D5E2EB5B5B4C10A446C	60CAFE70723F163E747F064AC01D77715B983F4C	EFD8822521A4FCC1139859DC327F610AEFAE9080CC9D247C94F1E6208D3E16E5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2	04F8B790DF73BD7CD01238F4681C3F44	DF12D0A21935FC01B36A24BF72AB9640FEBB2077	96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x66, schema 4, UTF-8, version-valid-for 4	C97C2FBAAEA45BB3C728D02689216CB2	CA75AE4F32B49EA8EE1C3FDC4A6A6729460AE9F2	DB3E522850328F9150FF442E3680DF9F8A332B504ECECE26F4983D79C0D1482B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal	data	14F9F3C873BDBCCD7B5AD8F2D0AF6E73	0A5C80C9D885FA272AC4FFF1D6AE647D83707C27	CFEA874BCFFC2A3E5D8F06568115EB0BC537833713D01E104412B9D1B1E9F193
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aeef73ba-fbce-498e-9eaf-2cd8995fb36f.tmp	JSON data	AE2009B179BE4887D97EB038FD7C10A2	AF6ECC58AF3208CFD283F2A458BF22DA597FAE82	C6B75AE7ADEA8F78A89373199AABEE3A129EE16BC18C2D87BA29895C182A8F95
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json	ASCII text, with very long lines (3951), with CRLF line terminators	07301A857C41B5854E6F84CA00B81EA0	7441FC1018508FF4F3DBAA139A21634C08ED979C	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bfe73781-b033-4bdf-8dcc-4df17efa8c81.tmp	JSON data	0610FA9CD13A5995495DA3661BF415BF	9C45448AF37F384F7D39F52CBAA9A71CF7B0BA69	241078090B2434E0BCCE9AD831227547C322EB424E9995F376CB4ECD1AFF7607
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c68303cd-a593-414a-9578-fe73d4497155.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d9116dac-1c16-464b-884a-51e528cb654f.tmp	JSON data	DF33B4F791E72C92D775337480BD42E5	9B9A741C8EBFEA7E5482D59DB691B2D673EC468F	02BBC1C4DDF7B344556CCEFD3E1665D122472084EB2C2C395264DDEE718D1641
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e190d06f-d1fc-4bef-8a0e-8e91f4455185.tmp	JSON data	DC7A989FD539AD71A5114CC7A06A66BF	95E62618C152B5C84375A6277871DFB0DFA0B5AA	B4D1E845E122102D4E664C7C62BF8EDEDA58D12674959A7C59A15FFD0AA18CF1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2	D2CCDC36225684AAE8FA563AFEDB14E7	3759649035F23004A4C30A14C5F0B54191BEBF80	080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm	data	B7C14EC6110FA820CA6B65F5AEC85911	608EEB7488042453C9CA40F7E1398FC1A270F3F4	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log	data	FBC9B8FDC9C59E1B629A922186E050A4	606552347A4B66FFB21B8BAA7ABCADEAA3D4827A	8E3B49650F75DDA23C731C3D5354285CCE3A1AF3DE170A2DA5579ED470DECED0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG	ASCII text	3182442AF87A869E7E2D98A1B6494959	B01B81828035A88DC16E8520D2E7E9D1DE80BC79	9F1E5D2CE08471EEB3B6904F0D8BC718205F35D029DD55BD2DFEE8A920AB9E27
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log	data	451C78A410E36D9505AF8797B08226EC	EE0B72590AE3A77637DA92E36004F9C4F668198C	803DF30D5DF0329E4B9098AE45510AB5DD52903198287F390858AD84678148AD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	BA5A68F2F4227DBDABD8C34A464480BF	B486A1E4D9163099C9A5F58C35F3A7B3369ECDC5	D994B11226104EC243D44F3EEBCB67483F921BDC36F526BC08859CA08475CC09
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	5A228204EB38ECAC17392496B398785C	92903A3CA083F6241FB4146CF55753AE361DB8C3	C1A279113237BAE0BB0F0DAA5635DE9BC12B525BC72204AD896E1787BE158D71
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	B61920D6F4687713975D19EB30B7F0E7	935B262FE2983CC06ED1FCBF45D977BFEF268F6A	B2891E5F373679F4AE60865DC4754792BEE60B02641D8624A6362AC5A6E817A3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser	data	A397E5983D4A1619E36143B4D804B870	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b0a8.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b2ac.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b2bc.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dd08.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30291.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF302df.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF302ef.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF323e4.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF323f4.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39c7f.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c39f.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fe37.TMP (copy)	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	E93ACF0820CA08E5A5D2D159729F70E3	2C1A4D4924B9AEC1A796F108607404B000877C5D	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	D18911F0137D35816DB5FFFE40D2911E	4483D1B24D46C52BC79EE5D0BC4678CB5045BA76	A48DD356B1C25CF6DD234813BEA578D5748984886CD0F9271223D6F8AA86EAFF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris	ASCII text, with no line terminators	7BAAFE811F480ACFCCCEE0D744355C79	24B89AE82313084BB8BBEB9AD98A550F41DF7B27	D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings	ASCII text, with no line terminators	5692162977B015E31D5F35F50EFAB9CF	705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D	42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0	JSON data	BDE38FAE28EC415384B8CFE052306D6C	3019740AF622B58D573C00BF5C98DD77F3FBB5CD	1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris	ASCII text, with no line terminators	3F90757B200B52DCF5FDAC696EFD3D60	569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77	1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations	JSON data	03B6D5E81A4DC4D4E6C27BE1E932B9D9	3C5EF0615314BDB136AB57C90359F1839BDD5C93	73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a23ab6e7-483d-442c-84f6-dbb5f579a887.tmp	JSON data	B71556300A0ABDB0D2F752BA389F6358	C3D1E94FA7DEF480E4E94760D91CAA91A9FE0102	EF0BA84AD84C8D795DFCB9BBDB9B32D0B39613963EB1E67CD8EECF3948859BA3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bdd2a195-7279-4f5e-a328-f3d8c5be5c29.tmp	JSON data	566F1D0D6C67CB55FA9B42E30B5BD0E2	764B7B69256F92DDEA8E858E7FBD146B2686E1BA	280D6D75D2AD3839F000904C33F81F468567001A295E0513BD218ED474520BB4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c72e97e5-da73-4840-9b70-921ddb6cfce0.tmp	JSON data	891691A6A9729866D44D5E6E454C97B5	B34B792DF98052EA298546F2367F62FAE5415C86	795C4705232DC9BF4E9B36AA80F2F64B205AC6175CEFFAF9FF7F8F6FE21F06EF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dfa9a9d6-e6e6-4117-8dc4-04cf74c667ee.tmp	JSON data	5CFDBD3D1871F95FF2F37D576AD53261	4D643E90619EB6E2A60773C83FCAE06975A4A4A9	70FBA141E05C517C3D9ADA789DBDBAF0BA0669E8F9101056C4E59C6FB24EF6D8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e47f7d0a-ac23-449f-9d41-59db2aef50f7.tmp	JSON data	38F696E30C6D0D2E1E738C3317EB64F1	50E7F40849F537BEBD9D6BE93A5375342C55DD0B	B263850A4F9DEAC933D44058B6F58156FE4669A2697F8BC453801FB2CCD1611B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f711b50c-e61d-4d42-aa02-89d7a4a2a490.tmp	JSON data	C519CBA0B2AE7300E0A94D8FF9915728	6B35BA3B21AD96E6DBEBDBCB46638C6B9C6CE6CD	C26E2CE6A2FF5AEA61B02D15B78E2788343160485699666440A36F7D3C74796C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-CH.1	data	5A34CB996293FDE2CB7A4AC89587393A	3C96C993500690D1A77873CD62BC639B3A10653F	C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B42D271F-91FC-11EF-8C2C-ECF4BBEA1588}.dat	Composite Document File V2 Document, Cannot read section info	6C513DF7A7995D15F1F16C99676799F2	722E4626F25FD0313893966475E37355CBB3ABBE	9E02AC86EAA2D3A21C6A09BA5FC821FD1C503DEB13C22B20CBC71038628F4BC8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B42D2721-91FC-11EF-8C2C-ECF4BBEA1588}.dat	Composite Document File V2 Document, Cannot read section info	FB78B42855FBC87FB02E2F60F307ECAD	E40E1585C144A8618ABA8FA241341354B0BB7B42	0D0FF46E745B66D7A7407B2EF377B2F71658131DAF39D0012B6948CEC5088101
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators	30192ED8E987D30D319EEF6000B4478D	4602D7F7691DB7248C0DEC0E16D971224B9A3ACD	94F888B55596FF69423668ABFB356D2BA50800954D9E83C126DE6D08D9BDCEB0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators	ED9A8F9DD17710CE7E1020506FF86B79	82456D22788A22F293195928D7AD87796EE2FD08	82DEF0736CAABF8FE3CC01084076923F3BB47F60C405E307DF30335A06A0CFC1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators	353FD18844BBCF38954932932F3760B3	E7EAF99AD468021BCBA2800DF7F4605F4334D17F	935453D132103E98658BB38C33848B783A36AFE473FF1FC87C88A1E2E7A07455
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (334), with CRLF line terminators	A65F6B663CD97ABCD8FFBC8544275723	6454D3ADB27C14B1988C18802BD23808FD679902	25CD19808EC5B31D13AC31C069B7FA04E729052D33CE1EF8E72E73E1F2E9D542
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators	72818EF0587C25FF629C580132C64829	43EE7E8DE5364F7A942EF5A0E89786CD76E00847	FD641254CFF2DC82EDB91EEF0217A2410524220B51E7A60B30D5924A9768AE52
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators	8FEB84502874B4DB73A6563AEBAF3CA3	D1858581172AB473DD9DD895E589E5AE29896897	839D6C4205836795977E686FAD036F8ACFB868092639D8C8DD8B739C6A05E018
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators	D9D89BB50A1570B5C154931D8AB31AF9	1B94B2D7C29E338EC99EAAF593D85261683E82EF	46E3C2621434A733AFE959B8BD1BF7404DB50B98CED4C860735C4732A6BE1948
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators	9643F0969FED93781EB985DB7BB95E9A	94BB54622E42D5D715E16B43EC33F0EE78C0FF11	F3763878AB20684F8818DD5DAF1865962A40D917FD4A0D68500C87C9F04F2AEF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators	64FA45E3BF37431905BF3B6A1D08AC5F	C74D5CDB734531DC7E73EE8A69418EAE173A4052	81D4A01E4F51B8636870BF243B40E4FD4E57E8F6CE710D9C300C7842B50A5C8F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators	89BA9BD9D26DAB2EAFD4275E785774B9	4072AF6C296911B87FFA4331D835DE625AB729D6	9B602F5B0BD2B3A24DC70F8A6088C791FF3DC45273F2D4766F2A81627CA04A3F
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres	data	6558A8CA9E07E11B6738D885101E212F	4FCDF87FF4380B36AE6C7E5969476436122C3116	2B2FA3D396761C2ADFACD9CDDC13F8D40DE1372463DD9DFC52BD1DC0C63E5BE0
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres	data	0A86AFECFEC40E566D5E875CED0C5E19	C24FA0A7A1E416BFC2D95842D5752C8B28F4581C	DE259CB43E445FE775DD51268D5F880FEECD8B1D288D8983FBC66ECA0E05CF3C
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres	data	9060F5EBDF0EC828C3FF15450AF2215C	71C6FD1B562F88E7E3E66565E76CDF728F693908	B7EE5D66E0125D2301BC1BCE110F2972053B67137FDCCBC1DF9BD8324C1266B6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\xmltreeview[1]	ASCII text, with CRLF line terminators	03710426AB25AD1280E197F61249F9DE	F5E7A6FD42503AE4758BC36C8DD78D98EFB35047	21E63F7C77896ED2B5F115957F2448E0A9E2DD738D7D487E471217421F6A93E1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\known_providers_download_v1[1].xml	XML 1.0 document, ASCII text, with CRLF line terminators	002D5646771D31D1E7C57990CC020150	A28EC731F9106C252F313CCA349A68EF94EE3DE9	1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\suggestions[1].en-CH	data	5A34CB996293FDE2CB7A4AC89587393A	3C96C993500690D1A77873CD62BC639B3A10653F	C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Temp\26039923-c6a6-411e-a573-963f168cd084.tmp	Google Chrome extension, version 3	DA75BB05D10ACC967EECAAC040D3D733	95C08E067DF713AF8992DB113F7E9AEC84F17181	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
C:\Users\user\AppData\Local\Temp\2663cbca-37dd-4dbf-9047-82d4bb6a5eb9.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\55c909c3-96d9-4024-83d6-ee613f57056b.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634	B73A9C52EF76DD9F575BDCF919B05902	A7ED2E7B5F85D6E502B538FDEBD91343D811E55A	EF05EE3FA07D46FDDD88DA7760509F7BA658D3A9A5696004404F5A128349B323
C:\Users\user\AppData\Local\Temp\949d793a-1a5f-4249-b979-098f1db817c0.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\KnoC6F0.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	002D5646771D31D1E7C57990CC020150	A28EC731F9106C252F313CCA349A68EF94EE3DE9	1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F
C:\Users\user\AppData\Local\Temp\a049d533-5890-4fd0-9e81-3006dc0718ac.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\cv_debug.log	JSON data	C702343A363D359F9042E450005727F2	29FD19C7C780DCCEFB5E0E72271FAA52D7FE2018	E570AE00A009E4350CE0899FF01A33F05BDEDDC1B462D4DFD5B2163209069858
C:\Users\user\AppData\Local\Temp\scoped_dir7336_300838947\CRX_INSTALL\_metadata\verified_contents.json	JSON data	738E757B92939B24CDBBD0EFC2601315	77058CBAFA625AAFBEA867052136C11AD3332143	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
C:\Users\user\AppData\Local\Temp\scoped_dir7336_300838947\CRX_INSTALL\content.js	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators	3D20584F7F6C8EAC79E17CCA4207FB79	3C16DCC27AE52431C8CDD92FBAAB0341524D3092	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
C:\Users\user\AppData\Local\Temp\scoped_dir7336_300838947\CRX_INSTALL\content_new.js	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators	3DE1E7D989C232FC1B58F4E32DE15D64	42B152EA7E7F31A964914F344543B8BF14B5F558	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
C:\Users\user\AppData\Local\Temp\scoped_dir7336_300838947\CRX_INSTALL\manifest.json	JSON data	E805E9E69FD6ECDCA65136957B1FB3BE	2356F60884130C86A45D4B232A26062C7830E622	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
C:\Users\user\AppData\Local\Temp\scoped_dir7336_300838947\a049d533-5890-4fd0-9e81-3006dc0718ac.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\26039923-c6a6-411e-a573-963f168cd084.tmp	Google Chrome extension, version 3	DA75BB05D10ACC967EECAAC040D3D733	95C08E067DF713AF8992DB113F7E9AEC84F17181	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	913064ADAAA4C4FA2A9D011B66B33183	99EA751AC2597A080706C690612AEEEE43161FC1	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\af\messages.json	JSON data	12403EBCCE3AE8287A9E823C0256D205	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\am\messages.json	JSON data	9721EBCE89EC51EB2BAEB4159E2E4D8C	58979859B28513608626B563138097DC19236F1F	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ar\messages.json	JSON data	3EC93EA8F8422FDA079F8E5B3F386A73	24640131CCFB21D9BC3373C0661DA02D50350C15	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\az\messages.json	JSON data	9A798FD298008074E59ECC253E2F2933	1E93DA985E880F3D3350FC94F5CCC498EFC8C813	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\be\messages.json	JSON data	68884DFDA320B85F9FC5244C2DD00568	FD9C01E03320560CBBB91DC3D1917C96D792A549	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\bg\messages.json	JSON data	2E6423F38E148AC5A5A041B1D5989CC0	88966FFE39510C06CD9F710DFAC8545672FFDCEB	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\bn\messages.json	JSON data	651375C6AF22E2BCD228347A45E3C2C9	109AC3A912326171D77869854D7300385F6E628C	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ca\messages.json	JSON data	D177261FFE5F8AB4B3796D26835F8331	4BE708E2FFE0F018AC183003B74353AD646C1657	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\cs\messages.json	JSON data	CCB00C63E4814F7C46B06E4A142F2DE9	860936B2A500CE09498B07A457E0CCA6B69C5C23	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\cy\messages.json	JSON data	A86407C6F20818972B80B9384ACFBBED	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\da\messages.json	JSON data	B922F7FD0E8CCAC31B411FC26542C5BA	2D25E153983E311E44A3A348B7D97AF9AAD21A30	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\de\messages.json	JSON data	D116453277CC860D196887CEC6432FFE	0AE00288FDE696795CC62FD36EABC507AB6F4EA4	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\el\messages.json	JSON data	9ABA4337C670C6349BA38FDDC27C2106	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\en\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\en_CA\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\en_GB\messages.json	JSON data	3734D498FB377CF5E4E2508B8131C0FA	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\en_US\messages.json	JSON data	578215FBB8C12CB7E6CD73FBD16EC994	9471D71FA6D82CE1863B74E24237AD4FD9477187	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\es\messages.json	JSON data	F61916A206AC0E971CDCB63B29E580E3	994B8C985DC1E161655D6E553146FB84D0030619	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\es_419\messages.json	JSON data	535331F8FB98894877811B14994FEA9D	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\et\messages.json	JSON data	64204786E7A7C1ED9C241F1C59B81007	586528E87CD670249A44FB9C54B1796E40CDB794	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\eu\messages.json	JSON data	29A1DA4ACB4C9D04F080BB101E204E93	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\fa\messages.json	JSON data	097F3BA8DE41A0AAF436C783DCFE7EF3	986B8CABD794E08C7AD41F0F35C93E4824AC84DF	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\fi\messages.json	JSON data	B38CBD6C2C5BFAA6EE252D573A0B12A1	2E490D5A4942D2455C3E751F96BD9960F93C4B60	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\fil\messages.json	JSON data	FCEA43D62605860FFF41BE26BAD80169	F25C2CE893D65666CC46EA267E3D1AA080A25F5B	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\fr\messages.json	JSON data	A58C0EEBD5DC6BB5D91DAF923BD3A2AA	F169870EEED333363950D0BCD5A46D712231E2AE	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\fr_CA\messages.json	JSON data	6CAC04BDCC09034981B4AB567B00C296	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\gl\messages.json	JSON data	6BAAFEE2F718BEFBC7CD58A04CCC6C92	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\gu\messages.json	JSON data	BC7E1D09028B085B74CB4E04D8A90814	E28B2919F000B41B41209E56B7BF3A4448456CFE	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\hi\messages.json	JSON data	98A7FC3E2E05AFFFC1CFE4A029F47476	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\hr\messages.json	JSON data	25CDFF9D60C5FC4740A48EF9804BF5C7	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\hu\messages.json	JSON data	8930A51E3ACE3DD897C9E61A2AEA1D02	4108506500C68C054BA03310C49FA5B8EE246EA4	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\hy\messages.json	JSON data	55DE859AD778E0AA9D950EF505B29DA9	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\id\messages.json	JSON data	34D6EE258AF9429465AE6A078C2FB1F5	612CAE151984449A4346A66C0A0DF4235D64D932	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\is\messages.json	JSON data	CAEB37F451B5B5E9F5EB2E7E7F46E2D7	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\it\messages.json	JSON data	0D82B734EF045D5FE7AA680B6A12E711	BD04F181E4EE09F02CD53161DCABCEF902423092	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\iw\messages.json	JSON data	26B1533C0852EE4661EC1A27BD87D6BF	18234E3ABAF702DF9330552780C2F33B83A1188A	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ja\messages.json	JSON data	15EC1963FC113D4AD6E7E59AE5DE7C0A	4017FC6D8B302335469091B91D063B07C9E12109	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ka\messages.json	JSON data	83F81D30913DC4344573D7A58BD20D85	5AD0E91EA18045232A8F9DF1627007FE506A70E0	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\kk\messages.json	JSON data	2D94A58795F7B1E6E43C9656A147AD3C	E377DB505C6924B6BFC9D73DC7C02610062F674E	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\km\messages.json	JSON data	B3699C20A94776A5C2F90AEF6EB0DAD9	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\kn\messages.json	JSON data	38BE0974108FC1CC30F13D8230EE5C40	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ko\messages.json	JSON data	F3E59EEEB007144EA26306C20E04C292	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\lo\messages.json	JSON data	E20D6C27840B406555E2F5091B118FC5	0DCECC1A58CEB4936E255A64A2830956BFA6EC14	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\lt\messages.json	JSON data	970544AB4622701FFDF66DC556847652	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\lv\messages.json	JSON data	A568A58817375590007D1B8ABCAEBF82	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ml\messages.json	JSON data	4717EFE4651F94EFF6ACB6653E868D1A	B8A7703152767FBE1819808876D09D9CC1C44450	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\mn\messages.json	JSON data	83E7A14B7FC60D4C66BF313C8A2BEF0B	1CCF1D79CDED5D65439266DB58480089CC110B18	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\mr\messages.json	JSON data	3B98C4ED8874A160C3789FEAD5553CFA	5550D0EC548335293D962AAA96B6443DD8ABB9F6	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ms\messages.json	JSON data	7D273824B1E22426C033FF5D8D7162B7	EADBE9DBE5519BD60458B3551BDFC36A10049DD1	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\my\messages.json	JSON data	342335A22F1886B8BC92008597326B24	2CB04F892E430DCD7705C02BF0A8619354515513	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ne\messages.json	JSON data	B1083DA5EC718D1F2F093BD3D1FB4F37	74B6F050D918448396642765DEF1AD5390AB5282	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\nl\messages.json	JSON data	32DF72F14BE59A9BC9777113A8B21DE6	2A8D9B9A998453144307DD0B700A76E783062AD0	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\no\messages.json	JSON data	A1744B0F53CCF889955B95108367F9C8	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\pa\messages.json	JSON data	97F769F51B83D35C260D1F8CFD7990AF	0D59A76564B0AEE31D0A074305905472F740CECA	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\pl\messages.json	JSON data	B8D55E4E3B9619784AECA61BA15C9C0F	B4A9C9885FBEB78635957296FDDD12579FEFA033	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\pt_BR\messages.json	JSON data	608551F7026E6BA8C0CF85D9AC11F8E3	87B017B2D4DA17E322AF6384F82B57B807628617	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\pt_PT\messages.json	JSON data	0963F2F3641A62A78B02825F6FA3941C	7E6972BEAB3D18E49857079A24FB9336BC4D2D48	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ro\messages.json	JSON data	BED8332AB788098D276B448EC2B33351	6084124A2B32F386967DA980CBE79DD86742859E	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ru\messages.json	JSON data	51D34FE303D0C90EE409A2397FCA437D	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\si\messages.json	JSON data	B8A4FD612534A171A9A03C1984BB4BDD	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\sk\messages.json	JSON data	8E55817BF7A87052F11FE554A61C52D5	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\sl\messages.json	JSON data	BFAEFEFF32813DF91C56B71B79EC2AF4	F8EDA2B632610972B581724D6B2F9782AC37377B	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\sr\messages.json	JSON data	7F5F8933D2D078618496C67526A2B066	B7050E3EFA4D39548577CF47CB119FA0E246B7A4	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\sv\messages.json	JSON data	90D8FB448CE9C0B9BA3D07FB8DE6D7EE	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\sw\messages.json	JSON data	D0579209686889E079D87C23817EDDD5	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ta\messages.json	JSON data	DCC0D1725AEAEAAF1690EF8053529601	BB9D31859469760AC93E84B70B57909DCC02EA65	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\te\messages.json	JSON data	385E65EF723F1C4018EEE6E4E56BC03F	0CEA195638A403FD99BAEF88A360BD746C21DF42	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\th\messages.json	JSON data	64077E3D186E585A8BEA86FF415AA19D	73A861AC810DABB4CE63AD052E6E1834F8CA0E65	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\tr\messages.json	JSON data	76B59AAACC7B469792694CF3855D3F4C	7C04A2C1C808FA57057A4CCEEE66855251A3C231	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\uk\messages.json	JSON data	970963C25C2CEF16BB6F60952E103105	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\ur\messages.json	JSON data	8B4DF6A9281333341C939C244DDB7648	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\vi\messages.json	JSON data	773A3B9E708D052D6CBAA6D55C8A5438	5617235844595D5C73961A2C0A4AC66D8EA5F90F	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\zh_CN\messages.json	JSON data	3E76788E17E62FB49FB5ED5F4E7A3DCE	6904FFA0D13D45496F126E58C886C35366EFCC11	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\zh_HK\messages.json	JSON data	524E1B2A370D0E71342D05DDE3D3E774	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\zh_TW\messages.json	JSON data	0E60627ACFD18F44D4DF469D8DCE6D30	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_locales\zu\messages.json	JSON data	71F916A64F98B6D1B5D1F62D297FDEC1	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\_metadata\verified_contents.json	JSON data	F897300492E3AB467E56883D23D02D77	DECD6DC9E70ECCF9B45983147680614C019B99EA	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\dasherSettingSchema.json	JSON data	4EC1DF2DA46182103D2FFC3B92D20CA5	FB9D1BA3710CF31A87165317C6EDC110E98994CE	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\manifest.json	JSON data	35068E2550395A8A3E74558F2F4658DA	BD6620054059BFB7A27A4FFF86B9966727F2C2B9	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\offscreendocument.html	HTML document, ASCII text	B747B5922A0BC74BBF0A9BC59DF7685F	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\offscreendocument_main.js	ASCII text, with very long lines (3700)	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7	88D7F0A88C5807BFE00F13B612CC0522EEBE514A	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\page_embed_script.js	ASCII text	3AB0CD0F493B1B185B42AD38AE2DD572	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
C:\Users\user\AppData\Local\Temp\scoped_dir7336_602406375\CRX_INSTALL\service_worker_bin_prod.js	ASCII text, with very long lines (3705)	4E0C47897BF98DEAC56F800942E150C4	7903D30E0ACEE273724BDAA67446D9FD4E8460A5	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
C:\Users\user\AppData\Local\Temp\~DF94EA510BB99C4B82.TMP	data	564F1A727C996286C222EFF5B294C126	10BF6E710E07BDAB6281F866E60B16F95FC6113C	EACD199A087D893BDE7E769986BB47F86F81DADAD8D7ADFEDB6DF379BAB641D9
C:\Users\user\AppData\Local\Temp\~DFD6FD9B97F7FAE707.TMP	data	6831C1188CD385D63D04FCAA2A9DB646	B5A3E446B145A8B8ED0B1A191D6E7D708B3AA380	4A532468FE6E568063C5DA84F700559F0FF806CEB2C0B3AF2F76CD94FC5276D2

ID:	1541127
Product:	CloudBasic
Start time:	13:39:03
Start date:	24.10.2024
Sample:	{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2d3c508321b32b43ee4192d54bc0ed15
SHA1:	e60a6dc0e6374c5adffce59e1b34635769e39767
SHA256:	96003b2bc14e105d7649310c9f5f0cb1b71c809a17b07a6456be4e4841cba187

Windows Analysis Report
{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report {89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml