Windows Analysis Report
close_790189870c9543725dc3f5a15fb25e46[2].svg

Overview

General Information

Sample name:	close_790189870c9543725dc3f5a15fb25e46[2].svg
Analysis ID:	1501457
MD5:	40eb39126300b56bf66c20ee75b54093
SHA1:	83678d94097257eb474713dec49e8094f49d2e2a
SHA256:	765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Maps a DLL or memory area into another process

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Uses a known web browser user agent for HTTP communication

Classification

Signatures

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49777 version: TLS 1.2

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725574170&P2=404&P3=2&P4=jVEhRp%2bA2y96DOhA8sMiHTzvCw6cMfX4%2bBpFJvZ8%2bFRR%2bvl9qKJDn4u0IyYF88ZhOxfXiBS5GSXmZRZZNs0EFA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: kc0WH0yspLodMVPXFSdt0lSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 465Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8hNn9fGCUcHWYOD&MD=Zg1BbeGA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725574170&P2=404&P3=2&P4=jVEhRp%2bA2y96DOhA8sMiHTzvCw6cMfX4%2bBpFJvZ8%2bFRR%2bvl9qKJDn4u0IyYF88ZhOxfXiBS5GSXmZRZZNs0EFA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: kc0WH0yspLodMVPXFSdt0lSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8hNn9fGCUcHWYOD&MD=Zg1BbeGA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.3.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.3.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.3.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.3.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.3.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 669b22d7-f437-4638-a7e7-e475afc85702.tmp.4.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.3.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 669b22d7-f437-4638-a7e7-e475afc85702.tmp.4.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json.3.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr, HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr, HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://gaana.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://m.kugou.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://m.soundcloud.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://m.vk.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://music.amazon.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://music.apple.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://music.yandex.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://open.spotify.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://tidal.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://twitter.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://vibe.naver.com/today
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://web.telegram.org/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://web.whatsapp.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.deezer.com/
Source: content.js.3.dr, content_new.js.3.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.3.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 669b22d7-f437-4638-a7e7-e475afc85702.tmp.4.dr	String found in binary or memory: https://www.googleapis.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.instagram.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.last.fm/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.messenger.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.office.com
Source: Top Sites.3.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.3.dr	String found in binary or memory: https://www.office.com/Office
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.tiktok.com/
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://www.youtube.com
Source: dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp.3.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49777 version: TLS 1.2

Source: classification engine

Classification label: sus21.evad.winSVG@54/301@10/11

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D0F193-1BD8.pma

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\fb3b5663-6e89-4e6a-923b-7a3b6754bb94.tmp

Jump to behavior

Source: Login Data.3.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\close_790189870c9543725dc3f5a15fb25e46[2].svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2000,i,5938193828967197103,15847169476225554251,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\close_790189870c9543725dc3f5a15fb25e46[2].svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6424 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7248 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7248 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2064,i,7583231872953787829,7140967329954936170,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2012,i,16973597618292821115,2187613196241031377,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6520 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2000,i,5938193828967197103,15847169476225554251,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6424 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6596 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7248 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7248 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6520 --field-trial-handle=2232,i,5777143487811511883,14929472616201104852,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2064,i,7583231872953787829,7140967329954936170,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2012,i,16973597618292821115,2187613196241031377,262144 /prefetch:3	Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.1	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.59.250.24	unknown	United States	20940	AKAMAI-ASN1EU	false
23.44.133.57	unknown	United States	20940	AKAMAI-ASN1EU	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	162.159.61.3	true
googlehosted.l.googleusercontent.com	172.217.18.1	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
clients2.googleusercontent.com	unknown	unknown
bzib.nelreports.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.googleusercontent.com/crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx	false	URL Reputation: safe	unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	URL Reputation: safe	unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\27e5eee7-bdbc-4e14-a248-33659608df94.tmp	JSON data	A5E1A2825930D4738A46C27FC79795E8	3D5A8FC103F6488C7DD66096931C95953D5DE913	20C0E0FBD26E512B474FB1CDAD3020C72E05B526D7AB789EE2932454C1225157
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2dea48f2-2a87-49ae-aa5c-6f05f0563f06.tmp	JSON data	B486DFC84296368509AC46364CA5B52E	06FC2A99A7857BA0533D6DC4ED2596F5D18F25B3	9482192FAB008D4CA10B0D95613CFBDB022EA349416DD3D1E92692FCD0590291
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\50c4824e-48ea-4d54-8f86-d7e6dcca9646.tmp	JSON data	27F7DE973874A3578BD51FD49B2DAC93	90D9BB54845E0A128970D6BE998D189FA42F4297	FAC0A7EEDCEC1F53D142F80FD8612DDC47C502B27FB609B22507AC86307B9375
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\724ad000-313f-4270-8b02-85ce99243135.tmp	JSON data	B54F5F29E6D5FA7ACA5AA7F13BC210B8	FB130565AE4F253F7925F1BFA18D5471644E67A3	F078A96AD8614039DD56231F6249AE901B3B2E226E2142FD82B0329CA287118F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7635bf29-8dfb-4f61-91af-919af14dad8f.tmp	JSON data	4374766E7CB7E45D6AC63462501A9FAD	AD0DFF8C974128E87AD9298D48CC77CCB850EF94	C0AB26D159B0F08480D4564B338EF720848BCC7B3041702C94F26DB05B5B5F85
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8b8789ef-69bd-4f48-9066-947dd2973947.tmp	JSON data	B486DFC84296368509AC46364CA5B52E	06FC2A99A7857BA0533D6DC4ED2596F5D18F25B3	9482192FAB008D4CA10B0D95613CFBDB022EA349416DD3D1E92692FCD0590291
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\97607670-bd0c-45fe-9a4e-df322919c72b.tmp	JSON data	386802FB42935332DEE3B191FCC1CF4C	117D87AE8BCD5E29BA9B048FF3E0AD5A62792073	B1661F1BCB7D085DCCA615299D6D0BE29AB0CC8E12C36414226D610E3F5BEC0F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\01246223-41d4-4c19-9221-4697bf3e9674.tmp	JSON data	46BC3CA050C9032312C051408F8C6227	4EC92F610AC217A2AB2927A8B71AD8BF5157D72D	CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)	JSON data	46BC3CA050C9032312C051408F8C6227	4EC92F610AC217A2AB2927A8B71AD8BF5157D72D	CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D0F193-1BD8.pma	data	8CB700A4DAF435FBAF8DECB3B7A88980	94B4BE1F277CBD3633BE1A70E386FF0DCF747365	6DDA9C4B4110CDC2C411A810901FC1A26027E0D7F2CFCDDD50E5BF3098BC7AFB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D0F193-C60.pma	data	20C93C454B4E06464DF8F4D3C628BAB2	6B03AD6A8661739A4D0965CE5414FBDCE036658E	F616D79EBEDD0293847476D8507A8BA31B702F04C02A36DC409748C5BCC5BBD7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D0F1A6-226C.pma	data	8F0E077060536EC78D55B242DD7B579E	949F46635F6953A2F1D22C9631D840DB8F03A7BF	361898175712E05D4D5DD3518EF1B0628DE1EC4EBD2485E50F51B98CE96D9C9B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D0F1AE-2080.pma	data	B0B28E381887CEBB272F00ECFB52282D	DF050A55F3C54ECFE1DEB0C3B34AEFDDB25365C2	BB40F78C162C3BA92245070ADC3015D5326ED21C3D3F373C0E19B51F0D52483D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma	data	CFAB81B800EDABACBF6CB61AA78D5258	2730D4DA1BE7238D701DC84EB708A064B8D1CF27	452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat	data	74B32A83C9311607EB525C6E23854EE0	C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2	06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10202b9f-628d-4333-9fed-3fbf86ee154b.tmp	JSON data	A325A17E01CD22407605E9C4480D998E	20802C6A8F3575EE895613B92E5D481346408C5D	F8BDC8ABC915E81B8B6439F09C68A872904A2F456F24C27964B60FAA266E51FF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\24cc1ebd-1436-48bc-943d-b2527f87515f.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4fb3894d-7b49-4542-9fd2-b1a1d2f19108.tmp	JSON data	F99AE01F051E938DFE190FC22C5B56D1	577A66917E9B5B0FBEE25B9F9F34FF7453407015	D4C5AF2386CFF11582C9FB659666EEF8B1894DCF5ADB751D098185F6A0CAC719
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\61d516d0-44b6-47b9-9a88-15f174eeb89b.tmp	JSON data	26C2DD2B1727B691DFC8C34D22EC1DB8	47A44653824CA8C912D34DE7750D204D83BAFFA8	FE29CF5CD6676CCF21271AC108FD3D3F77512C7818819DAEA7F9E6430AB7B159
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log	data	D46D7BA5D1D44FF79A2C605804E83C68	3B0DBC85E3A943A34E0EDFDB7776C21BAD0F7F93	BA7E50AE004DD604E1A6EEB8847A747743788021AE7F1939565989AC5881AAD6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG	ASCII text	588B5673B35E5B5FA7EAA898767ED454	59CDDC047F5536E519ED3F70FFD8DC7B2817B2B4	BD54A42EC65B91005FE139CCCD4F290E15293705E35F9ABEE6B73A823ADE3CB4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1	40B18EC43DB334E7B3F6295C7626F28D	0E46584B0E0A9703C6B2EC1D246F41E63AF2296F	85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1	F5237AED0F897E7619A94843845A3EC3	A0C752C9C28A753CFB051AACE2ADA78A6D1288C3	D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	D422AC66E43188609D5DB730A990C57A	9F733E3690B170D7C58D6F95348FCD70AFD18B1D	0DAC2F33248DB8C9E51DB747D13A5B39060FA32E09087D8876604CE19012DC29
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log	data	F27314DD366903BBC6141EAE524B0FDE	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG	ASCII text	7F14571D526443DBEBC9B2A949DD499D	DFA298BADC68A50752E2C9CD2DFD2E97D93FAEB4	902F6DE0523A2A1239A2CCF40135329EC3ACF77465A345BA4DEAC3A8E1E68452
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14	CF7760533536E2AF66EA68BC3561B74D	E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD	E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5	BCC2A4797D592DDC56C24CE7DF973BB7	2D661FA0CF5C5CA1C353B18A85A261601BFF7400	7791FDCE1CB9F4E806713A84BDBA39420F8CB3256135C56CE5FB9ECE969A921D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log	data	81A1092C7A38993F319FDFF1C9DBF512	39DF272E9FD8F723EA4D744EDF678A21BBBFC4C4	475A78796BD0305E2FD5D55C092AEE37195B016D8792158235114D3B2B596EE0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG	ASCII text	7D26D7855885CE14E767C5DE0276612E	06E81E546F707D85FD881ECF8B29AF99240D4200	424FB7E263CCCFFD8414E2427080AA128383E917B646AEC87C8297E6E0A73B82
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json	JSON data	AEE91A56C1EF7EFAF9EA6D3FE2E3B38E	9739517551A8D1E8FC40D6C659093F8ED817965D	0A643AB6B98794D4BBC018704DC300B78197E396FFA1F26E982EDA2E51011C04
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG	ASCII text	1B7EB276A14ED33226BDE4FD8C9DEF12	EA035128286A4A613BA08F4962B5332140CE0E70	DF658760D9AEFDC6DE35E1A1B68F982C124C4984E4C4F4922452C8C665696F20
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG	ASCII text	262799FF28C9754B0BB526575B095933	5C0EAB393A1D400BBE8B6A5F62794A484D3F3C9F	4487CBCF8DD8451B55BDD3967D3D9EFDAA3F3162020D718029BCAD84E0E582E8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log	data	A2A3B1383E3AAC2430F44FC7BF3E447E	B807210A1205126A107A5FE25F070D2879407AA4	90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG	ASCII text	37767F3BA1CBC5878EB53C22E19AD4A9	D2C1A9C85ED4DCF22F51CC099816D549CFC04AEC	ECFC94FA61FEC26613FA94F13C763C037E7AED93F8ED36A368C99D7BF14DEE8D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)	ASCII text	37767F3BA1CBC5878EB53C22E19AD4A9	D2C1A9C85ED4DCF22F51CC099816D549CFC04AEC	ECFC94FA61FEC26613FA94F13C763C037E7AED93F8ED36A368C99D7BF14DEE8D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1	2554AD7847B0D04963FDAE908DB81074	F84ABD8D05D7B0DFB693485614ECF5204989B74A	F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2	1A7F642FD4F71A656BE75B26B2D9ED79	51BBF587FB0CCC2D726DDB95C96757CC2854CFAD	B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json	JSON data	5D1D9020CCEFD76CA661902E0C229087	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4	48764A71270199842E7014F76D8715E7	AF05609AABE5E33B082BF6A5F72A092B2B7EF88F	59C4553D35628E69D521B378426A01FF5AB9755847DFFEF6F0EEAAF2AEDEC3FD
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	data	1BFBA7A36A0D389E60863C3DC9D659C3	CD6BABE79852A68D84CB47E3D8F9603AEE452A4A	02FB7300C2FE18A760CF226ECF29DFC88AC2060FAB1A3A25F5D93A7D3C34C4B1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)	ASCII text, with very long lines (1597), with CRLF line terminators	3D8183370B5E2A9D11D43EBEF474B305	155AB0A46E019E834FA556F3D818399BFF02162B	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5	1DCD9CCD8F00380AC715CFA5F015A575	676EC34D96787EEF26AAF047CAB5487D1A94402A	01E0F73FAF29967F004BD9785052FCD848ABC043BCB24B2BACD8DFCF9588054D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG	ASCII text	9386414AF865DA68DEB2EE1DC9D5DF60	9C9918D744DB33D7BDE3C837C029A0D90A5A394F	A0A5A1B32D3DA88D2C79FBA9770E72CFE0DC00394267E7BCB824E37E86DCEFF1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)	ASCII text	9386414AF865DA68DEB2EE1DC9D5DF60	9C9918D744DB33D7BDE3C837C029A0D90A5A394F	A0A5A1B32D3DA88D2C79FBA9770E72CFE0DC00394267E7BCB824E37E86DCEFF1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG	ASCII text	6EAAA005E9F6A1860D47DEC511C397F5	234620950181E85184113436B2AB1172691FF7F0	841E3ED4A8A9F3D1A3F1E1C09662F8409FB3F36CA08B5450B799B8061B9CFFAA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	6EAAA005E9F6A1860D47DEC511C397F5	234620950181E85184113436B2AB1172691FF7F0	841E3ED4A8A9F3D1A3F1E1C09662F8409FB3F36CA08B5450B799B8061B9CFFAA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2	C681C90B3AAD7F7E4AF8664DE16971DF	9F72588CEA6569261291B19E06043A1EFC3653BC	ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3	ADC0CFB8A1A20DE2C4AB738B413CBEA4	238EF489E5FDC6EBB36F09D415FB353350E7097B	7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1bcc7637-01b1-4912-943c-0164c61e8fad.tmp	JSON data	6833E2FEEACF2930174137246FC7E09F	7707DD22D2CFD3C3B79D727C93AE1D3DFD90B307	839EB286A9A424BFB655D9DA050BE4CAE90B3DE4894CFE1F352919B551F17C0C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\362d4768-51d4-49e0-b227-b194827eb5d8.tmp	JSON data	285252A2F6327D41EAB203DC2F402C67	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\573d55e1-91e3-48dc-9819-6cef35b5789d.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\60a9a975-28b0-4034-9859-acf1d8ff7a08.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\669b22d7-f437-4638-a7e7-e475afc85702.tmp	JSON data	5EAC9FB6A6ED6DC9927ACB4CD241B6F1	6858DB62B394B26A9252F818BBAD3F46D206D2B7	7FF4B74CDEE7085D2F8570F84C45B71CB0671DBEE7AF7CD77337811A6C83A358
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\827d7373-35d3-4eab-a3fc-45be14de0244.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9e39eeda-dc61-4a39-b86c-e919d6320695.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c0a6.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3ab16.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6	702393BBC338DA9554F20DE21A8F6E48	B0DACB726BE07AAC00B95F7135867A329E810821	180CF1B8BBF1649721299E68E021D720D973E4B2704E02F14E19ADD5F3B7C4A2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF29a04.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a3c8.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c0b6.TMP (copy)	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	8B7CCBAE5FB8F1D3FDB331AED0833FB0	7924CE8D7CF818F1132F1C8A047FBEEF13F18877	8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)	JSON data	8CDB9D2D4AE1F60A7F505BB45426916C	AB8325F0AB30CEF00FC3FF3FB1B0EE6A0FD8D170	FFA10361A4E2B2146F95EE3D3CC0785507021A1585A6F09544F3E2B90DB68314
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30f05.TMP (copy)	JSON data	8CDB9D2D4AE1F60A7F505BB45426916C	AB8325F0AB30CEF00FC3FF3FB1B0EE6A0FD8D170	FFA10361A4E2B2146F95EE3D3CC0785507021A1585A6F09544F3E2B90DB68314
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF338d4.TMP (copy)	JSON data	8CDB9D2D4AE1F60A7F505BB45426916C	AB8325F0AB30CEF00FC3FF3FB1B0EE6A0FD8D170	FFA10361A4E2B2146F95EE3D3CC0785507021A1585A6F09544F3E2B90DB68314
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF397fb.TMP (copy)	JSON data	8CDB9D2D4AE1F60A7F505BB45426916C	AB8325F0AB30CEF00FC3FF3FB1B0EE6A0FD8D170	FFA10361A4E2B2146F95EE3D3CC0785507021A1585A6F09544F3E2B90DB68314
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps	JSON data	2B432FEF211C69C745ACA86DE4F8E4AB	4B92DA8D4C0188CF2409500ADCD2200444A82FCC	42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)	JSON data	F99AE01F051E938DFE190FC22C5B56D1	577A66917E9B5B0FBEE25B9F9F34FF7453407015	D4C5AF2386CFF11582C9FB659666EEF8B1894DCF5ADB751D098185F6A0CAC719
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2f524.TMP (copy)	JSON data	F99AE01F051E938DFE190FC22C5B56D1	577A66917E9B5B0FBEE25B9F9F34FF7453407015	D4C5AF2386CFF11582C9FB659666EEF8B1894DCF5ADB751D098185F6A0CAC719
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log	data	22B21EF1C867F920688AD23503CC59B3	2A7D083F7C8E2FEA6851D13A3FCB1F37A87D3E8D	7867C6DEC8A5FD95B544F7590EB8257CAD3F7E13E15A938EAA76F04966122C33
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG	ASCII text	ED3897BBCC05D5BD97A9B866400216EA	A06E4A05309D5D838FF214AAE98D5AD4EB12E2DE	C415BE09A31F2B076B9313185D98D2029DD46EFE1F972F3CD4DBA62A1CD59480
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	ED3897BBCC05D5BD97A9B866400216EA	A06E4A05309D5D838FF214AAE98D5AD4EB12E2DE	C415BE09A31F2B076B9313185D98D2029DD46EFE1F972F3CD4DBA62A1CD59480
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369442966520044	data	B43DC584019132FA3FEFD27E094A52F3	BD2436AF23672E1E81E7FBD680C18B4FFAAD6FDE	0C48FEC6B253C1B4F8DFE1BEBA281E19848455A1CD1C0B73120AB09E8BE04380
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1	B35F740AA7FFEA282E525838EABFE0A6	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG	ASCII text	67282FF51CE21C28D7F1EFED92357A68	BF661DC5757EE48DE6B5A77F472AF0E95CC3AF09	EB7461B55FD553F8A719595AC747FFD38A303F3B405E5029DCA2B58586B0FE07
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)	ASCII text	67282FF51CE21C28D7F1EFED92357A68	BF661DC5757EE48DE6B5A77F472AF0E95CC3AF09	EB7461B55FD553F8A719595AC747FFD38A303F3B405E5029DCA2B58586B0FE07
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	F8D4EAA0DC4D926CE284B587EADDC6C7	ABEFF4A180347BC4D828D454BFA1A19EEC81AE0C	1E6D36D2C8CC0876122A81207026FC821BEDAF408DB1E4A1FA3647529E2121F5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	3710A86C555F59214C9B761CDD0BAD28	3D2D12FC82F9E22ACC11C8E2079AA05392BAF2BD	7BB4DB1D34D19A8E0377C339B6A76363418CDCEE0D9A916331A93B5CD71476B5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG	ASCII text	7A91709197920D1AF5564983F61B3E1A	19FB7684624A5775DAE415087F7CE0548A8D88D9	FE2EE24BC0E7D03AC13CB0B50C6C21914D005F661E226BA5C45F46EC62755984
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	7A91709197920D1AF5564983F61B3E1A	19FB7684624A5775DAE415087F7CE0548A8D88D9	FE2EE24BC0E7D03AC13CB0B50C6C21914D005F661E226BA5C45F46EC62755984
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\056dbc25-413d-47ae-897c-f311931f7b1a.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\29a92f43-db54-4d4e-8a6a-0dfd2629f55e.tmp	JSON data	285252A2F6327D41EAB203DC2F402C67	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9884abcd-ab78-4d7c-b6e1-d02d5e684b5e.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b910.TMP (copy)	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4	0247E46DE79B6CD1BF08CAF7782F7793	B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6	AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2a3c8.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c888f010-b723-4b41-a9c3-9e8d7e8817af.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG	ASCII text	2577722C49719685073A094215672E0F	18DCF7A8DAA4A28F5C61B5E6AE785E3FFE728083	6E6C29B0C8EBBCBC345816D82BE6A36D49DC038E0004F09B60B38099D7AD4923
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)	ASCII text	2577722C49719685073A094215672E0F	18DCF7A8DAA4A28F5C61B5E6AE785E3FFE728083	6E6C29B0C8EBBCBC345816D82BE6A36D49DC038E0004F09B60B38099D7AD4923
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	EDB1D31FC6F01ECAF570D238702827ED	40477BEB9DF335E6268566338C6D5587AD742681	A309AE135473E922D2C99A7754325C3A0C53AEDF5EFC9497F37D8B3656F59F85
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	EDB1D31FC6F01ECAF570D238702827ED	40477BEB9DF335E6268566338C6D5587AD742681	A309AE135473E922D2C99A7754325C3A0C53AEDF5EFC9497F37D8B3656F59F85
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2	04F8B790DF73BD7CD01238F4681C3F44	DF12D0A21935FC01B36A24BF72AB9640FEBB2077	96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links	data	89577CACDC15C30D43F7D5079C6C87D7	4B176BA300FAD67717A01514FB1F7A569DE20FC6	20EA55820E3E556378F1B62DEC6CAA78B22C52E1C1E6F66D7600956456C15843
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5	9F2DF3CC2D5B08AC393A0255F88A6F71	6C001C47388169E247191AF79CB96BE1AD6FF13E	1BDC12368CEEDD58EE5B2B865D7211D55FE804764FE5491A9F9DCE1C43474352
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10	AA9965434F66985F0979719F3035C6E1	39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4	F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1	981F351994975A68A0DD3ECE5E889FD0	080D3386290A14A68FCE07709A572AF98097C52D	3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a4bfe118-19a1-47fc-a3db-4c16fdf3c50f.tmp	JSON data	D439B1D8E7CE70283A4F23BCA37CACF3	95AF209754310797FB5C9CB11413C9F4FAF83BAA	BB14C54FB6DE3C0D59DF5D19605D379F7077A6DA88B4FDDF3AB59F4CA0DCA27A
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json	ASCII text, with very long lines (3951), with CRLF line terminators	07301A857C41B5854E6F84CA00B81EA0	7441FC1018508FF4F3DBAA139A21634C08ED979C	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c844c987-8e8b-418a-a74b-a256034525c4.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d8c2c63a-c24e-4db9-935e-caeaaeba12dd.tmp	JSON data	29CBBD79432A9B8EB2E6C7D40BD6B260	07FFB318B5260E40BFA736AC6B82E3102E51117E	A1B000C04BDC0C8F79F7E6D9B20136EDC68168FF2F43D700EE13FE2CDC61FD4E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\daadd6e8-2efd-413e-ac4a-1c8f78822b4e.tmp	JSON data	8CDB9D2D4AE1F60A7F505BB45426916C	AB8325F0AB30CEF00FC3FF3FB1B0EE6A0FD8D170	FFA10361A4E2B2146F95EE3D3CC0785507021A1585A6F09544F3E2B90DB68314
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1	98643AF1CA5C0FE03CE8C687189CE56B	ECADBA79A364D72354C658FD6EA3D5CF938F686B	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dd63393f-be1c-4e04-81bf-1050acc4a28c.tmp	ASCII text, with very long lines (1597), with CRLF line terminators	3D8183370B5E2A9D11D43EBEF474B305	155AB0A46E019E834FA556F3D818399BFF02162B	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2	D2CCDC36225684AAE8FA563AFEDB14E7	3759649035F23004A4C30A14C5F0B54191BEBF80	080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm	data	B7C14EC6110FA820CA6B65F5AEC85911	608EEB7488042453C9CA40F7E1398FC1A270F3F4	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log	data	08D371D34FB37082F6ED74E633D43FF4	9BD8604CBBD0257DB93114084590FA579308689B	343522A1E10ABA3AFB8A2B67455F784210ECD53633DD03883028827F9485F7A7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG	ASCII text	773C9E67B0F9172D15A94502E54D7D07	5BE5EA0829D3AD7C638201C5503D1467DAD7B01F	FF26446C3475789408EC8210D4223440143C838ABBCA8FD00C6752F89E30A420
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log	data	AD15D72AA4792C14DDD002CED70E8245	30D0E75166FDA7126A73480EE3222C193231B579	17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	9822D6FC78E515F531E1A58FDB596CE3	10D17F842EC957656AE2DF3A51BD9D1BE194D277	81EEAFCB6C9AC7C0317EDAD8E35CFC7458BEF7BFB60DC53B70FCF418864EB62F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	F97CBB997068B4A7FEE9D2D439CC2AF7	F4C300010C59FDC7C32F17D920252A67BFB4098C	FDE227C4F9C6245A9ECF0A7931EB5BBF5A65F1AEF7DFB09028ADFA2751FABC09
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	F847319D7F9856B576255C802EFAE2C8	214DE663086FB237ED719E3401C18EC5E3A1F8E9	D675395103BA27779A905EF0BF268FFC6777595A2345CD6CD1410642BC9E48A6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser	data	A397E5983D4A1619E36143B4D804B870	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28449.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28468.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF286d9.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28718.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2adba.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cedf.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cf3d.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cf4c.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2eebb.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2eeda.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF397ad.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3becd.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f57d.TMP (copy)	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	E93ACF0820CA08E5A5D2D159729F70E3	2C1A4D4924B9AEC1A796F108607404B000877C5D	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	E96739101DD00E183048E7E69FC1FBDC	B709B8515071CBDBDC6689A86E2E5C41AEAB232C	7DF1BF8AD1784E9FCCFFD8135C06BD30B2AA0EC0F933708E2E5DEC7E0663890A
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris	ASCII text, with no line terminators	7BAAFE811F480ACFCCCEE0D744355C79	24B89AE82313084BB8BBEB9AD98A550F41DF7B27	D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings	ASCII text, with no line terminators	5692162977B015E31D5F35F50EFAB9CF	705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D	42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0	JSON data	BDE38FAE28EC415384B8CFE052306D6C	3019740AF622B58D573C00BF5C98DD77F3FBB5CD	1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris	ASCII text, with no line terminators	3F90757B200B52DCF5FDAC696EFD3D60	569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77	1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations	JSON data	03B6D5E81A4DC4D4E6C27BE1E932B9D9	3C5EF0615314BDB136AB57C90359F1839BDD5C93	73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\adee9b7f-c207-47c5-a891-dec35b904e3b.tmp	JSON data	8803C9CD319759FB9984BCAC98325963	3A88F43532205A1294343E9C80C1D4761AD2D23A	F48DBBBAF2454168D2FFDD021B28822A59342161EEAA67A8D6586373AE538B01
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\aef466a1-901c-4a7b-991e-c2f274cbe14a.tmp	JSON data	164C7ACD401259F08BD85EFACA3126EF	26BC9A08F9434F3FB491F5A30D2F89BB4DF6D873	490C7833711D2BD7C9E5C999487A9A89D07DEEF6E5BB141805F10787E729150E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f28b3fb2-959f-47d0-9a78-78b3955b30ed.tmp	JSON data	A5E1A2825930D4738A46C27FC79795E8	3D5A8FC103F6488C7DD66096931C95953D5DE913	20C0E0FBD26E512B474FB1CDAD3020C72E05B526D7AB789EE2932454C1225157
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fd7c0032-8cf9-450c-8024-95a41dd7610e.tmp	JSON data	E39429E6851CBE48882DD3D5298A50FD	D42EBE3493FFBBBB6265F5A5373B1814AC2FD03B	2688339EC09755B7A348D3EB5C46E2693B791C90730AD9429C5C6C05EA271E10
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres	data	AFDA0D5291F19F45E97CE4CF88E65B0B	173369E198E07119FE038AEA8D66EECD85D6B237	38ED08214627CB755A0463E58A7EBF3301BD2B91FFF524055CB9FB3A4B5E37A0
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres	data	7ECB3DAB25DFA57FE6E6062FF8C6589C	0B594DA619F10B7A83A2201745ABC418E131534F	C00211E93CC2BA456D8403D927BBB797B89C00B78C72B754CC7E0FFBEF4F972F
C:\Users\user\AppData\Local\Temp\0c9a2e5a-1088-4e3a-8e65-64e6a3b86723.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\203df2ec-3003-4f41-97ed-0d50fc2537bf.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\47b686aa-98d2-4cde-9c91-6ba9040b42c7.tmp	Google Chrome extension, version 3	83EF25FBEE6866A64F09323BFE1536E0	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
C:\Users\user\AppData\Local\Temp\748c948b-92b9-49f7-be0b-966992abc3f7.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\9e94c10a-6eb6-481c-a479-4ed00c8faffe.tmp	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3	788DF0376CE061534448AA17288FEA95	C3B9285574587B3D1950EE4A8D64145E93842AEB	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
C:\Users\user\AppData\Local\Temp\cv_debug.log	JSON data	D7802FE4030D18AC68906E2FBAC3C648	C9D3D45A7FCBB2BFAAFDCF376D62705E4C6C9725	666B0EF5657F709FB83442BDB68CA910FD367265B38B874AAD723EA90835103C
C:\Users\user\AppData\Local\Temp\fb3b5663-6e89-4e6a-923b-7a3b6754bb94.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902	24439F0E82F6A60E541FB2697F02043F	E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F	B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\47b686aa-98d2-4cde-9c91-6ba9040b42c7.tmp	Google Chrome extension, version 3	83EF25FBEE6866A64F09323BFE1536E0	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	913064ADAAA4C4FA2A9D011B66B33183	99EA751AC2597A080706C690612AEEEE43161FC1	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\af\messages.json	JSON data	12403EBCCE3AE8287A9E823C0256D205	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\am\messages.json	JSON data	9721EBCE89EC51EB2BAEB4159E2E4D8C	58979859B28513608626B563138097DC19236F1F	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ar\messages.json	JSON data	3EC93EA8F8422FDA079F8E5B3F386A73	24640131CCFB21D9BC3373C0661DA02D50350C15	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\az\messages.json	JSON data	9A798FD298008074E59ECC253E2F2933	1E93DA985E880F3D3350FC94F5CCC498EFC8C813	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\be\messages.json	JSON data	68884DFDA320B85F9FC5244C2DD00568	FD9C01E03320560CBBB91DC3D1917C96D792A549	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\bg\messages.json	JSON data	2E6423F38E148AC5A5A041B1D5989CC0	88966FFE39510C06CD9F710DFAC8545672FFDCEB	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\bn\messages.json	JSON data	651375C6AF22E2BCD228347A45E3C2C9	109AC3A912326171D77869854D7300385F6E628C	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ca\messages.json	JSON data	D177261FFE5F8AB4B3796D26835F8331	4BE708E2FFE0F018AC183003B74353AD646C1657	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\cs\messages.json	JSON data	CCB00C63E4814F7C46B06E4A142F2DE9	860936B2A500CE09498B07A457E0CCA6B69C5C23	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\cy\messages.json	JSON data	A86407C6F20818972B80B9384ACFBBED	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\da\messages.json	JSON data	B922F7FD0E8CCAC31B411FC26542C5BA	2D25E153983E311E44A3A348B7D97AF9AAD21A30	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\de\messages.json	JSON data	D116453277CC860D196887CEC6432FFE	0AE00288FDE696795CC62FD36EABC507AB6F4EA4	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\el\messages.json	JSON data	9ABA4337C670C6349BA38FDDC27C2106	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\en\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\en_CA\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\en_GB\messages.json	JSON data	3734D498FB377CF5E4E2508B8131C0FA	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\en_US\messages.json	JSON data	578215FBB8C12CB7E6CD73FBD16EC994	9471D71FA6D82CE1863B74E24237AD4FD9477187	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\es\messages.json	JSON data	F61916A206AC0E971CDCB63B29E580E3	994B8C985DC1E161655D6E553146FB84D0030619	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\es_419\messages.json	JSON data	535331F8FB98894877811B14994FEA9D	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\et\messages.json	JSON data	64204786E7A7C1ED9C241F1C59B81007	586528E87CD670249A44FB9C54B1796E40CDB794	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\eu\messages.json	JSON data	29A1DA4ACB4C9D04F080BB101E204E93	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\fa\messages.json	JSON data	097F3BA8DE41A0AAF436C783DCFE7EF3	986B8CABD794E08C7AD41F0F35C93E4824AC84DF	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\fi\messages.json	JSON data	B38CBD6C2C5BFAA6EE252D573A0B12A1	2E490D5A4942D2455C3E751F96BD9960F93C4B60	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\fil\messages.json	JSON data	FCEA43D62605860FFF41BE26BAD80169	F25C2CE893D65666CC46EA267E3D1AA080A25F5B	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\fr\messages.json	JSON data	A58C0EEBD5DC6BB5D91DAF923BD3A2AA	F169870EEED333363950D0BCD5A46D712231E2AE	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\fr_CA\messages.json	JSON data	6CAC04BDCC09034981B4AB567B00C296	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\gl\messages.json	JSON data	6BAAFEE2F718BEFBC7CD58A04CCC6C92	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\gu\messages.json	JSON data	BC7E1D09028B085B74CB4E04D8A90814	E28B2919F000B41B41209E56B7BF3A4448456CFE	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\hi\messages.json	JSON data	98A7FC3E2E05AFFFC1CFE4A029F47476	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\hr\messages.json	JSON data	25CDFF9D60C5FC4740A48EF9804BF5C7	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\hu\messages.json	JSON data	8930A51E3ACE3DD897C9E61A2AEA1D02	4108506500C68C054BA03310C49FA5B8EE246EA4	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\hy\messages.json	JSON data	55DE859AD778E0AA9D950EF505B29DA9	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\id\messages.json	JSON data	34D6EE258AF9429465AE6A078C2FB1F5	612CAE151984449A4346A66C0A0DF4235D64D932	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\is\messages.json	JSON data	1F565FB1C549B18AF8BBFED8DECD5D94	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\it\messages.json	JSON data	0D82B734EF045D5FE7AA680B6A12E711	BD04F181E4EE09F02CD53161DCABCEF902423092	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\iw\messages.json	JSON data	26B1533C0852EE4661EC1A27BD87D6BF	18234E3ABAF702DF9330552780C2F33B83A1188A	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ja\messages.json	JSON data	15EC1963FC113D4AD6E7E59AE5DE7C0A	4017FC6D8B302335469091B91D063B07C9E12109	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ka\messages.json	JSON data	83F81D30913DC4344573D7A58BD20D85	5AD0E91EA18045232A8F9DF1627007FE506A70E0	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\kk\messages.json	JSON data	2D94A58795F7B1E6E43C9656A147AD3C	E377DB505C6924B6BFC9D73DC7C02610062F674E	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\km\messages.json	JSON data	B3699C20A94776A5C2F90AEF6EB0DAD9	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\kn\messages.json	JSON data	8E16966E815C3C274EEB8492B1EA6648	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ko\messages.json	JSON data	F3E59EEEB007144EA26306C20E04C292	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\lo\messages.json	JSON data	E20D6C27840B406555E2F5091B118FC5	0DCECC1A58CEB4936E255A64A2830956BFA6EC14	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\lt\messages.json	JSON data	970544AB4622701FFDF66DC556847652	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\lv\messages.json	JSON data	A568A58817375590007D1B8ABCAEBF82	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ml\messages.json	JSON data	4717EFE4651F94EFF6ACB6653E868D1A	B8A7703152767FBE1819808876D09D9CC1C44450	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\mn\messages.json	JSON data	83E7A14B7FC60D4C66BF313C8A2BEF0B	1CCF1D79CDED5D65439266DB58480089CC110B18	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\mr\messages.json	JSON data	3B98C4ED8874A160C3789FEAD5553CFA	5550D0EC548335293D962AAA96B6443DD8ABB9F6	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ms\messages.json	JSON data	7D273824B1E22426C033FF5D8D7162B7	EADBE9DBE5519BD60458B3551BDFC36A10049DD1	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\my\messages.json	JSON data	342335A22F1886B8BC92008597326B24	2CB04F892E430DCD7705C02BF0A8619354515513	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ne\messages.json	JSON data	B1083DA5EC718D1F2F093BD3D1FB4F37	74B6F050D918448396642765DEF1AD5390AB5282	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\nl\messages.json	JSON data	32DF72F14BE59A9BC9777113A8B21DE6	2A8D9B9A998453144307DD0B700A76E783062AD0	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\no\messages.json	JSON data	A1744B0F53CCF889955B95108367F9C8	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\pa\messages.json	JSON data	97F769F51B83D35C260D1F8CFD7990AF	0D59A76564B0AEE31D0A074305905472F740CECA	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\pl\messages.json	JSON data	B8D55E4E3B9619784AECA61BA15C9C0F	B4A9C9885FBEB78635957296FDDD12579FEFA033	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\pt_BR\messages.json	JSON data	608551F7026E6BA8C0CF85D9AC11F8E3	87B017B2D4DA17E322AF6384F82B57B807628617	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\pt_PT\messages.json	JSON data	0963F2F3641A62A78B02825F6FA3941C	7E6972BEAB3D18E49857079A24FB9336BC4D2D48	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ro\messages.json	JSON data	BED8332AB788098D276B448EC2B33351	6084124A2B32F386967DA980CBE79DD86742859E	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ru\messages.json	JSON data	51D34FE303D0C90EE409A2397FCA437D	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\si\messages.json	JSON data	B8A4FD612534A171A9A03C1984BB4BDD	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\sk\messages.json	JSON data	8E55817BF7A87052F11FE554A61C52D5	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\sl\messages.json	JSON data	BFAEFEFF32813DF91C56B71B79EC2AF4	F8EDA2B632610972B581724D6B2F9782AC37377B	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\sr\messages.json	JSON data	7F5F8933D2D078618496C67526A2B066	B7050E3EFA4D39548577CF47CB119FA0E246B7A4	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\sv\messages.json	JSON data	90D8FB448CE9C0B9BA3D07FB8DE6D7EE	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\sw\messages.json	JSON data	D0579209686889E079D87C23817EDDD5	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ta\messages.json	JSON data	DCC0D1725AEAEAAF1690EF8053529601	BB9D31859469760AC93E84B70B57909DCC02EA65	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\te\messages.json	JSON data	385E65EF723F1C4018EEE6E4E56BC03F	0CEA195638A403FD99BAEF88A360BD746C21DF42	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\th\messages.json	JSON data	64077E3D186E585A8BEA86FF415AA19D	73A861AC810DABB4CE63AD052E6E1834F8CA0E65	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\tr\messages.json	JSON data	76B59AAACC7B469792694CF3855D3F4C	7C04A2C1C808FA57057A4CCEEE66855251A3C231	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\uk\messages.json	JSON data	970963C25C2CEF16BB6F60952E103105	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\ur\messages.json	JSON data	8B4DF6A9281333341C939C244DDB7648	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\vi\messages.json	JSON data	773A3B9E708D052D6CBAA6D55C8A5438	5617235844595D5C73961A2C0A4AC66D8EA5F90F	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\zh_CN\messages.json	JSON data	3E76788E17E62FB49FB5ED5F4E7A3DCE	6904FFA0D13D45496F126E58C886C35366EFCC11	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\zh_HK\messages.json	JSON data	524E1B2A370D0E71342D05DDE3D3E774	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\zh_TW\messages.json	JSON data	0E60627ACFD18F44D4DF469D8DCE6D30	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_locales\zu\messages.json	JSON data	71F916A64F98B6D1B5D1F62D297FDEC1	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\_metadata\verified_contents.json	JSON data	BE5DB35513DDEF454CE3502B6418B9B4	C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1	C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\dasherSettingSchema.json	JSON data	4EC1DF2DA46182103D2FFC3B92D20CA5	FB9D1BA3710CF31A87165317C6EDC110E98994CE	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\manifest.json	JSON data	10FF8E5B674311683D27CE1879384954	9C269C14E067BB86642EB9F4816D75CF1B9B9158	17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\offscreendocument.html	HTML document, ASCII text	B747B5922A0BC74BBF0A9BC59DF7685F	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\offscreendocument_main.js	ASCII text, with very long lines (4369)	09AF2D8CFA8BF1078101DA78D09C4174	F2369551E2CDD86258062BEB0729EE4D93FCA050	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\page_embed_script.js	ASCII text	3AB0CD0F493B1B185B42AD38AE2DD572	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1268502113\CRX_INSTALL\service_worker_bin_prod.js	ASCII text, with very long lines (4369)	EA946F110850F17E637B15CF22B82837	8D27C963E76E3D2F5B8634EE66706F95F000FCAF	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1405754002\748c948b-92b9-49f7-be0b-966992abc3f7.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1405754002\CRX_INSTALL\_metadata\verified_contents.json	JSON data	738E757B92939B24CDBBD0EFC2601315	77058CBAFA625AAFBEA867052136C11AD3332143	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1405754002\CRX_INSTALL\content.js	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators	3D20584F7F6C8EAC79E17CCA4207FB79	3C16DCC27AE52431C8CDD92FBAAB0341524D3092	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1405754002\CRX_INSTALL\content_new.js	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators	3DE1E7D989C232FC1B58F4E32DE15D64	42B152EA7E7F31A964914F344543B8BF14B5F558	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
C:\Users\user\AppData\Local\Temp\scoped_dir3168_1405754002\CRX_INSTALL\manifest.json	JSON data	E805E9E69FD6ECDCA65136957B1FB3BE	2356F60884130C86A45D4B232A26062C7830E622	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A

ID:	1501457
Product:	CloudBasic
Start time:	00:08:35
Start date:	30.08.2024
Sample:	close_790189870c9543725dc3f5a15fb25e46[2].svg
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	40eb39126300b56bf66c20ee75b54093
SHA1:	83678d94097257eb474713dec49e8094f49d2e2a
SHA256:	765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4

Windows Analysis Report
close_790189870c9543725dc3f5a15fb25e46[2].svg

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report close_790189870c9543725dc3f5a15fb25e46[2].svg

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
close_790189870c9543725dc3f5a15fb25e46[2].svg