hxxps://bbs[.]mikocon[.]com/thread-28638-1-1[.]html

Resubmissions

19/02/2024, 22:28

240219-2dvh6sfb68 1

Analysis

max time kernel
1282s
max time network
1285s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bbs.mikocon.com/thread-28638-1-1.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RJ194384_trial.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
1152	msedge.exe
1152	msedge.exe
2504	identity_helper.exe
2504	identity_helper.exe
1480	msedge.exe
1480	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
484	Game.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3800	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3800	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3020	Game.exe
4060	Game.exe
484	Game.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2272	1152	msedge.exe	50
PID 1152 wrote to memory of 2272	1152	msedge.exe	50
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 3148	1152	msedge.exe	81
PID 1152 wrote to memory of 4192	1152	msedge.exe	79
PID 1152 wrote to memory of 4192	1152	msedge.exe	79
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80
PID 1152 wrote to memory of 3564	1152	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bbs.mikocon.com/thread-28638-1-1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff905f83cb8,0x7ff905f83cc8,0x7ff905f83cd8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2573236163573899953,1673479514329015985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4724

C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe
"C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe
"C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4060

C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe
"C:\Users\Admin\Downloads\RJ194384_trial\SchoolRPG_DLtk\Game.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7d4bdd41d7150644a9fecac756bd5298

SHA1
cc6bd77ecef146f18a526ab6a1167649b2bf526d

SHA256
ae1f95fd0cac26454941f0578d73b695849ce52ab2ef95eccbb63853cf9103ce

SHA512
ba873b94e850c6fa0de096961380265ec833778854612e938ace2c4c1772423793d0d22a585533180328478cc23aef6971be56eee2256405636f80076ed2c796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73483367-57ab-4996-bb4b-23d615214418.tmp

Filesize
5KB

MD5
75e39879681f521b43e3f16540d2dae5

SHA1
c30e8c7cbfe6ed9bd1c97fb10a6e0f6f39802e2e

SHA256
9dbf70d4d125a44fd63227950ffab263fcc78c1823d961d80cc92715a70542ac

SHA512
15ba2f45c60a214e3b35fa6c05d16902e347c299ff29815e58d3b7b5222a2321d9f9073072e65fb8720d97434b821c12ddd29ff7eb0bd83268f04f8167c84dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
101KB

MD5
dec3752dc56e164ad379b1dec17e64f1

SHA1
6fd5d0e4da247e859ed2513445708a6473a8cb3b

SHA256
887f1f6347af8544b36d268a8a43d62f960d735b546c3523cdb257c3dcba98e1

SHA512
83e595d4d72259992ae436176d8c361c4604744f19aec43bd7e70d26c96dff89d5b8484216625305bdbe6c6ea52fc8f8c3be5542f687823f956ec371f532d00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
28KB

MD5
049b4990a0e978330284e7beca44c6ee

SHA1
55a01945e4ebdba6e8882d53d5fca48f2e58a37f

SHA256
dee6461cd5bb30c32bf178d07aab75d9862646b2911926763fd484804392d367

SHA512
c38dcb7cb9c5455018a41ec810b9af91c473e475b79df6e2122d4ce7f6d2c866cc979a097f7ba5613d528f34cb50432ee40e3de8a67f014cecfc91681b1ed3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
168KB

MD5
b38c3e8a266a65539f979b41ecc30dba

SHA1
b9ca8cd52cc37bc2683148ab14ea94434cabea44

SHA256
f774dba4cbecb085a305fceec0ded5480e68d3013f275ec58b7c509cfc15acc4

SHA512
e2cada30f94493220f3be4b61f055b5738b064b5cd92ec4d92077ba1b11e6bc883637bec12ad2f7801e06488fb38ee1a4023575be3e352ee5a31ebb1d86fac7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
387KB

MD5
ff196fa9fa3f2b22008213d6985b24dc

SHA1
f29f330a333716df63658ace4cd8a97813c27404

SHA256
f4afa0b67212ed62fe220e6b19b8318715abe7ff80ece939924baaeaa8e80ff6

SHA512
460b9b0d2c6e4456c993855e73a33f720c3a98355a73b2091d734386bde01fe215fada5e621997322b20d8175f447866981770ac2b256e02ae4463f6603056e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
63KB

MD5
441260f02d3b72ddae9dd7c5a139c32e

SHA1
0287e231cc4e64ae3090e0ab4f41f7f8148740b3

SHA256
90aa0d4e60cb5ff3f6e3d9375f15cf6f24ff9290d2ed4449505609a3beb41dd1

SHA512
cdd38bcc812ca187ad307fb888059d2a68786bccc8755eeb8c1f8b859f194a73f442e484eac4b6e3285be744768b53ecf817b416244fcfd4b4f8db5af31e436c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
74KB

MD5
8e831c90babc06d12e9c3f0d1ffe1754

SHA1
d052191ba087fc50429671a2d03b406a063eb5e0

SHA256
5b8795b54d160c8cd4e629b4d2b134960efb93a536caf2b130bac3f45bd6bb8e

SHA512
782675f05f7fbc92ba55be72fbc32a0d9d02b4412f83159f91a268ff35c24016cc43319cde7d861261bdfeed652b22a219960d2174ad024df82f3c9dc20e6c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
21KB

MD5
0628e8802423f21656408ccb185cbfa3

SHA1
09bd0d8904ad6129775725f022eed1412197b0a2

SHA256
352de9fbfd5d8b8c36a9f0a703b48b0ec0c0b7e33de455fbfa926d37fd50da06

SHA512
dce3d749a84328d7fe194d9508e8cb66e4340df46e818026405204fd5320a045c5efa3e56e6fa282d93dd744bef57cc080cf8c2d5a28607bddb62c62e4ee7f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
31KB

MD5
71dbae2077145d30fd330a8a2135e30e

SHA1
62293f138ae312bbf6e4b910cc97f55a7bbd6564

SHA256
3a9e5d2155dac1649825b559846d395a84be1820d319720c314b79c689afbed3

SHA512
0ac78713c0a13012b2dc3af98708173137e792cb50c655a7e577560614b59062c3b8ea2a14bf954f85ce578a820d7f8f28269ec3f43a1b03e27b6df4842c1656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
16KB

MD5
5fa40e5f7628b66f4d2f81b2a618cab6

SHA1
594fc741f5cd88cb1dfc404b3eba0a6c29f3e580

SHA256
ce4c4b716520ff79557f778dead4ab321f6ae5e55ea02fe18c7d0a6a21d2b19f

SHA512
77957a1e8847edfac92c0518b579a318601bdec227f4572ef0fad277f366a5d055335e2d9e5d310d2dcaca60e66ce8fdaceeba1b26340b53a67620afabea2bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
74KB

MD5
e01b2b45a7609bf3ad7337cd6a2354b1

SHA1
64ad9380a9169ff2a7e6b3bb3614a3a82a9aa323

SHA256
76da2f379284a4b53d4dd0cd77030720105825fc171a43378b44afef580195ef

SHA512
24def6e537e30f364f231ed2302030cd5adf93f5f82ae83595a8ff2dd5f58088db0a819104bc54f76ad601ed348608e37be176f7c6e3c6176f502701bb94d5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
55KB

MD5
e7dbce02ad6599084fe266d48294854e

SHA1
5c755ea9e27dac93e3c5b7ad501571c186631e8d

SHA256
09e88b8252b268138adf8c7a0123d44608f31164e3e18af63f17adcac21fc6a3

SHA512
a0abe0aec37a3ac26b09d43f6785016e0021c2b02083e8071aa4f130b7f8e17ff03feea9af7667d0251eaf54fffab794712d0a2148d88ba9e9f41d9213d5374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
185KB

MD5
3d8af27a47bbfab857f96dbcf710b087

SHA1
3f266d48ba7a519e0da14423ea750d70850b416d

SHA256
dbbe0d8ca25eef4edbbd3248feb22f8f9cc20ded608cd3e5c410f27bf7e97f92

SHA512
ee770ab64634fde271951afd6da7e40b819f3a95e9e0a9834f3d0c6a761f5fc3cbbff504619f76d404efdecbf339c192963b90f225a1dd289d4502975f340077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
169KB

MD5
3e332211899360ab9380df4d50e1c33a

SHA1
a4c6413bb7f7549b4fa37f22829e4d09f9de6817

SHA256
58f76b0b684536fbea8ae9ae7177607e81a261407916e9a86e063b02948e9adc

SHA512
697a1a3c6517f93d280d47ec93871aadb9e0d6576d2966ed2a296f2764d9b2bfd39a4b4854c6fa445965545dda72a4656de96ca3f8497c041749791c0f3c682e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
75KB

MD5
7c0be8b6640f024b6f4505161bf1bfd4

SHA1
dabac3ea728295a50c882404a7716d3e0e24c042

SHA256
485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11

SHA512
c4bd41fd2822c51385fb3fb3c082942bab7b7e05477b8a373fdb504a6e10a0bf77907c920ac875bdfa6499c10174d864eb09ef71bf45adc00b9ea5f6c5edd003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
137KB

MD5
150120b3d9b448dd116680b66eba9bbe

SHA1
cbbc03d0fdc2da1fe474f25a0bc10c702049759f

SHA256
2a2399d510fe0bb91bf136a84c8f186c5bd3a57a2aac94a39bf167850588717f

SHA512
0011eecb8aea48b8fc828ca1b58524e00f6031c639ddf370593314506da6c272e7d676fcf1b4be9f4fdaf16723462010b5702b615f26532c5dc35babd7e16e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
20KB

MD5
da17af105483262e6a9d8bfe2dbbd41f

SHA1
9c2d4fad11bfe5615d206b49b07432a21a30f3be

SHA256
007c317f9cdd1e39ee97ca67130028e715a33c47bdbc230144427bee417d8669

SHA512
2442f5a40139e92dd2fee380cef1e03c670000f5e3f9570008b87c3c9634154bf7e6967184bd791e1855fc6e977a9351f9ed9a2c8033f590e72fd0ab6d5b8934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
109KB

MD5
ce208edfbb50191bcf6d17bc619dc786

SHA1
affc6d39df759422df6569b8250dd95da22ff187

SHA256
e2a7b6254bfa792e41c8562cabbd10c06e3d3b4b908106e091763a15a2df26b9

SHA512
734d9ed609b3176df7d84345c4c6fe056be53d473df9bed46861111e1c9800c685e389fdc8477630b53bff03e1c58f6cb10cf3d41308a6246ecc3279104ea88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
107KB

MD5
9d9c8d399251ed7a6c487c2b8f364c00

SHA1
4f4e61f9ce40b64615e07fa1219ac6c742d01fdc

SHA256
89bfd287f74d08ab14799c284e0ae75f6dd73670e6079fe42c5cee5b2f06b06e

SHA512
4da40a03d9328fda067989bea78a87c7f0dcebe9e29ba9881db1d53d30c3951e9166b0beb60c8bc1d842daba159762ed40286b09d4b6963c4affe7b005c4075a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
74KB

MD5
f8a356167b216190baa6e07307e2a030

SHA1
bf66ba263fd90acd8f1ab784a0564e892e4fc756

SHA256
a358602142bde1695347c9f4eb4a5aab6ac2a0bef88caa2f5f241c3e3dddc632

SHA512
a64f13ea85aa53206dd26c7731b54754452767cd35d1d3ecce19b29d8c8fac12a536689dcaa5fd8f51ffc2c5334de34eac8ac53455b2c86f2550e3ef2b57ae56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2dc671ed916d318_0

Filesize
305KB

MD5
83c0365d3827d3cdc81bf133fad595c5

SHA1
6f9eaa9d2bf63ab98c2c1c895771fb757a1d79d1

SHA256
a5976db92c56ea6ad08d0b368f3a8ecea6e6e3178c22527526ad65e0300be960

SHA512
28b82172c0246027fa7d3927db0e857ead7d5be08ea8803b1ab620432a9660a5032cfc9cfb6e27ede991b0cfff1032e9a0daee2be0ea71ab7a7280e4e33bd114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0b5b122506b2358_0

Filesize
289B

MD5
34d5e0c821fade01603ffc14483805b4

SHA1
e5e649c2f3f863c34f334b8859e3539d09249659

SHA256
ce76cf2e0ec9882ffce637cfa684e81e71b2bae593c4d2f2cb4046d42d114389

SHA512
95cf32f09bf91725281917a86bfb31ba86ec787a92ec01177dba80ae0a016dc5258a2ccb175c4ed5d15dc3bb9b010d888029e1e4b836be03a4b081dc1350582d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
696B

MD5
c306d9e2cb63a72a0e9f2f4e6a79d532

SHA1
45977f2c7d00bc011943714fa6b96ea5d60d09c4

SHA256
7fc2729a99211654f8abdad79f48edb654c8c287f156db20fee2c8a7c7b83cc3

SHA512
e929b2c13bcacc71a508b8d595047f142b4036a9b5f74def51de356e604381cce21c779b2c36ad3ccc565af01e7a7d87928bf379be001327f20728499e13bfeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
952eba9f93e5e7030809a405e3c378dc

SHA1
d1058b78c018a70c3c7416e006be1bd735a48924

SHA256
57259bd65cbdb9b4895c21c76dd467b5e95645932abcea6a5db0150d272db1d1

SHA512
9c6e3606260bc7b0314910948089adf8d12347ec97c444b856e8fa0aaaafef415244cac2f9aac485507188e5f64a0848149425ea168c2d6a16b5a463ac05d682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e92e7081098f2c33f06de5cd3bcf58fe

SHA1
81679e94a70df8b68d8897f0cfc14c5745c32718

SHA256
e3b5c35c5123f5b36e444c204cce0522af8a7aeb7d95b95935ea5d59e4ec47a2

SHA512
ab10b3b37e0547ab17f0dd988c72022472d771d137002c97c623f43ab3da48ce69471d69a99ecd20105cbb4f7ff1beda708556ad81656d01d3755a717a2c674e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
74698777751088041195ca8287922195

SHA1
f814bf59d0a3645ccd6b50b3a7d79494053b3809

SHA256
f1432484e84f5fb095b84b571b29c4a63cc8acd5423666c9bdf24d72a2beb3b7

SHA512
d91ea8589d2f8360a109d30dbd5c491206308488a317efc8cf586229995de315db756c9b0f363eff705d17df00d4af9423dead56125b42b9cfe12102b144cf33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9825730e612d8ee0579af4b62e1931aa

SHA1
60ba1a7202701638033dc891192739033dfc7593

SHA256
859b52aa27fcd40f24d7dde39de8470eb51ad29f9e7266db95b7e972ef828c5f

SHA512
5d8ecfe6b8ddc0958f3d714b3f758b6bd7be81e11033e09a5b87d84b61d43433638da843484f0537ebab7f3b41d3dda2ff36e17f1ae04bc49bcdb3d5ace7ea96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
679c4afce0f4f9dc2a6955b3bee842ae

SHA1
d71aa44ef5f2ff832d7d296bcf68c29a00ea4b65

SHA256
333eb6faf32e2ed14788535bcbd750b68e2ddf216e094264c993219873fb5e2b

SHA512
d6d36d15c4b303cb20b440bbec5977f6c5612e3e144dd303730fbbc7b2fef3bb23b841fa9c0ff245b0e71c548838fc24a4a4b42119fcc96b3d06bde23fc53efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
dcee10d90af82d9b2f8a48312517ab5d

SHA1
ae3a339e8025886bcf8b0497e25e96ef2415ec26

SHA256
ee7c4c4bb48867f9fb94f79a448c5eaeecdf7e61d3c995812d551fd46c65c381

SHA512
0f0b8b639060db73b983ddea1849d8ba54810480c58dea23a6af8011ab05043dd035c20d7ea2cc86951db84bc78d4f059cccf9484e01f3279578c112787d9f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
38b5b440036874ae68c50b9a8d8b900c

SHA1
89b4b556cfde9d39e6acaf9a00924398480a81fb

SHA256
0a04f8e9142cc3a58190f284b3cadf4aa87c5e557bd42dc7f9c9144c0012669c

SHA512
43e7e40852b79ac4888c40cfcc5ad02cb54f6839ce2f0ee06e4578c0545318a806ec1ba50ec6275cc05f91fa100d3d304d6eaedd4c8278865dd9a235eac5e220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed2fd3a26c5fc1cca243e90c53e19ad6

SHA1
75575f3f7e946a313c75111c4568b53bd57be752

SHA256
1656515f64882c963f605595b71dc2077813d6e742d60404c3ecad8713ea58ac

SHA512
eb70a2e6906a256a2007d1667673fcbe9af387ab490b85cadb1eb2185d97e25b33f7bf8e968066f7fa3dcdef748fee2ae4b5f3678d64a42213d705a8a3a88057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
4f7e60a4820886459717dd45e3c78846

SHA1
51f7e735b39fbd3a4d86235e625252f38dc2ceb7

SHA256
9437dab16e809078b1a0b9f9523bd57407434ad4b0daa147b2ddc0c40db08b30

SHA512
7063d38865caf4ac401a461539f8cf502f3a4b41542fca15ce5c909b1a6d6c92d6afd878fddc3066da9c02ed55ec2ac4459510b000f96bad23c0746daa23a79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
950e879cead1d2b7f45dce857163b1da

SHA1
9dccd8829cccaf87d1c019a2aa93428c226b1517

SHA256
04496df4d077b767e7bd996716577b834076c080732082744ce8ff3cbc10d2d4

SHA512
b98bb0ea5550a6f2a0d6c970b6a1d2c4e42a2b339a9f3f3740dd70449ca411499e651c2c498649dd966991350cd0ebc0359318f07c839fea43eb0820da1c904e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
6ff5874c3455e229dc337c2fb8797525

SHA1
b9b7f9fc422fc91b8dd0a0a08354f0e17c3ee229

SHA256
02ac772fcfcbcc572719431cf0139b85eeededc3c37912f786cc558279a8dc7c

SHA512
d4666819cf21b238ddc2f3d641d6e3425290377827e917768cf34861a4bbdd201f911ac5289085c40f819b06c2c9ae66df7831dde5bdb011d1b10c6b5da1cf7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3fd8b184a12b7477549ba25faf0ccfb

SHA1
1ea5f1678e18e5c0624a189bd4b5b4f636b33a9a

SHA256
bb6a4c8585bb825b90191bb765e411047453f419ffe8df480b3fdda41f481269

SHA512
0947a7d3306134915ee4695058c88a886cb2d6876c2a6badbe5aada399ab7ba278f13dcb93948d6422a60425db274150704b2347b79c06032435d6418bd6826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
491a430c42466783b340150132b0a622

SHA1
b1e1f6c1a0a0b525d231b7c24a9010c8db35867d

SHA256
996303ef1d8dda29c895ce0e80ee81e38b10e8b7735ae1569cb8b261245d90a5

SHA512
ec714663fab2aab1b78cbcf1207c854b70597b1c8e500a565cf0214fb4af82410d957859ce51494125499bc30521c4189ceb1d7841078e78c5ab0cb21949cd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
44565985a199b3e781c7521f1660c4fe

SHA1
7f893599a1f38eb056996be8357c0fa5246c3ec7

SHA256
dae0bb2f72b5574c97ba28562674ad7bac0c4e861387d347d2e15ab0b93e80f7

SHA512
90744212cd8c6005e52f36276e3ba4fca6a992f87857593bcba4527b368ef0ad8d02b36b8a20968a0d91657588eb5b5c7c263ec148fe6b599b3b22c7a0533a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
46377d4c84fff073651f8ac410f530ad

SHA1
2c877657f077ffe64eb3d37a091a7c70c154ca24

SHA256
affe568b526df2e97f0fdf2372f61f387c2b64000b2a42e4fc5821be380d112a

SHA512
8cbd8bf9e799e09d4003b70959722f5c786f44afd9a51ecc86d441d5257aa5756865b9a4e0e655fc49a8296f458d30603eda4c58d14e2675f14f4a438cb72eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f36ef887e9c8b537d256e30ce05bb722

SHA1
d80af7635fa39172d995563b425717d04c4e1e3a

SHA256
b9f4127800956ee1dd1c6fc3add7dd62d4811cb8e46649948eb8b0fd19b4e108

SHA512
04d817bae8fb056190078b70a9697fdf8d1247c1441fa1de948d7e2f95e03804b2362706c05757cae01da49d9a0abe082c8cdcd85cacaccec9017f75452fef29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b72b9debf4a87072ac7c9ae305670cd

SHA1
66f665c77e16f7516dc502b409c0267f11a27d4d

SHA256
aefd768bcfbcde492782b3cc9a7ba0c1bd2adccfb6639277275627d4aa0ca8df

SHA512
8e218c87973a38381338619590c46339b242bee077648c3f86718c6ce68cd94fb93301a1deb7295fec5a8c3d5e3c280035b9b762e5a1517e033471e9177ae957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd566f51d834b6872ecfe84b32e3131b

SHA1
8160174110dfe62c3fe809b528cf5cdea786cdd6

SHA256
cf9c5e749a87e8c61e0104dd177b68bce042882a63bfe30f0b051332e5712fbd

SHA512
12af650ff97b7c2648bc4a4093caeb380af45dd5f47b92440900a47e39e8220834e0da4ccf7724be0db3b3a89345f943ffb25f5880573cd5ddf9d75d21cee5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74d1448e3c5b3d01670268348daed92a

SHA1
c4d11030ffdffb519bcfa93ca57aacef51ee7da8

SHA256
4f22acc895383e99c94cde6e511c93d6f6e93d9850b993ded2fc9489a5e04024

SHA512
d9494dcc0d49415cad6031398022e8563addf179763a450406886e02f3a6493357f411af640f21e7f4b57e8869a07bbcd14d742e5b38f508f72b8f0dc0336542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa65cf63718cc1f1bbd86d9fbbd66aad

SHA1
3ea4732ca2e54823d656a02ec20b72140a613292

SHA256
753c2f0a877716cbb2ad559d6a176cd9509b415a279d99394a8d6725254d8915

SHA512
ad99a21dec5f814063500563f79e8e171922547b3449c18b9f975a57e9246b00a758fdb578ee18f69149c0875dc5d64db50f159023636cc52d5742c1e1db61d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
20fad4d19163e7a01d6f212327c5104b

SHA1
bc9c665a34dc3d0b6839ee86e3f85cfce3540dd2

SHA256
519d18667897dacf17aa3737885bfcca50a81947581e283e0e471fc8c2b20305

SHA512
2279746ffc963512f2bef52af3bd4f4099b039313aaf7e607565538373f534fd3990deaeeb4b101034bbb645ab674cffe78f8c68e6c00d3f2354cb35383bb632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
00042df6368289238bc60caef1baa46d

SHA1
981c49ac7b10bd2a9d159daf00844110629837a9

SHA256
3ca68414527ece019ac110954726207b8a46bebe6180c2615158f7aebf6e6b1b

SHA512
8f549ecc6a1ac0cc153fe39759b8fe093af520dd94e37b8c32e7fc7e87263cc5b2bf404bff31a5960ad9fcf82dabb5a534fa07cc441ce646de2a8b532c28ff51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
6ef2538053fe573d3857cb013072b92c

SHA1
3c45cd04eda0fdf165e6bc5a981ef26a41041b22

SHA256
ec62ddca64ac8dadbb329de04cb6b93cbc97901a681ef1af3f61685aca0e796b

SHA512
02f12123dcf3eb96d54edddbded032c067431df66a7b27e061afd2690ca23b3c1af4f57c6a17c438e9b08fbd9a390c89ff7f804bcdca559af219a5a6dc9dd273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d9d10edce155e2ed918a63b9e34e084f

SHA1
691927ac7de3d8d3cb73dc212cdc2ae6b02480d3

SHA256
2b574437d26fbc2141082d8b898386c69cca6c1d5d90c26bb9c9ce26b1775d0c

SHA512
9a238fa43e05c974ad98da373a35bcfe0e641425c7aae44a3214973f46ecda66bc0241b3eed36518f60dafd271a837f30cbee9cbeb5344fedca376eb61400135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
725217cc45667cdf6f1a6b8d1c4e5dd5

SHA1
5ea06efb1bd6df9fa51e8f723192bf33ef4a92ad

SHA256
dc8d8d50fe7f81ea54addae89e5990b4b2a292e4d35b19ec1e6ed6ba9fc67d83

SHA512
4b73c7e405031c8a7b53ce556e9076b94cf7e25e411abf8e8b6476f2836ce493d7aeef02fe8495a7a36267c2cd1d87ce3f2647ab0a5dbb48eba92b587e72caf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
99e18a3d41248eaef691be9a6f6843df

SHA1
4277abbb9aea13110949513b6c43f5c61da63e9e

SHA256
950d5e1f5a542a85ab36c5015a0a1fa2aa5af45d986c8a9e4b95b17f622e6340

SHA512
8f018d40fdc1873a76121554f1463fdd115a5dee060d9b259cc91e56ef02ece352f6217d96934247f4ae65843286f84a8fee17bb9aadb96923ad15e6798d22e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
351a96b88d4f4aeaa3945c552b6ffbbf

SHA1
fdbcdf770ec12c06203b5748d5ea05f9eb9aa16b

SHA256
155b18bf45b54b7a4504f035825c5cb65509cde2213a74e893b046e7a60d2009

SHA512
636a441f5f30514cb900aba61a162bab341cf299281b2bc959a737c5277b348b3fe8889f24b150cfbf64acbd7bbc7ff6ac7901022e9094c7ced5f8f65285fb68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
28dea48fb65f6cbf8feb15105ef9cfa5

SHA1
736a37f436260ce72ba6e56c2230d82e0206478e

SHA256
e0fc980c68fb58f1617d8fec2fece90231f396cea30790fa2cb03b3c43426440

SHA512
7d1c99985831d81523b1df2baffde2dd80ad58608567b87e565cf51685fb862de88da56c81e364aaa745f4d6aee7c59c1abbfa39899e81114b8656146f54adf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
178c7d6f46ca8392724b9ae1b70c5f8f

SHA1
745d9748603b5368275797564c5c483d2d9d6373

SHA256
1c48b1279fba9de0ad955d101be1f456afcd0e081e97811692b3c9e42bdea110

SHA512
46c053406b03833f49b3049c3b8fb121aa453fdabf174ef8eacff41867a29a9c7dddee3d513fe2253e6392c3e9810990287220d448c69b3678904e2a73a65fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bb56afcadbdde884bc0e60bffc380eb

SHA1
e41f6a92ff5f55736b85d75f90072a6eba5d1548

SHA256
17fed352cb72260666e4871c125a6218c442215f40d5fc018c18a07376f41549

SHA512
0d7ecc7f3939e918f29339d5c9da6538fc1774874ec2e2dd45f2314d9ff6be9259ff7f6d60e396dd6b109b71831a5aeb48794d9bcd5113cdd66cdd52dbf99188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
cd41dd9a0b3653ed9f15d5857b91347f

SHA1
c22368f6cff9c8bf9ec8312a3ce459e6044c7b31

SHA256
5e4738221340780fdf65f27a3754169b9e8b3cf1fc1e21d7d0609edbc6b912b6

SHA512
ae1d2020709c7e474cdd20e0979b30672a78333c68092476a71052bc9f471a0b68bca306ee8b2280c9f37e638c90f35a8901a1048d2acbc26b89fa2432253192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe622b41.TMP

Filesize
372B

MD5
f00e031f92ef4550e052f2559508caa9

SHA1
fc44cf400aa3fce4732240da7e26983761d1df66

SHA256
c803c17822c0a6aff07896324d18710176e22bfdca8afdb6c995360ce8bae595

SHA512
87b7bdf41a59af32bb25c31ad0964f1204a027a3a26b64c1b64a8e4b0acacdcf892f64f817d628a8afa119d3313e4f4aab8173f5b52a254c12bc87b7c04b2a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b60ff13982ab034e515d15a48f551db

SHA1
f93232d9c933034133951a5d42ff7b2aef8bfd7f

SHA256
b237c52bd7af48b11e9ab47d65488ddb1711ed626f358947e9a77c081db5098e

SHA512
e37b84db0209b1d778ab8ef7bf661f952660dc5460fe66b23436285affd6a435e8a23eb3ca46278d44f1e055625720eae202e8aae56203ffe78801298257e33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96c99558e2e2384c95564dcf18e7b76a

SHA1
1bc74f7d06844a3ce149e88812200b9497787646

SHA256
9122bebbe1cfdaef1b3e34f7e6832e06736c096bd7a534f4e691219ec734e2cb

SHA512
0d9d0c1043eea3073effc3b9ed7232b4849a81e2ca6ed828cf92fe6b7c3c263b017d97bbcf62b92b88651a9701878093ab82403c939356f550e5498cf2f72f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
993f5857322ed21b2bbf96239e014a51

SHA1
d399c9186a2b8c5bb90dbd1a5bf101c457cef560

SHA256
00596109af1302049741a0c99a6b078a96a0ef36c6cf8e607223f106f0b6e88b

SHA512
e53534f367587f242fc0386c7995e35498c3846c235d2637fe539c3d814813785b81b35693d27bc45c52ae53001b7ea864566b9c9865044ade69bda47a9d61cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
458f26a229254d0e2b3d62b780eb5e4a

SHA1
f904d99f4b7d8765fa520a91dc787952d558d678

SHA256
0dc3a1d7e08a9477a2b6a69c5cb7d3b7191ce3ea52f8fc4c542323874199d0eb

SHA512
02624d20c111b2fc5327190900b9c7660c7bb60f8194ac137db8a429f8c7cdfd33a985fd8afe47e8c34ea868978c07babd1c1c2461ff7372629d08b30b53dda3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a8c4c4c2ec204d897f2ebace897999f8

SHA1
32d3b62363dbbb130c0f0d91da11472889bb78ac

SHA256
82571224d707f82bcaf21caf2048218b0aa4019d9b8cad77388e4655d272e608

SHA512
fb1cc90971309248236eeefc893c7b69ce34bbe892f2d10b41a249a1a81f5d1f07d01311fa1c474c4d6798dafd68fb2bc4475f658201250a37a78d2850780c87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
14fcd517e3a1a8a7a0978903c44a1090

SHA1
11a3991dae5fd8c16bf2aaae02028aed249b8a3a

SHA256
f6ebd1f6ac41a42463b73e9a782bdb554c568b4bf1609db59a21c8a387c2c977

SHA512
aaa8819e8f7394f986dff9bf3e0b1890da706b990e214bd70026236037ca2b4adc7bd69ae703a6d3b38ee9b3294cb61dd1eb13555dedaaf936130f180c38ad20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c60d5c5f298fc6ea35f513c287fecc9e

SHA1
dde970e21aeb165804e4ab61994c1e0fd10b84ac

SHA256
735237e4e7cb14f4dfb849ff3fea50da79cbc7e349c7fd2b62b0b3e7e8d9b065

SHA512
11bfe31146a843eaf0022929cbfb7b4877694cbc799d3c68afff359e26dabba4ec35576056695555dd78a86d7cede41d0d0606d395e1c32cddacd015324f8bbf

Download Submit
C:\Users\Admin\Downloads\RJ194384_trial.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/484-1982-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1963-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1986-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1985-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1984-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1983-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1988-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1977-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1974-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1973-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1972-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1989-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1971-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1970-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1964-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1987-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1962-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1961-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1957-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1956-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1950-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1949-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1948-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1943-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1942-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1990-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1928-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1922-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/484-1991-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/3020-1670-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/3020-1690-0x0000000003870000-0x0000000003871000-memory.dmp

Filesize
4KB

Download
memory/3020-1688-0x0000000003850000-0x0000000003851000-memory.dmp

Filesize
4KB

Download
memory/3020-1689-0x0000000003880000-0x0000000003881000-memory.dmp

Filesize
4KB

Download
memory/3020-1687-0x0000000003860000-0x0000000003861000-memory.dmp

Filesize
4KB

Download
memory/3020-1686-0x0000000003830000-0x0000000003831000-memory.dmp

Filesize
4KB

Download
memory/3020-1685-0x0000000003840000-0x0000000003841000-memory.dmp

Filesize
4KB

Download
memory/3020-1684-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/3020-1683-0x0000000003810000-0x0000000003811000-memory.dmp

Filesize
4KB

Download
memory/3020-1691-0x0000000003890000-0x0000000003891000-memory.dmp

Filesize
4KB

Download
memory/3020-1692-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/3020-1693-0x00000000038E0000-0x00000000038E1000-memory.dmp

Filesize
4KB

Download
memory/3020-1695-0x0000000003900000-0x0000000003901000-memory.dmp

Filesize
4KB

Download
memory/3020-1696-0x00000000038F0000-0x00000000038F1000-memory.dmp

Filesize
4KB

Download
memory/3020-1694-0x00000000038D0000-0x00000000038D1000-memory.dmp

Filesize
4KB

Download
memory/3020-1697-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/3020-1698-0x0000000003910000-0x0000000003911000-memory.dmp

Filesize
4KB

Download
memory/3020-1699-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download
memory/3020-1700-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/3020-1701-0x0000000003960000-0x0000000003961000-memory.dmp

Filesize
4KB

Download
memory/3020-1702-0x0000000003950000-0x0000000003951000-memory.dmp

Filesize
4KB

Download
memory/3020-1703-0x0000000003980000-0x0000000003981000-memory.dmp

Filesize
4KB

Download
memory/3020-1704-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/3020-1705-0x00000000039A0000-0x00000000039A1000-memory.dmp

Filesize
4KB

Download
memory/3020-1706-0x0000000003990000-0x0000000003991000-memory.dmp

Filesize
4KB

Download
memory/3020-1707-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/3020-1708-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/3020-1710-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/3020-1711-0x0000000003A00000-0x0000000003A01000-memory.dmp

Filesize
4KB

Download
memory/3020-1709-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/3020-1712-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/3020-1713-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/3020-1774-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/3020-1777-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/3020-1682-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/3020-1681-0x00000000037F0000-0x00000000037F1000-memory.dmp

Filesize
4KB

Download
memory/3020-1680-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/3020-1679-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/3020-1678-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/3020-1677-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/3020-1676-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/3020-1657-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/3020-1658-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/3020-1666-0x0000000003150000-0x0000000003151000-memory.dmp

Filesize
4KB

Download
memory/3020-1674-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/3020-1675-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/3020-1667-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/3020-1673-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/3020-1668-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/3020-1669-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/3020-1672-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/3020-1671-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/3020-1659-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/3020-1660-0x0000000003000000-0x0000000003001000-memory.dmp

Filesize
4KB

Download
memory/3020-1661-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/3020-1662-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download
memory/3020-1665-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/3020-1663-0x0000000003140000-0x0000000003141000-memory.dmp

Filesize
4KB

Download
memory/3020-1664-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/3020-1652-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/3020-1656-0x0000000003700000-0x0000000003701000-memory.dmp

Filesize
4KB

Download
memory/3020-1655-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/3020-1653-0x00000000036A0000-0x00000000036A4000-memory.dmp

Filesize
16KB

Download
memory/3020-1654-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/3020-1651-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/3020-1650-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4060-1848-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download