hxxps://archive[.]org/details/vegas-pro-11

Analysis

max time kernel
1800s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/details/vegas-pro-11

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\vegas-pro-11_archive.torrent:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
4872	msedge.exe
4872	msedge.exe
3272	msedge.exe
3272	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
1268	msedge.exe
1268	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1192	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1192	OpenWith.exe
424	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3932	4872	msedge.exe	48
PID 4872 wrote to memory of 3932	4872	msedge.exe	48
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1764	4872	msedge.exe	81
PID 4872 wrote to memory of 1876	4872	msedge.exe	82
PID 4872 wrote to memory of 1876	4872	msedge.exe	82
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83
PID 4872 wrote to memory of 1152	4872	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/vegas-pro-11
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2b9b3cb8,0x7ffa2b9b3cc8,0x7ffa2b9b3cd8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10688860579359833494,14113331110458060645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9f5bc19b7852854b4a4c35265647dd7a

SHA1
19ed386185285a206fab8ed13b04de9a831e552d

SHA256
00ace4979af8958faf58aa2f4ed836a15e06d2321cc6f020eb1badc91c0fa983

SHA512
f12b24e8d86ef6a4dc87231fd9ca676082564a0a1100bde6d98762b8ea5424611848e1dcdaf11563065ec2ec50d6cdb5f9635f6c793b3ef0c059a4f2c6aef709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
498B

MD5
844d53e0bf7e4bb1fbc758c8dc7b8c07

SHA1
e2903a7a2f86ae29de8b764807216c171d20a584

SHA256
f2609d7a395ee2cded63ce62b94857f16425c04b0ced11d9cd2b615b32c1baec

SHA512
6393aa4b1d28a2173c7bf289cf8a2660957a5af1986a4de4b700f3190e324a4b8d6f8d99c70f942a9712b04a257b35bfbcbc1fb73d14ef4e8ab2907c7b8b1c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b8d1f53ff967209ad07268a29170b56

SHA1
1153ac4a150831d0329ffaec44ee60adcc094445

SHA256
f2e85a45bd0046c4438c3ee8120f90fa3b136bc4483d840f78f6676ea45b76f4

SHA512
800156005a088bea0eff00d3b140a760d9e5d6ac7a04ef86947de9a45739de793ed28936c1e21c17c2f2ab9084b29f88f6ab7e9b4a7440bd60627d60ecde76d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1f046f86bcbb80c83d0acacbc3c6675

SHA1
aad4b1fd4e907a2a8e41f23468bcdf84dd735641

SHA256
568c71b8157ee7ec0bc8ae3c965fd8941de6df73b18b45da5e1c0374f823549e

SHA512
0492110ab39f6e80c3da6d9e82e85297d840b592f32a4c7e60095fa5416df3635c8a18c1d8b0f8100df99b7eb9bd46074f5e2b1635e2252749db1612767329d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
8d1d8db5298f506f2b8d85dc63b41304

SHA1
73f558370e9436d61fc995cfb5d72300eac1ad0c

SHA256
a6865aedefb790fcf7b080a3a06a35a3cef23297a1612816eae247a8e538626b

SHA512
c1ec54442e469d49ba86116d6ebb01d32b75726b007d8642fc9cbdc9319c16eb2e03d751b5f66bd2a2557d740ab1817ea761d1697302db99332f9eb4f2bfabbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
dd2e4158859a709c90f8777add1fbad7

SHA1
3fc52b5077b06762299c690469975b6f5f2a4ab0

SHA256
55b2731cdf9e9a0e16b22963801d18298449d9f2cce1fa5d5fc5ae530b7de28b

SHA512
aecd176ce13666fc6511518d4478113e99c399d7b1f4757510cf24157f8c833414bef367eb1c10bf44adcd4fb6a7fb84a17dc0f8b718dd2f3f1c2b370d32254e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c757.TMP

Filesize
534B

MD5
e5d730366c7705bfa0851b3f576b9251

SHA1
3da6f895e56ddef03c7216c5a5f622523bddd668

SHA256
5f361220118339d8c3c82f06f328e6a5c48fe4f1e07d1671baab23a24c10d154

SHA512
07280df6f7a7019fe2949bed777b7b3dbbe8f5214f9cb58cca24bf466b1613f9704975c4beee65726b3527b5027587ffeebcb744594cfc321b5fe18f27e3838f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c865fdab10f3d84381f8ef32218bd6d9

SHA1
c8027fd2b5e211602e3eadb74b3408a91db510c0

SHA256
5c2676328b90e8ec73b869c74d6ef115a683a04c53f53e54d44d7267b9651f03

SHA512
4a508eb2b8cb70763467d2d4640a5004d96cb3c1e2fe29706884ea59e5e197530c0140948de4707665484bd6751838f9666345e538364d0a298ca936ea4621f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4cb51d1b13b91890b2b79def58d7eb40

SHA1
238e061f53c28e539f1f9d93f6b4718bbd6672bc

SHA256
7ad3fb9d6f4c7c2620225585879dc7e530810d2f6989c025ae4ad8b9b635201a

SHA512
0e6f55be8fe2988281d4996c33a98163dd1811a15a9bcb4f1336517e04124d1efd26c4993850323f4d63cc008362c9f3d3060e180595baa34107e37afb56e678

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eebfb84605e05222e3ad98f4b9f62db2

SHA1
36ddd440df5b2776281ad245a6a57e7a183c09a0

SHA256
4a9b70f7113d5c252937ad9bbfa110031124ffe3643648db3f944111b61bd559

SHA512
90e6f46d36c30783af4032f72beb58eb157849a8197e39945542da8a0c1313cb87e91f18a732f5718ec6a676fcd790458419bcc22c608824416fa6df14bf5ba6

Download Submit
C:\Users\Admin\Downloads\vegas-pro-11_archive.torrent

Filesize
26KB

MD5
7fc8dbd2a1e6df4f853bca3318d73ed8

SHA1
a744e973e813471104bcc4bec549aa23e092de1a

SHA256
bd4f683895e235d7d74a3dc85e54636e4ad324cab36671ab0333b7c4301df7c8

SHA512
f735892212d1cc9664bdee39edcf48b38926594ea1d2f569604a505b93ef5977de52e4a4c35393d25fadc53fa48ca48f22189ca17ac7941baf83c72e54dd78d1

Download Submit
C:\Users\Admin\Downloads\vegas-pro-11_archive.torrent:Zone.Identifier

Filesize
172B

MD5
a7371d2179b0f685204c26c0d88e6a51

SHA1
118c6e900854c07a16616c02de75f2d13f05b7b6

SHA256
dde461dcd55525b0cc14db78f070113e3e53a13406ca787503714aa8f76ef815

SHA512
acd3dc83cbf9c28e4590dcb0c00ce327b9fee89fdaa7a33f9a34957481b813b8df3c2acc4b18ed7e2927bb26296b98b63931c5cf4415d134e8e387e0663f5003

Download Submit