hxxps://butterfly-on-desktop[.]soft32[.]com/

Analysis

max time kernel
810s
max time network
811s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://butterfly-on-desktop.soft32.com/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Setup (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Setup (1).exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store.lnk	nsg86A2.tmp

Executes dropped EXE 18 IoCs

pid	Process
3320	Setup (1).exe
4024	Setup (1).exe
5300	nsg86A2.tmp
6060	nsg86A2.tmp
5800	setDRM.exe
3012	PcAppStore.exe
5284	NW_store.exe
464	NW_store.exe
3184	NW_store.exe
6024	NW_store.exe
4324	NW_store.exe
1424	NW_store.exe
6928	NW_store.exe
7108	NW_store.exe
5700	NW_store.exe
7088	NW_store.exe
6312	NW_store.exe
2168	NW_store.exe

Loads dropped DLL 64 IoCs

pid	Process
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
3320	Setup (1).exe
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
464	NW_store.exe
6024	NW_store.exe
6024	NW_store.exe
4324	NW_store.exe
6024	NW_store.exe
4324	NW_store.exe
4324	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
1424	NW_store.exe
1424	NW_store.exe
1424	NW_store.exe
1424	NW_store.exe
3184	NW_store.exe
6928	NW_store.exe
6928	NW_store.exe
6928	NW_store.exe
7108	NW_store.exe
7108	NW_store.exe
7108	NW_store.exe
5700	NW_store.exe
7088	NW_store.exe
7088	NW_store.exe
5700	NW_store.exe
7088	NW_store.exe
5700	NW_store.exe
6312	NW_store.exe
6312	NW_store.exe
6312	NW_store.exe
4024	Setup (1).exe
4024	Setup (1).exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	PcAppStore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544766501150108"	NW_store.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{1AC86E71-5A02-41CB-B2D8-B59F4B517EB4}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 561717.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 360716.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\a9c2w\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
3584	msedge.exe
3584	msedge.exe
5172	identity_helper.exe
5172	identity_helper.exe
5200	msedge.exe
5200	msedge.exe
5676	msedge.exe
5676	msedge.exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
3320	Setup (1).exe
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
6060	nsg86A2.tmp
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
6024	NW_store.exe
6024	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
4324	NW_store.exe
4324	NW_store.exe
1424	NW_store.exe
1424	NW_store.exe
3184	NW_store.exe
3184	NW_store.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
6928	NW_store.exe
6928	NW_store.exe
7108	NW_store.exe
7108	NW_store.exe
5700	NW_store.exe
5700	NW_store.exe
7088	NW_store.exe
7088	NW_store.exe
6312	NW_store.exe
6312	NW_store.exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe
4024	Setup (1).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeSecurityPrivilege	2868	msiexec.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe
Token: SeCreatePagefilePrivilege	5284	NW_store.exe
Token: SeShutdownPrivilege	5284	NW_store.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3320	Setup (1).exe
4024	Setup (1).exe
5300	nsg86A2.tmp
6060	nsg86A2.tmp
5800	setDRM.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe
3012	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 4948	3584	msedge.exe	90
PID 3584 wrote to memory of 4948	3584	msedge.exe	90
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4392	3584	msedge.exe	91
PID 3584 wrote to memory of 4936	3584	msedge.exe	92
PID 3584 wrote to memory of 4936	3584	msedge.exe	92
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93
PID 3584 wrote to memory of 2876	3584	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://butterfly-on-desktop.soft32.com/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce5c646f8,0x7ffce5c64708,0x7ffce5c64718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676
- C:\Users\Admin\Downloads\Setup (1).exe
  "C:\Users\Admin\Downloads\Setup (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=2935D258-24EA-4115-BC36-D204B07ADB8DX&winver=19041&version=fa.1087h&nocache=20240309164955.169&_fcid=1710002976564857
    3⤵
    PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffce5c646f8,0x7ffce5c64708,0x7ffce5c64718
      4⤵
      PID:3976
- - C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp
    "C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp" /verify
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5300
- - C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp
    "C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp" /internal 1710002976564857 /force
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:6060
  - - C:\Users\Admin\a9c2w\setDRM.exe
      "C:\Users\Admin\a9c2w\setDRM.exe" 1710002976564857
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5800
  - - C:\Users\Admin\a9c2w\PcAppStore.exe
      "C:\Users\Admin\a9c2w\PcAppStore.exe" /init default
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:5284
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        C:\Users\Admin\a9c2w\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffcd46e9b48,0x7ffcd46e9b58,0x7ffcd46e9b68
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:464
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3184
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2012 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6024
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2124 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4324
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\a9c2w\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:1424
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3832 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6928
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4336 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:7108
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4340 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:7088
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4032 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5700
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4168 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6312
      - C:\Users\Admin\a9c2w\nwjs\NW_store.exe
        
        "C:\Users\Admin\a9c2w\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 --field-trial-handle=2076,i,15242686027503680007,7858358010739099756,131072 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:2168
- C:\Users\Admin\Downloads\Setup (1).exe
  "C:\Users\Admin\Downloads\Setup (1).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=2935D258-24EA-4115-BC36-D204B07ADB8DX&winver=19041&version=fa.1087h&nocache=20240309165116.38&_fcid=1710002976564857
    3⤵
    PID:1644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0xfc,0x124,0x7ffce5c646f8,0x7ffce5c64708,0x7ffce5c64718
      4⤵
      PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:6916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8354921704887324826,9246818104204434810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3280

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2868

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:6040

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
471B

MD5
ae4611a04ccae1d8cbbb49d9f0ce9cc0

SHA1
854e75375a25f5050fe0602d15e792c12cd271e6

SHA256
fc0b9c30a6c12b920d10af1f9618eed6bca3715476794670d1d1ee1b7d640f86

SHA512
cc8b5c0d70361bf028208dddc830801f8721d4902c30cac2e04b56240aa3e898e3bf487504bff2880117e66433ae68a5b0c6d74c85b366a2b76c8bc0f6441834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
6930676372f6ff7aa3ca318e1dcc76a4

SHA1
721f9dc3b5c4e399b6164dddc0342c24931d2142

SHA256
608ea36ff89652d94e0c22c0cc44b819ab0f489a8627222d81d1f6290506a613

SHA512
f67cb21d6b9af7ec9d2a004494890709076dbf7b61841ee22b2ced5666ea65f6f6de868fd5ee717b5789f73d88158df0e46f05d817a62036feae8631917aca3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
404B

MD5
3563644e229e9e488370fafe205be505

SHA1
342c7720d225799eeacd91a186a846de8232c2a7

SHA256
a677bd71aa1b10e62c1aa097ff5dd0fead4b61ae181cbaab1ed5f35ff153c741

SHA512
1bb49ae8114aec0d2d6ac127df0b555ee97f930d9874a54c507b3d1f90f6e49ff4d8853e61b97f9f19fe9c1e8b1ad221c9769c6401656aa9db9df1d3131fae86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
24eda4c4ac144fb4e22df13a03e7e6e1

SHA1
e469a546f90fad253c11d825632d15b7e9247f6b

SHA256
018fca7b5119041d95fd74f44bea7bbd02c738d44b0c35386bb7bb1c69bab04f

SHA512
5f7231471022c0fc39c4c2b33386755d26f732677451b04a5b6a32cacd64c18fc438c8413536fcc980f2acf483eb2ec719866e57915c382b349f209f97ed09f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
49KB

MD5
bf798358fbf88f9cd7702f71bcda6499

SHA1
63e40704e84adafaa002c72140a9887373f0f9df

SHA256
6f0155a831565cad08df75deaea49ecf007db1c1ec6ae8066b2a4bb87898d5ac

SHA512
b8a295d9166df7b82828527c422b7bc9916fff674f263c9cf2f1a48b369e6dc0da6f1f28c2086d51d731a30d4f70d3013e7e2f7bb7a5927b6a75998b8e565c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
28KB

MD5
fa5755f3b8b532b0168a2bf940503bdb

SHA1
19e7f834bb02e71aae31b800e91258fe978b4d13

SHA256
6cc2a26604fa86b477211073b9ba63f8dbb4e29193c7dab10e764db261dde70a

SHA512
f6a1d4c681e0e6e2fd4d15affc4cd733afdab632d69b621b0d5f761aa3633757d8b3ff061e7e531994d3aceba2e45584a595c920908548db602faeb34a5354cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
88KB

MD5
20a063f78b6db5023d94c156f6129441

SHA1
e03b8481f9a8e52e95028cc7ed3bdba66c2e8b72

SHA256
d0f340f3c4788d16e521980774cb1a134f118a039d981bb1019edea23bfd928f

SHA512
1aae9649e7f677f8e4e080dacfa2a1ced18919d324dffa2b5e6f7245378a8ba959bb2aee2b7a3f7f1a8a7e57e331e963dab32c2c1210482e29df945a852998d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
135KB

MD5
2193abc39e3cae261dfa0e9e39e2e771

SHA1
f0b1aa22ee4cd0d8a3fd9f32d1eacf8a9a3d3566

SHA256
1a1784f63628b068bb3053a6a7b7bfcd5485c843bb4e5a8e1c998a13134682bf

SHA512
843bba1a1b68179ed7244e46e06c1069dc87bed71e6198b19b61770fa83cbf3f33a84f40c24b48cf9fb51884da1c52eb3ed799b2c4819c4a09b143b0c8069ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
47953bcd62e93772ee22d834d1438f17

SHA1
5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2

SHA256
f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425

SHA512
5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
31KB

MD5
e22be493da1dc48a98d8d6f0178cd1f6

SHA1
8c9b7faba91939dd36b502417d1a9eb35714314d

SHA256
ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845

SHA512
b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
34KB

MD5
5170a31c404fcbc1073f9303a2b17394

SHA1
5b10c869c3f55bb181ab0c8e5020c094a696d71d

SHA256
8aff1e04d499369edf42f8f752ed582d7854b7363880e0324a7f284648623dda

SHA512
d8c93b0ed7d51096a630c073c0b36734c29562355e183f30dc3edf5eb2c59a255aa633ddd699a9cb5acd608e04c7881050c82e95012491a6b98ae02602dc133f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
137KB

MD5
e8f2c941b1c12bd7e5c4b66494b6e52e

SHA1
48be61b7008ccaf94420a5290ac4d0217e59c483

SHA256
5b4517c2a6b7751764bb6c7d5f7b72eba5530dc6573d8986a2fc0f90316b44ea

SHA512
b249567316b0798cf01917ebbe82b1252df10726b3a08ac6a1cfb612ebd8b959d3a44bd628a496544c0e434bee81e0b99b10172b3a5d8a5c14a4f7c29f6c6151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
95246a61d63e03063ab5ece033863c39

SHA1
ab93dd8fd8b711ff3344f106a9cfe6b2946e97b9

SHA256
5b3fb31b5b68e20e9f361638fe30debfe92982a5c4964691d664d6d859629a02

SHA512
4ab476cda49c2e83601bd25c2ffa61570037ca6b13d0a23161ff7ede592c40f78bafa74459325bf0109677bf2768f19495db74b158f9f34dd37ba85d6ad3ee16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
45KB

MD5
30a274cd01b6eeb0b082c918b0697f1e

SHA1
393311bde26b99a4ad935fa55bad1dce7994388b

SHA256
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

SHA512
c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
98KB

MD5
3e6313c4e093b5b88883b50c5bc7bb80

SHA1
df875e439b317f62724ba85bb7d45132584881ac

SHA256
e7295bbc1b9247a2c5e8d6932e00338bb3fe5239cf51e79ade65987a7cedc63a

SHA512
0d1c228e9b30feb6cfbe93c367ecbd52df07dd68418822f9e5ffc8bcb011cff373dae58565eb42ea96b1453f996a272852e4ab9b4ca4dc3b918e80e6e25d7a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
83KB

MD5
5132f5793aa1cf86bf36521eaa8484c3

SHA1
cc5a2c21a644d9d902e49e53f8f36508407f47fb

SHA256
ef73175e1b9b7b12c159283c5fe3690866a433c0a2420ab06e6c3542257b4a4d

SHA512
83b067805d83e1147875ce4ea079800ee656e3e48e13795dbeca1099fc49df20fe14571543388f120f54f0a181ced8da491aac6be39604ec99c3475cddee77f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
87KB

MD5
ab9a8b62bf7acc4424939cd87d4ced75

SHA1
43174b80e1f6d6617ce43e80c30a21927c0321ad

SHA256
70f89fdc2493402f1a987ed3f5f80aa945cc03ccf006213a871984a29e875d74

SHA512
a4bb065106c4dac95f2604b8a4c0647bf72b0ace2b4addd5c56607b1715d121a3e17b2fd559d40911fc7502d3e0e446f681f6aeaf5b3af2ef15d6908f6c5d1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0dd5f9dd04bbf621_0

Filesize
88KB

MD5
a807ff414bfa2360966ba3ecfbadc6f9

SHA1
0b0be855f495171ed6591f8274b69e37c7e309d2

SHA256
50184994874d473b6ad6197efcc48c2afefdebbe3fab9c0d41ab13233ff0cdd0

SHA512
dd22b5035778fd248bf2df1e9bff152092abeb2f05f44683739bbe92e56af946a106cfbb9e379607dd8bcc6f46dfd854538700427a9970fdb54f839615bf3215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13bec7acf7310bb8_0

Filesize
225B

MD5
80434c40310f119eb03530b478e6ead4

SHA1
427f8770942c75158fc16aba0bb5e060102bcd39

SHA256
798214cb69635270540c8ce89668220fb0151a313e52d42d48fa50bb0e898d77

SHA512
9eb0ec8e9b27a5b27a17417c1f24f7a37a881061e84a23a1f7a1166e9731ff7cb62b4d1fcb6f4442d88551d48635340cf148255cd473f3659d808480be3d74b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13bec7acf7310bb8_0

Filesize
23KB

MD5
65fc6ead0a30877af6ac3b9f18c98a6a

SHA1
c54545596f1685ff60e3d417122a817e13b5336b

SHA256
59162800f12164cef68b32792b6ca9bcf6aebd736508cfa90ffe12b83d1c031e

SHA512
ad0ee122540b7ac116acf30a473a01dec427b0d7421d0ca72313db933d78066741489adab6f48ce1b60c6296e7537be541dd902cd703df7a37d79e75f2337f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13bec7acf7310bb8_0

Filesize
225B

MD5
2f53838bc6cfc5699f9f2694ddcb2037

SHA1
d071f85e807e5d82bd5ba32acf8768d1d33b2e67

SHA256
496ea5bec9e49ef0494c60b50cde151fee928c72e853c6939ffa584c41545fd2

SHA512
0187dfc33dc7d21c504394c164910b0c173007e231d139aadde272f47f12b6f44d50ce446f813a7458f043cd2f57d331a1e7c6a459fd0784dce04a153b22f4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13bec7acf7310bb8_0

Filesize
23KB

MD5
4f68b61ed99c0fadc1b8e1ef687fb5bc

SHA1
df6e2d8260df6e6557e43fa007c9d11061c78b35

SHA256
6edf09ac2544023f3dfcd58321158ca5ada4596f187e872b3d898e09c706e791

SHA512
4807853eb616bd2341223a13252abcbfbf18fb6eb347855126cdb9dd0ff21679bfac1792a2e5a2f9601fce63161867bc24369807eeb5b5e36580e4b0f9c212ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29348056610fca5d_0

Filesize
294B

MD5
a98f80dfae8249af92e82edb38d4d71c

SHA1
b6ae3df47eefa4442cda4ce0e3fd0184d112457d

SHA256
1d52e7a8d3a7c85629100ca43d1f574a50158e2397cb23390313b8ce8dc5fd91

SHA512
00d12c58939bd3d3f09cd954747cb14ce038145de0d76404fd9f873b19e465c4d4f5c1d72f4f52cd19aaede4e1947fbfb8016c34e123bfd37552e4faa4535188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d4fb5829af7785f_0

Filesize
4KB

MD5
00f34d3674f7ae3976681cd8d887b639

SHA1
9ee33126f7c9c163b67a4b9562094849867c30ec

SHA256
104401a2157bbb16d944b31783e1aed4c988bd402828e1965df971e4e27c3df6

SHA512
c33a814dab7e4434e9b539dc85d74ebceade463652fe5c30a80a81adacc1930591859c55e6f3fb7ad0242fc79b38d19dd52688f2d7ac181c1ec29fa7a1ee7c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34592c7c19de5ffc_0

Filesize
41KB

MD5
bbe01f4125693799f43eaa905f9d2888

SHA1
e38eb58e315eda7824ad97920ccc6adc76b2fe64

SHA256
a155e4c230174f777f44b6251d4b8f5095cf5960763ab0d871dca68eac80c411

SHA512
3d12df30d193b73da4d1d548f39ebfa1e2adb55ee7011d00f11df22605b49bcca1a87277e97e1dec5ab770a271f9ba6cc5a37be97eb7094700f15d5a4c46f544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e044e34f673e98b_0

Filesize
273B

MD5
6a6e6077e793a630de792e27784f1496

SHA1
1b41bb05d75840c7ee12f8b24e4df2f031f76c64

SHA256
d7b50d2b5c83dc6bacc8f7f9989b00a9e22d6d544bdd61f41bd5c74ef5ba7a93

SHA512
7972b349dd6c79f28d23ea3302b53770bdecb280d273cb08269420276775ce6c379abd5102c97f7129c46d09496aabf9f23cb07f8663e5dd1bee345f83c4e1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41575f013c4cccb1_0

Filesize
339KB

MD5
90d85aa62a295e3e76931514b606dc11

SHA1
6efbf8e42f2c6df08f7cbbc4bc7d81a0c99f03f9

SHA256
963324f5711e72ada4cfb958b1f1c76b0d834ea7c5b214437b0d3cf7dae45b83

SHA512
2b71a2f721ac211dc06d9cd26badda08bba9cad42b80c1f58a7bbad1f40417d3c98e80e390753f09e285ec8bb0dd5097dd32688b7664db114f580a524396d712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\496e79cc2fee400b_0

Filesize
67KB

MD5
620c774d9641bc867ba2cf9083591dff

SHA1
44fce37ec2407efdd907fac5eb157f8922d2625b

SHA256
3a61f788fad09a5f822e135a21e0caf428ad834d49df2ace6a99a8ef1698fb5a

SHA512
52b9a7f5f77f7f25546d46ca48e7efcb8b5ed603d7da8d97915723414c00cd422bf6138790001c09958c5387c458ba8e2fae082ea0df22cbf5cf50b6d01d2fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a5b48f9c392f01c_0

Filesize
213KB

MD5
6cee9b74d365b69f6271b265ba9e2150

SHA1
32e89ef7067c549ff98b5b019323ae7e220a6454

SHA256
84690f7c4734e2762bff900514da8daed9f7ae1cf3c447db4b3844d428f16d1d

SHA512
43c14c2bb3e9b68adc7d6a8194b92aa9f8d4f9124994abce48b8e012ea7cb1bba98e649f06819ed25990e904a0df0b06d698a2199cacf20f927096565fb3c6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\537e119cc6bd86fb_0

Filesize
22KB

MD5
d92eced46889274dff53939786d62e9c

SHA1
ce1a84a26dd671facbf3c7c2c223c783c3d1549b

SHA256
4341dbb410fb2b0f851ec0b339dc6180742b386b6ed53ff52b45ca116a391762

SHA512
44b6f2d38bc9059c3c1231a01a6ad75c51540cf9ebaf058b79696b1955508648859e637d3faef5ca69ddc7e425786bfc0cab71a48e98f5be1ac9facbb8db9b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58e24e424af527f3_0

Filesize
227B

MD5
cb942d19434c02cbe1affd6dce9f2c9b

SHA1
509a3f8a961b414ad9ba832594ccc235b1e6f823

SHA256
8dc3fea5f361f55a849bfbf93859373542b4ee4ca42b69baec969f2891e139ac

SHA512
bdfbedda48baaf68247506c9a4e77abaffedb238e6319995a1ca866993a23f74d83cd00c38dfe64a149a7a16f9c7c86216445ef1891a47e638da764f4908c3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58e24e424af527f3_0

Filesize
275B

MD5
7a7e7247a4eecad75947ed70afdad768

SHA1
d18b1da5516ff8c4ebc9676b65ebb7dbcb75f444

SHA256
d9214ea962685d3639464485359318f647bcbade1eded866ba7dc8aa4dd276f3

SHA512
e696fad25346000b632436527c8bbc86c7f8895052375f22cf846e186e2547fd3d0963b500c3b15fe75d7acfe97a15e5a7548d10c5f199f075351136b0718cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58e24e424af527f3_0

Filesize
227B

MD5
fcaaa470937d8f64c6f7cb5e9c99f294

SHA1
0964b114b5a1d73c4ff3d7551a5b060a7f22d27b

SHA256
ffb8fab28c49e0398fa4041c86658c9ec7005d2eb355ec328073f6d3bc50acac

SHA512
e8df3f724976beb0b13fa40bef6c4ee22416485b45a718720dce18d81912f91333b87b45fd8079561625a5a33adf2cf572c928a41cea48572aef8624562a284b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58e24e424af527f3_0

Filesize
275B

MD5
1ce3181c8f5a209c5e5a36e572850441

SHA1
6b418861ed1460217315d2d8451e1e9a7a66b113

SHA256
7e0aaaff10e4615d3dfa0e53351e6cc902761f745af71cf7224f849d9addd159

SHA512
672bcc94c798be05146d4426fb1aff59f1042ee9bd2eb541329e73742eedecf49293994a5ed049757664b4e45393c4d3ac949020bb9e7afec86da3dfe885a890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\72d28af37a227153_0

Filesize
121KB

MD5
ee2a17676a6acb5de306786d4bc1850b

SHA1
a3a85cb0e32e02842bbf702695953725db5b5982

SHA256
4295eed6e099b3a04fd4158387438cdeba01c2792bfddf9784f3ca9d5ff82942

SHA512
cac9c01e97c3701ad0ee076f5c5cc4988c2f79540b7e1fd2cc08a02c3443bfd96e982d6fe84fd8a6141b7f5c1af5014fe367c32549f4dbc2ffbd9b8d3f8413e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77af8b46cd138965_0

Filesize
250B

MD5
bd5fe389bbb53f68cc09e17db88210c1

SHA1
5755be8345fdd3d2d1e3f38c55c8a26cf9a8ba01

SHA256
ef4fd081ff89a96e55655bf3c8577274712cd91818f3262a58ebc6737aeb5211

SHA512
ea4b522ffd0acb5b44cf34a02722022250900757a8a469785226b7ab9340ce86e80f6e1e800b5a285d5bbabbccb47b410d2f57eb7f375505b47cb7f340716b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\780d9b13c15f4e96_0

Filesize
222B

MD5
ffeb79006f853a99e41543cf6faeaecb

SHA1
8e5664d8baeae43ff669d87aa6adde076a469ae1

SHA256
8fe413676a6499dc20d6f5316684107d425cd8eed3db5a57692ac11e981b64ab

SHA512
7bedaf0fad98dd0a67315f2a805deb557b64faf6eefb3a40d2fc11078427edcd93a67a5b69533c9f583c06af3af595ef4ff05ff4a71baf7c7e9d92babc61d199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\780d9b13c15f4e96_0

Filesize
54KB

MD5
6c4be3c7f6abdff3d473cfffc201affb

SHA1
e32f6c89764abbe8358755043080cae339c6cd0c

SHA256
6f648b890bb5d428a0faf8fa085f4d600decf2363a22e04502af22489ebfa7db

SHA512
ef5dbed1c20c3ea68c262d1f68993b69180e5698eb9d42a02ade5f6995ec4f7c1cf071cfb5613beb32b16289e0eebf69a4bbac4998cfe6b75c5022c220455bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\780d9b13c15f4e96_0

Filesize
222B

MD5
b5758569c08a5ae497363915de555ae4

SHA1
f1c189df637553a69236e393b9eb2f4a2a0d4763

SHA256
18d57545977a916babebd405ec4505475799627bb97e142bc922a4a7e641408c

SHA512
cace10e2dc569455a5bed171998a991315afc0903c44a495caa34ef1d6b8aff836f8d9dda5f571cd62096c775fc7fdec4bf3bc04fee20698c4e9dafc9ce12998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\780d9b13c15f4e96_0

Filesize
54KB

MD5
9be7b09cd4610f7483475064f1bc48a8

SHA1
492fb79acb673f1d9dc4d3eee0625c07a73c1034

SHA256
7719d62eaf9c84ff5de82153046e4290ccad0f22f658757d1eb8402536a7a0c0

SHA512
ecef1d57d982f55fab5a3a967d40c7d70b383d19fe180e9934b878e149580b0f0bf6ca129f7a8dae6036be7cea85111de460aa3014bb74bfeb43b4bf96de2e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8c4bebc5f094d6fa_0

Filesize
338KB

MD5
242942c899b2bb70fe83356f2e004ef2

SHA1
d654f2f1181b820dd683a2e73033a40ebcdcf0c6

SHA256
c5497af990037732aad6d2f822d896093224530907854707e659ee03c4669425

SHA512
9549ce45957f90a7db7c307ec0bad893c249a840e3fe73e59d636afc83406852d6c487d78de28b5d1a3e81f5415a043622e284bd5dd0aeae096c14c518ddd511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93c95634483c7e38_0

Filesize
159KB

MD5
d5afba3fc9d2f1c28e2ed71af9d1a049

SHA1
adb511bd274d9a015b21be171c4af9919943c01b

SHA256
8ac07523c4f2df10ca14dad006fa1a406b54d9f8f900bac274fcdf585de08450

SHA512
55b871d9804a8ce1897c5f0889697df4619e028573ce0e7e7e78e5b447d598348ffdc4b29551459bf31c97aa8c376123fa5dd471c09d384a879de49f477a33ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c4b4494fe223632_0

Filesize
252B

MD5
8c5db141b6ed0f6c4fa4a71107ec88e3

SHA1
9d699d9d03d49262d0ba0f0eddf6c2f736d4318c

SHA256
3d2d12d27da3bc49c8fccd028897b2e82e11faa96ccc61489942a0975caa1f07

SHA512
51fc68e35a50d4d9155d356e7d77694c08c06f7a76cb6e0257af81e2f576713fef2630fc5c615cfa0ac2a618e9e28b7d35ba0286c96b13b42b32489ca2ffca83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a59f65c491bf9463_0

Filesize
226B

MD5
879f1e321586c22934f9d8a076db7521

SHA1
3173b840ecab76f7f93cfac99464867834414f48

SHA256
e9a7dabb73339bd050b7101c917833d5954bea51f996a53f0cecf2bdea310724

SHA512
31a57a02efa7e86c69220b01f18f397a0a73ba3baa65b62d80f52b350c7207d4c8ec32189f0d514799dfa0153768d415e02af241971ffaf1e7babbb36f9915b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a59f65c491bf9463_0

Filesize
14KB

MD5
2cee5f102102b13be092a3dbbb29a2f8

SHA1
c22cd82d8ed1ae2ff6456306ba3a6d14d6d0cb2f

SHA256
a90f5f548ed22ddbae2b1f169ed5a31da4e300629f441a73b85f18170f9bc49f

SHA512
c8cd42040721dad568983783831a9c1892ffa5532e8999891b2f4a03c8b226a0c532178911a34e7f09a6d73ee3de46c79d97b11423783f746d1b4896dd8bb94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a59f65c491bf9463_0

Filesize
226B

MD5
91787033c0f09aee02a707c9f79cfc7a

SHA1
79582dc4abfc0c718893f4282d93a79b4dc2e7bd

SHA256
7d5a36d3ac1bb4f5811b93b7a521a5459bc2640907f6546643e2a2294c9f7d9f

SHA512
6b0c246c138cf10ea6a05a6fbba5f4b6fab101eb795a7de2e1e7bc366b09e2826fe305e5d803a75d50e45a4fbcf4e31e9b530addf85d193104d424887109c3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a59f65c491bf9463_0

Filesize
14KB

MD5
def830c523eedb417c0a354fe6da964c

SHA1
30998174c148298105b5716f55ac70ec2c30439f

SHA256
28b81712a7ce6b1648a7c53974e7610249e05dedc3c6a2a4c196402d38022837

SHA512
3bc9c3f2d3e255197e02d68edb672e1956bfe1c0945b2e171d78ef18b014041df81750f86d7c51552323218bc81466fc0a23ba241a83360976df1361c1598cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac968821ad21f79b_0

Filesize
217B

MD5
9504f10aaba77ade5d498965f1e57d8e

SHA1
6248c485f91e0d0e64479683fcadaff11e5d02c0

SHA256
13630e09ede331d677d20d11d0b3067396907b68c6c9f3f2d58b8ff171ec2ab1

SHA512
cc6e45ef19d93e501db4e675c1b5e16456ba9a820054a9216dd703eb8070b1703287616304c2a83b82d06d090150d1673d79b21806a4713e3b4081009916c251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac968821ad21f79b_0

Filesize
265B

MD5
34f434295cae96713e6f959c0a2df450

SHA1
9058211bfd16fb9b77f7f4bfd32185aec668cafb

SHA256
5f0b5cf8c4d82320448b1263886fa95ba734b47da3da00ad17de4f63208c4776

SHA512
398cea6babc5a6d6e16a1a93dd1e1455195762590c7404a46a6b5bf04cf023fcb66ba8ba143a6d27943f1e6b7634452c0fa582b8467c07b206c5e8c84ef87522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac968821ad21f79b_0

Filesize
265B

MD5
3a690de5d66d0c15f9d2edc77e07ace6

SHA1
0c29ef2ecd010f62f03165ecb89f7f3279b692bc

SHA256
9ff78e642a304a846d932e729ee4eb929fd8d00a032166bd917f445b0aea52bb

SHA512
9abde4cde6f5bc99701f77fc07bd734ef75ad119d364d819d6644e4ead1a83d4808029757b560e35e0700450ade7785cb732fe91526c3ae97349f1ad27521b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adaa816fd222f318_0

Filesize
159KB

MD5
ae2521ecd00882f036f2f0ac3d2591a8

SHA1
3553211dec9c7062533fb04b40a9d600a274cfb8

SHA256
f41e3763fc93ed1e12d6bf8a9176e8de766324ccb0ffbc9d4645402ae79d576f

SHA512
713b773b4e2516e6c06aec849b47bf7a6f007130677fed52ac6ddd2bf8d9333ada8b91caada7e7f9b12eab6bc47b5a35e4fcefa5ad3db2069287b657bbee813f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b586408f27cc3dff_0

Filesize
377B

MD5
98fb3480802a612e8965cfdf6b969804

SHA1
18575210dfa99b52fccca461b16b4c936f4ef99f

SHA256
11992fe29f5fe591dfaf72d21f606846159985a1de00360202134ec2d2f1523c

SHA512
33b3557d051167942ffecfb328d2d5a78ced7fd587c2c8285f14ff531af713b17a566b0153de0656cd402dc0e53f48d0734c64e0c758a495362bc7d0c80b7c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b7f4b22d01a7ddb3_0

Filesize
458KB

MD5
1b4caa1ebbcdf4419ef2518f9e0a0b0c

SHA1
7c047eafeee1fce1ea662ccdee6f66bb1ee6631e

SHA256
2540c643f3494663c7fbd32fc7d40449aa4775b64fae8a5824ee5e9522a15c0b

SHA512
ee0a91e10322063889c995746767e9b1e1774d23b111246d26da9b04738d9bc04f0c876161579fb7c14bad7aaf5dd9ff67554d243e7fd1e3dcd0acc87f2f9cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5dc16546d8d1f7e_0

Filesize
267B

MD5
b526775ba1c41b1fb7726126d13cccd5

SHA1
766e45acdce2288dd078978dede72a8bbff9d820

SHA256
39927558259b00d0a2bcac4dd90a2ccad279b6eaa81adb88e5cbc58c4b867333

SHA512
8e5b6b24979d83aececbfa3ada52318289a3acd750b35ee766c61db8d4852c15dcce9a32ce45649f34fecc184775bb8a00480264bc6389b1e2b169c8fc123b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d24a4eed910d500e_0

Filesize
401KB

MD5
c11637db22fbac95f55bdf9e923eddbd

SHA1
100f0cfb54ee735a4e8e23f840d139be03197183

SHA256
a249a0bc8f0f39289192c9879c9dfbd0b94386295fccbd17e2e7adc8bb7d5895

SHA512
e3f93249a80b7c75f92e2203b666f250d6b3b5d89315f7232483fd17db8cde8aed6c82f4db0bbb848d0c974c56b6c3adedf9689a575a81616ea7820dc33a4a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e0b3fae64ad705f8_0

Filesize
256B

MD5
e820daaf4d5f689b4ae8f5bd5bea217c

SHA1
a65f6f3883d3846f4207c3cceb98fb5f702b4ee6

SHA256
25969668bd54f051dff6eec7a70b72e850705f29131649dd7771f51900b3bd56

SHA512
a511421d04c7d92e9d4eafb5a1486f82db9496892499ed60e6c2ddc54bb83067f8bf99990951c84462321ad16ae3286d10cb74f7ad86a41c19cba94b59305b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f278641a69cc7e4a_0

Filesize
512KB

MD5
63e88746f65f96ffcb3535f79829f43f

SHA1
1f361fe0f461f8022af57e52f3fe304dd41065ad

SHA256
f6299659b12e32fc3d1459b4e79cbec7a14a3a240313eb5d12e1793ac69a31f5

SHA512
2fd0a8d510211e1ec0e4e31bc10d07e3d85a2c722ff84eb57bb2ea456fc816bde5422d184bc0e229571a918057009e6149fc07b403c5dbcf457cd557f4f7ab5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8f6ba8b363e867178aedc5481cc936bf

SHA1
b974d576100021f5fca010193cc490135e64ba0e

SHA256
a3e6212d8e45787a2ffa43edb860d1fd9767670f6f91a356c119e024fef9a253

SHA512
ceb95716d7db961111acc8d016f2af696c7785c6c2fb762204a38d4dfd7b28bb558665576d9a342104d18ea961f78a11191620b8eb108f890da77e88da43a7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
453daed0b3099e60657ff486990acd06

SHA1
d72f22d1d1a886f6cba6bacbc0b6195b42556cc0

SHA256
e33b4eea8c966dfe9fc70acb192a5d7de5487e6e5cd74e360c5d4a6bd0801089

SHA512
c1cb6d4a373cbc402c0bfce2e563d061ed872b3c30a8a903667b4d9b21262e50c6b1781838ce93840bb9a8c0e7ab33c64b733abead54a894d803bfb2268743fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f2c83ab9dc37f3ed8db418c962dfff0c

SHA1
8595efa76630af78a05b481e11fefbf435206e1f

SHA256
2af9c6141a24a61e725b5d1c0ad501829271990a35497e713ecda30d8d3c7509

SHA512
8f2bdddd275f0f253919fb2fad2008ff6b49532a85ac30281173c51319c0286ebb9233bbdc361b41eb34404dda03f78c3eeb018277cf80255cfcd758a8933bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c96d37b82005f1e9b51b18aba8a3ac96

SHA1
09631d80ec8f38852dc1bf9707ce123d0a16a54c

SHA256
1c89c21bdccc28cfe0016909a740f5ea5aa9d666e7fbf4c6c51bd5334f257eb6

SHA512
fd6887526e5f96005b535470b5269dd3a7d0d95f8679fed7633e3c57fae273e10560ed3a1408ed340087b5e80c90262f6348438a0f2787c4af6ff72561e0f58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
20e62407ecf502ac98f41b3a58f2f12e

SHA1
a497038a154acc5d7c9fd0ba371860b8f9a25ad9

SHA256
351130675e8c726b566793b4b5ef551485c9d128fb905623e053f22697eaec6f

SHA512
47a0418e739a3ee5a33c73810714bede0df46a8b4909f0de1a02f7111c059f3d307d68cf462cf0eb66132c3e51fbfeb462c46bf452fe151695b05b009f3960b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f5ee07e980cc2501e10493dfeb5c1e69

SHA1
c2c08975a0e1fe9a99f008daef695bf2ada11e6a

SHA256
2a4cbe8ce836daefa037aecd3839501c92c8bf505134f975ae24aafcdd2b934e

SHA512
f08cbcad30007af0bbb93fcecb9b7c729f4e07a02d6c9d807158b21ff20c5faef30eb60a69735d4532b927c2d5b3e6e4a9ed87ae19fafb6d0d31db4bd5861a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3aeeb9719ac6c48d74e19592ae4937cd

SHA1
9dd02707282e2a2d4c4b45a7b57868f4ac573b11

SHA256
db4079f783b5132fbf52e01ad6d7e24b09377076ebda836314fff2fe094ac907

SHA512
168b0815f20324601d0a33936a8ee1170151c48901650d6beb8c140f77e156c7000595a6da10c4cea747f6a3723530f957fbbdde684d6a7b6fc846c00791e39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
cf0637ec759579054dee806283a3f5bb

SHA1
56cc41c61cd27963dde724bf596df757ccd4dd3e

SHA256
4d1c8588b0cae7a6b4bd54a7eb3a08bb02f60f1212d1a1de58e17d3bbe2b6387

SHA512
d813f0deea9afd396fe66224c181634e25d0d9a60d4955490d7dfe371d57c1501f7edf919e667679991187814903b3111e4933ee3d9b81e7d7330e0113439dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e706299b1aa6e3300b56f3689cf492bf

SHA1
50ca26f18ec503be32bf241ca7f2857e10fde257

SHA256
cb7ffb0624183496dc3ac8850283fc542fadcda08a6b5f51644b22e5b9fe7ebc

SHA512
de17d3f3703fd3e51422a5d468bf1655a8e10ae34be0f2a99887eca1db6eae814c23e0c0aff129df4b46642bb1ee1d174fd9fce7448eb77d012a693cb3099de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
12573dad3b511b82257d209d37a760a1

SHA1
ab951eb2b0fcd2235d4bf1a379e2e9fbc75ad8ca

SHA256
69f817e5931b8c2ef0e4617790cb3e59baa892f88a7729c7f6543f81b60be746

SHA512
29c4ab52fa6463f4cc44923539c58a95467c7c1fbfca6eb7da31e8ffaa0136dbc392a8b812d8464f66c7876122add675a4aa20acc35bb5f067b78558af3a5a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
11d81405b32f891e1e0ee2d430740c95

SHA1
2b96feb07141edd5f2ed4ce771b93918c753840e

SHA256
25b583103bf55adec7459126248bec035352780ccc67a2cb89ff235ea8d77394

SHA512
0e7e210f15f4356a181918ab9211a346489f0f1e6f36ce53f9eae5d72cb4d7a14172e415fa26ad15e752f60c1f79309d727dd301cc9db455b6b68991b5d71e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03ff10c23a1f071032cc1d97a99211bd

SHA1
0a44ec7d38e7326290e6c0b99a22abdbac2967f4

SHA256
6b739b465934a48f99911dd114e48a30743151e8aad2da0d99b9812a64ca17b6

SHA512
1b3c4c5e6d954770d5d67db9a3273380ddaa656b33f5d6661ff7a6717b34db7f1e23d390070ebce45101f8c674a521b1baf545663efc82c17a3b4dd87eaf4c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
98ec8ba463e510b41341e1dad27dc6de

SHA1
4b68068058aade72d0df1a3ebb646139809dde99

SHA256
c58ba5d4025576bbe90e54334468701f8c070de575216d32b11aa11a7d77f501

SHA512
a52169064a842cab29fb8b49ac82a1b0640b8e6234724ff14ed9f9eb3ec13c266d3eca80bb6d153994a9ee2fd3acb33782910256d16b4e62c16fe2c2848e26aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8943f500fd442d0181611728ad480f2d

SHA1
585ff479d0b6395b01f517a9000fde6a2e63e850

SHA256
3b1644d874a3f1bceecd09eb2f5b892afc0f15e3147b8372c5bdb9479a93184c

SHA512
79c50fa8dfe46be4f7075e7b9e3306db6a7b04ff187993b64a023dad763d0c56e7506eeb21ac2a9e79fb43f19b4d094cee86dc6e46f0b1cb271e5d7aad1b2c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4645a1dea42fec1a31050302ff4fc17b

SHA1
ede77ee55285e1b7491f1c2b7a8e5935284124ad

SHA256
0e671f4dee7ca9a74c33fed5c0803ded341c74b3250f5002196a3b1f9dfafb3d

SHA512
e5b9dfe94348182a1f476c94e8a1dfa7d9fa8dfec62d7269cc17246e73c892364d2d4caacdad4ed7ecfdbd51ec1ff94a44e4f24d5203394db6e748833aeb39fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d13b69ca24e0b2cf6f43ddb9a9df54da

SHA1
cd4bdae06ae73344f8466124b4c49a951aa12c95

SHA256
fb336f0803bd24ffe56afd478b13fbd15a5388dba63905271251596eafe2bd21

SHA512
ed8a61e3ff8404b04fffd7118848d7d12ebe99fa6c519b968baabc2419def7747e9eb491fa2dca605aeda23dbf054b04c84125bebeb2482d6484fc169a1c9732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7621c846ce6108f0a28697148ac32100

SHA1
681794ca3f059026bcf57d44e67792cd8de85f73

SHA256
4cb96dc80002e0685f834eeeeea2d42e113fa7492912b5e7c7b45ccfd94cb4e9

SHA512
2f869f399e6e74c927775992c55f0aaeba394671de174e2466f9ca0a3f63335044b5386a7cf8d79033600b3c6a8a5eee532ae4d49353f946b7cbc5d0190b05a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bdfa4f41672ccab1bb6d21186d9e552d

SHA1
4ef4ff1cbd4b2927f30d077f438968410d877897

SHA256
e205d21d21f3064a5a08a377a279f787a15b6bcb8537b7d1b7d999f58b35d15e

SHA512
4669f79e41b00b1b64a7bd8351bf233bec3feff0c3eac3c7eb93810087d12940f23e5d4bb6b47b7d45313f0d92bae2aae7874c9f884dfd578a4e591a00b1cedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fe69a84ff1d54912c6e1f64079f1e53a

SHA1
25b9582653cf55a9b3d0d0ee7d2df36e3c18770e

SHA256
69ca4c0b228ce0e1e1544a91c8ace2d8d94aa16d697736ddedbd8164fe7b5163

SHA512
e067f89bf81fc6486403d2655f27039b479b3dacf6c73ba37254ab0f57174c56479e84c0de008ae1891cfbae603f577313d09a8135be5908f55e7bb22c44b9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fb23cd2dd33c2f5c6a66fbbbac3ed833

SHA1
25db626c6a0c53b78bc52952f964e1c10a188dff

SHA256
bffef36d6db24550aeaec299bc67efb60d50c77125cd52001b4da2e0e2913627

SHA512
2a32bf80309071c83448f800cf100587d33b8d06ce82d1419ac5c2707202ec3138838453f07ec6aa23c917f21eb0e16d62ef49ae317e13f6a34c3d86247724aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
39038087dde0d6f88f6dfe4c6d266d75

SHA1
7fb85dfd64bad234471eb37b7903a3c58d3f1df4

SHA256
f99d81984a9b2e8b005a25fc44f44d97339a18090f9d2eea7c49d5d32e0df427

SHA512
2b9c85fad2eb71fd7b28ddaf1bc1d8c46c80d889891d82ff0a4c09abed30c997dc1c43c8840f8ff3ca067ba13492b865efd42bd3a281b28596243cb7d0b06351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf6b215c3bcade5bbb3ec958732358b3

SHA1
bb5fb3b6c2186e60efbc7985ba12bfba742db1dd

SHA256
1fb37783ea008a27d8f3c41c3572c95090b99973a8b52f765ce2a0ea3d5e4602

SHA512
d27667567efb32a501260c4b2109e4cc8fe0c19b176cec8f5e141878ad4a5d1456a407f27f73c2b1880c344be8e7662c32f0292e720a504df2a4e631d2329f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
441374fd3e0b16b300952272ac87dd1a

SHA1
d8baa9b7913576a085b6a72dd4b82690b2c3309b

SHA256
5da1f653510e9d2f9ee88422175456757dbff8e19d507101a50d62cfcc379f35

SHA512
395b41abc42dde9caae2b5bbc6666ee011ded19e50b9141c6336cf9205c2a3e638e702436cf017af6ef8a89c5d2dd8da86d4ceb1920af5e604435fb081bb9991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
813810ab80820179331b820cb42a31c7

SHA1
59a1e01eeab034c84c804214b7e54fe5cf62a6d3

SHA256
37bb66e5da7aeead18d69876159895bd5577b8d186401c5295c82b793606da24

SHA512
8458193173ee4da8c31aec6b8d51df65eb79e2a1f329a5aed5542fce2baac14a5141e9c36edabbbac5a53f02710accfa2d9318045d7d111ce2247c0bb4fec407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
4fbf50039da901a62850786f2716349b

SHA1
cb3cc47a6ed46409025f34a374fbea3e27c76966

SHA256
8dccdb72b307c97a6df6e8aad43f34fd00352e46040a7f02c498d0931c766234

SHA512
1845c6702f8ac7aa15fa859da51d1825e10e0eccf0b852904eb089ef55eb666fb5c1027da6f82b75a9f675e8b97e8321a37f0f11931bf3485f51552a804a9cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a08b72615482858bf2edb2754d517f99

SHA1
90f183ab2ff24ad9680735e5dc63a8fb0f2604c6

SHA256
0d73196531c0164edcded9b06223afbc4917efee9a1ece75070a65b52ccb9af8

SHA512
2ad4e9cf26dfe002b2a1d7d2c3809e4997ae79f534ed9f835ea3ec9e8659cdad3e3e918218b685ab7200257b2a8ecd56644dc364fe6059d258377ce2c3ddcd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
57f892c4ff0a16a5d88952a56aa060bf

SHA1
41bfa8a465d0571555e01253d2afc5992d7189c8

SHA256
79c3d9830e7c6cda3056a7b78e310de9b321848babd18fa94bfe6f50579b1af1

SHA512
db5c5363d05d21c3458b929f92ae1091aabc56a014250a4b1f0b64b354b60560d4d04ba752341e47ef91fcc0ef0157c9577abf03961bd93bcd9320c688284c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aefc2d6eccf8c945df6ef555981eb3e4

SHA1
a584ee2cb6173dc4eed2944aefb979ed0cfbe0dc

SHA256
4919c7ca1d1b808b3926e14ff3924777a02109c423529baee49c001b858a7375

SHA512
c854ed9a6198936717ba7b6a229a24858f4a19cc5f09be452aff4cbf0389848df2b534eb592c1d2554c5e2dffb66cf182bebd5de429957eb65e4fc5e8e429fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d568a820905cd1ba197b65c7260d02de

SHA1
6c9e685706464228657870979a1bfe5737f18830

SHA256
ed325b80941e1f87c2d5129cc55214cbc9bd25c2e331ae55c34225fafa91e6c4

SHA512
1cbc37e4db01a14bdb8751f456be16f23becd0152629b5f87e49150afb618bcd551d83e0cea22e11661f01e825ccfbdd805165c6377dc0c58f531acd0629a4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbf3fd618770bbd7f74b8696e93bf45a

SHA1
9e2407af009a95099899cf6ff59e3938389e1236

SHA256
a89f350aab24dd194f5a5eb195b90b63c88aa91bf045e4c8eec649351635609a

SHA512
adc7912d66c650dc1e0eb4e96d81e3730ee57ae2a79cc0d48820382cce4df9471c02951019329812f6c313ec46e6e75617f74ce7c842544c3fc81bb55c89158d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aa9bcce4fdbf9469938117d0bdd432b8

SHA1
b0c0492314e64b974f786c07ac54ba47857e9e1d

SHA256
e3f454eb2cd0747c734f271242b372f94532f8d37ddb99b2dfe31fd9c938e565

SHA512
4d21b80082e927955bb7e1c1fd76f0584975da52c9473b91e37024c5b818b6f44ddc73a47c9764bdcc5779fdbe88e22ab7c2c1966ace101e8859bcc746f73798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d86e8cc7cda35971a373d6ff57e082e

SHA1
52f05ffb7ca716cc3b05b8f0943d2d967cb0fa95

SHA256
a27a10e33497417fa93db30be355c7999089896826811a4e6b8b11d600985920

SHA512
1e31534cb6d10d1ec9d47dbf2eb94bc288103b71ae13dd0b231626f892bbff9e6e7cd74a589247fa9f7b797df9b1727807e917a6b58125f6853e330654b27a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c79e9d1a3d6c847feb3696c8108ccc20

SHA1
3f8dacb46215b981330cf395b4b6788e2c3c598d

SHA256
24c070baa1e2e8dec6519fb7b9b361cbdc5bbbb0da1f73b0d9ffff0e0877668a

SHA512
6e3b1c38a1fe8bd1758cd4197f48e5f5de77847f6f4891294bec1cdd5f83c95eae6baf3549507ba19e6b95328039393eaecb283eb90afbb7fa6c59129913c906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80c5155e695811f46c117b2bf2d36008

SHA1
38be3e8771577c48b835b564242ad06ae4239dd0

SHA256
ff6a88cd9599ad469151f348b974acd4a4587905696c126352356d7c97fd5f5c

SHA512
b587567acea32922e0bd616975c0c2db5d11fbc206b59500fd99944d2eb0ccdaec6147e71bb8b00aa7fcc587238238de308c73dacdc538cccbadb6614bedde28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3d4b202a7a559ef17afdd7b0cd7a9fa

SHA1
0654725123aeeeb8e46d6db4690188228749ad84

SHA256
00bb4a9bdecbc05adba6b05cba97f785fd9932b9578baae3962942f1a42145eb

SHA512
a045fdf25d44c904e2710019ba2dfa6658d4b28622b05008815cb6c280573681ca3cc080a0d6207e9ffae0fe2d7b473168d4f38110ee76e691fd3f9be7d26a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0d97ef606bc3b2c01a7431b6bbc194e

SHA1
0ae56b62710a3757687678d55f7d3a830debd546

SHA256
c25edb4476248256602f9484c915d99dafbbd5aafedb2ba1e57dd14c38894f13

SHA512
0fbdaf52809ac59b5dac34a9984ec0d799e8f816ac2b7cc4e9580c3f8ff4240a8e4641e320cbe5c8f48c3174c22224a37a698bc1cacc8214c666f648bf68803c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d624318dbf1d88011c345ede3a9c4967

SHA1
4b801338054a24812a023198b6f58e6812581946

SHA256
d8ea97fc930429d07a26dc31e8b185b38d2338e4ffb3a596605fd6dcfc66079d

SHA512
3a2875298fe3cc3ad6123a971b7d034e4eb017303202fca9df34052264759ef9aec9bd85dd2c19309d8c2c5803c774af44470198e5451d495ebcc078b677d541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c851.TMP

Filesize
1KB

MD5
92ea1fb463bb955a037d9a894c58611a

SHA1
85759d6d25b25eef553c7a4c10412b00639d7473

SHA256
2f75df34e632665ba80975a3823c90989a15ebdea42552c8e65f1b5f2dd09b32

SHA512
8cd840f74229052e18fc0557ea8edd49b6cb2ba7cdef66b00b0053d68eb82a21dfb27a833542cea73cecd93348a8fa1546d1b4dd2327123760d62fcbb746be25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d70aabd1-4e95-47fd-94a5-a55d36863979.tmp

Filesize
3KB

MD5
47f7d7c222b37b0bf3ff54bf44078a8b

SHA1
201e3f1b9aa7a1e68eb474eec41543c1b6a3b3dc

SHA256
56bbd64bbf7647cccd4447e6b6b67df2976609fe70b619fe3afe778629dd9bc7

SHA512
94cf86f050bd497b7fc3a0197683049e1d826bd35f33e4f746d5c55367d0448ddcfcd060066f4f4e7d9e251d2eccd33a1661f67ff65e716e4a4c18b11f80257e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9171cc005538b794bff5ed4c829a2f9c

SHA1
930617455453cf899ee56122d583cc7dd0716073

SHA256
ecf852fe6837f5ab3e29dabb6442144a536de8e43c1ee5c8b562a42740eb884c

SHA512
7277fc09b338a97d316d9bcff224e4c92d607033e5ce25e0d976682345e37e29873661a9324d06f5bf575556cbc0a3b89999b9f3c6135a493c6be6c66ba13b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk69B3.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk69B3.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk69B3.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk69B3.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq6D7B.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE4C0.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE4C0.tmp\image.gif

Filesize
997B

MD5
1636218c14c357455b5c872982e2a047

SHA1
21fbd1308af7ad25352667583a8dc340b0847dbc

SHA256
9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

SHA512
837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
43c673007c234fbd1dcc1df3c5eddf79

SHA1
62b97b51579873442a9d5c8b9ea1e237efc8dc64

SHA256
ff04463ced0b4a321a7e1cf2c92257ac2dba13d1f6a387630c67d6f1b226c3ce

SHA512
87e7f3648c2c4c71571ec738727d06ecb79b2d9660cac46ebbc3edfb066c29086f6294301ab1712085447158ca0475239c7de93dce52c27c9a4226718fac623c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe598e5b.TMP

Filesize
48B

MD5
2928ea4cb9a676072e32222ff38900ec

SHA1
647d246a4a4b8e4eba50f612887e42bb32388f28

SHA256
0784203d011333527b68fb4ca07d0c8ac694f98781874899fd4382724c6c7777

SHA512
465a661290365ed0148accadd943eac50cb8194bc863499f2b89480d10b083c3451b7a49d307c8c30164465991a31dd0a2a23c62a3d65adfba9cc37aa7419b49

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e61b4210d0d24c5b321a8133987e6e8b

SHA1
4b092724becbd31daabc84f0b0b3e25add447530

SHA256
abca809303e6fe0c07fdd2ec3e83b725c26e902ec61041a6da0965cd1119c2c1

SHA512
d034ccd6312a8d7c147f32af99042e1c59ea1da6d0aa2942ef3739ef8d9d033e7627b0839a5533d71918dc9b92d4e0f9b03843dc438ffc88027a63e2b637d2ba

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
adffa2d2a77b52b7e9e43e0f2aa3ae3c

SHA1
12cd0a64597778224d2294af962341a82282a99e

SHA256
55901d1232ccc60bb3bf009b6f24286358e3cbb0bd36da01caac753777b40d32

SHA512
e1ede3fd46ea1e5b4a7e9998cd237802e00f3a02842d05fcd21ab2e0dbdaecd1fbed93c3b8242d23cd17636a35e3a0e522d0c893da0a30fd80263b5756d57773

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f7ef383cb7e36ad464e08d27f3d14357

SHA1
904c6fa1a1d416b3ae74c38c2c41bb3a227b6f3e

SHA256
422305f8bd2b30f364e0b4af1689171b04a1171879059873dd551b91fdd68c0b

SHA512
13740cb7ada870983cb960f6b269a0a182083e5d69bac0c36cb1786f4132d6b9d34c35b3f4dded9b00f75b6648faf49fb64be4a181392fd54b0cbed8d29a4fab

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a136ede9b6dbb6d19698e34351940438

SHA1
e3509bd38dbd1ec075860a705a5b0808b2a6cb15

SHA256
b3e19666908afd4d2f2eb54f705269b1aa3be93dd347813d4339a5cf0a6fa49b

SHA512
896b8e0c1fef0a1a5e6d6e7cb6c8785af568b97e552ee8e7412231904b3c5acd635443971fd3cda083834ef4d33a3865ee1f5cb20ad3ce4fcfa6aac8493d8c1e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
61b6cfef337dc8d7ece07e6992f3f9c3

SHA1
e786198250ac4c5bff285d276cf066cb8917eb63

SHA256
22ab054e64e4ebb5fb520383fc87802f8f5002483d7638db4af49f56d806612c

SHA512
78c894578e6a1e45698ca6f0f8437d1299fe8670a2048fe90764333d430eb3350a2ebd07e9fb53f1380a52614219d4856a5d166af9d2d11279cf57d0f9e34219

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5a47d8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4262c52d40eb5f1d3840e12830d93798

SHA1
d2b7517678342ae4fff886ade271a31ae6739d89

SHA256
261320189f0765f05dcba44fd6959e8aecfaae106d7e60832ea5aa55f12c6832

SHA512
2f1398ccbd096b2b664926bc55b36e2991f2cf7f0854fc87f99e2ef2ee9085e38dde0affdbfba3124de1c1709f720deb5f0454974467d36029916045ea5f1971

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
907e3d3d9cbf3653f5fa2d5bc300238c

SHA1
3d31261025cba261a83c5f624eec57fefe2c3d3a

SHA256
579052ac1597853ff534f301630464241a98b2fb7ea7a9b5dc8a7619f3a1ef55

SHA512
9f4a9930ddb2903ff2b5f13535dd6ce50a6fa52352b39a97fde4ce8fddae925c4bd46337452a3c091d5ba8d5a85ec389c2227047d8361a24f4d195dc95b2ef44

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
597293dc9b98720683eb090b6f410fac

SHA1
8716591fe900df94ed0f4104eb0907d412aa9870

SHA256
18d7816404c4801274fe8c8c0eabe29f268ca33d23399c8b4c5df30aa75bcdd3

SHA512
10d12014e90acfd896ed8362bdf8855f912e5b184d904522c8f6fc3ac57a55696688755ea5b6ec1ee2af56c0717739a0769559f7855522ba0514d4cae7a971b8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
41441273eac19f13fe05c1b775f105b8

SHA1
12c4a43212c5aba4f6159c2c89074a427d0b5b9f

SHA256
2e79252932f33bde5cbec224b4d04e8a9315a903a8a7135998a0c25c538692cd

SHA512
e301ad5607dbba2f93a05daece72e70968720feba70140ed20ee02ef4fe1b97a38cc788a070c3a777c835395b33a10a8029f8c100a32fc33e5007e43c9f9199a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
6035bf742391e8f6468985305d4ce5b3

SHA1
58c9ef29570673a5ae5ce9eed1a2002f4e945812

SHA256
a62360fbf511c060c3d29ca503f74c04ab296366166ae623be341e972e624254

SHA512
158e560483a132a55e96c0047ee938170773da6c0bce399bf110c055cff4c96832a73de1bba71b0da387b4518ea787a9dacbe033356af81c5c3df4f16eb9fa63

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5988dd.TMP

Filesize
690B

MD5
8f22642911f65692403fde54b18f2348

SHA1
623ad3ca9645ff7b8a6e0bc19c04cb5fda0fd11a

SHA256
dc2789a0f9f2b0bc33693c7899d430646cd01a0181b16c0b4b972b073232b601

SHA512
4ffd466e95f21c3d1e9139e49d0d4cd4632a1ae04c5d5df6269ee5b6dd54b79a14d156172c77dbc8d71c1fa78003890f548425d0b9ad7ab16207078c041ed16a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
f291bcaaefaeee14bac990ada2956091

SHA1
8d180152aa529ba42e689acd744c4823e401a16d

SHA256
1dfa84c9bbf09032539a591f57006d3999db7cf155f877d5ae8206a3d6324f68

SHA512
766d24d18934a5fdabc8721b2d9e1270f3a4dedd7958a33c55f7de3cc8bac9554f8ca41a639b280c2a88bb2c77a95fc14ee46b1aa6315c5fac88ddf8d0e2f3ea

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
3KB

MD5
9d291e0a5f7f22b9ac124440993f9c83

SHA1
1300af910b3cfe8fa57757d8918dc9535f099066

SHA256
bc726bb58303966f477eeed9fe969034b2cba603c5d93d6008ada231679618c1

SHA512
d0b1db873d0cfc3fc11ad6589ebbbb975d8a12c792470f3b2db68f9e4d1c986e43b84f4d83e2806d7da2a5c4d7eb07cb42bd56f35b86811e2a731a51c055ad3b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
e48de206db47a2c24599d3ceabdcc540

SHA1
d67129fe519c61469fc156ccb1f9843440e1d8d4

SHA256
e694c48c8a19033120c48a61d50900716ff4b1d97f147f4d0b2d685c6f0becaf

SHA512
267cea8470108fd9ccafe3bf13f21d65bdf4343169a2c27aa1e91785d01a20dce29c3a60007501e91783f03bd92b456977801cb3b2d0f2eea0165dbc4d3f9a7a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe598851.TMP

Filesize
3KB

MD5
462a5ede09f72ca04b52960fa4cd936f

SHA1
59b795fcf01e5232586172e7edb093b4c323a602

SHA256
f8a2d1b84cedf121ca76cdcb093cce634a91ee140e3345cf027641ce5b426427

SHA512
27e1124d32c1eb243f45f46e87ccf08572df9077491a4e318dfbad488cc88a88cf8919104aec0f011d6df9caf0049d69d6bd37e064ec3dabf30d89147b354484

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
d5e6121f86812cc7ae58efc4f9ceacbb

SHA1
3dfb06418220ed62ab46b473bc4ab269ff4f7e33

SHA256
05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

SHA512
88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\a8d90f6f-25db-410f-a50d-0c122825e0c8.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
3KB

MD5
c7043d35d922fceca75e87dc2249f220

SHA1
1528535917c0236017bd90883b3d07d1f3124ccf

SHA256
725fc5d9618a85ee5d78d173eef3664d5a93aab265c5b9dbf0190d87c8dfc1db

SHA512
6905c52204b876cb9a7403c382463bf7e9a13726911598f748cdb437e9e03c2e6d117c24acb74946e391e23aa44e0e6f36d13b0173e893f9dae5f1b85888d569

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe595a7a.TMP

Filesize
916B

MD5
7d6df7c0ac048c5f49a7940bc83a5904

SHA1
2b487c43a2f2af07814eb6212ef55b76a868a195

SHA256
3a48893a3193f1a7fa79a44184c7dddd5934645c5f2490cf64dfa749b2ebddb5

SHA512
16b93f189baf59fa612a0ef9f215ff043d81f8d0ff018530351928543ff2b8a931c4416c0c9c7979ee5a6a491fcce2e24f297855c0a165748608a8b91f16db9a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache

Filesize
97KB

MD5
90902e11d608353610523990dbfc6366

SHA1
efd2075bd06ac0452131dd6d95cefcb33457f84b

SHA256
190a21023f4f67a00fb6f46280dcc943ca5c7df9c2b9ba93ecfc9521e70770fc

SHA512
ba9396a2c336a276ac5eb136a1bf279e33b4192d867915362b3bf68fd2c6ca1eaffa495f87567d135eac4e4ee7735df508d4c9cd580d3443087180a57ab7f2c5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache~RFe59d037.TMP

Filesize
94KB

MD5
aa84ceb9e347b3f29f913acfe1275811

SHA1
14f8c475eee403d028e997eb3f4755225d259ef9

SHA256
b012206e8a2456efebd96615f4983c4ee5b5e0b000fa7902343fd6f90e301ed6

SHA512
0062b97ab1dc28b8fce01adde9f61fb9d284a763a634bf356531507dbd6a49b625ef72eb2303e8dc126dca2becc4cf3c1c69353fa10daaa5f8d1f7127977a3b1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 360716.crdownload

Filesize
176KB

MD5
0ba2311205d9c8fc3bcf5a4b7b3aea41

SHA1
d8954bdf93891705a877b406783d80a823f8aa92

SHA256
0cfdc22a98c88aacb1c4f67f530172444e54bbdb7bf228b45c0551e18957ce20

SHA512
b9d0c001d0827877a82f0e87ea5862c7141936ff8b8b5f15303021b3ca660dbffbfd40577323e77ddf6e608b699f31a7d9b0cb6d64c1a5f7fc104b9fbab401a7

Download Submit
C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp

Filesize
11.4MB

MD5
15cbfe8491db219579a788aa3f607a5e

SHA1
a3fe34d5836bfd68dbeb755544a1c064dfca2fb6

SHA256
27e4454ef2fcc285218915f4783681fbda1337aa73dea88220c7b0b72ab3c849

SHA512
798ad9b7093ae531094c2442973f5c1407a85c2e1f6332e57bc4cf0845eefa579ae1e3914def50f92d41977257192ddcf5254e25ae6d9703a6f4e21ee3697166

Download Submit
C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp

Filesize
15.6MB

MD5
9eb8206fda64f2562b42dec259686f70

SHA1
8fb47aceea43c3dac3f9855501b7f8905cc92367

SHA256
89a012d99c0a064705c4f229bbad2085d5d77227d683fd82ad45b8ab7872c94a

SHA512
4d0178c39c36846505db3e63763ef1bc0446def575d9bd6649f099ea7ecf6717c8b8f79a3a0d1ad78c01b01bc47662deae965f80017129b5fb2ff841a07f7bfd

Download Submit
C:\Users\Admin\a9c2w\Temp\nsg86A2.tmp

Filesize
15.7MB

MD5
12dea79233ba7561afa42c54c8a500b9

SHA1
c1107e24bb7628ac454408489ff29218ae694119

SHA256
57af44705e26074fd5a544b9cb30d3694d7ab9ac19f672801d1a7fcef012dc39

SHA512
f44e7ab245ee8a6773a04c57a998d9f658ade4239f81b21627dc5c702a4d73f7181450f4f3a4efbda94f473120c25072cd7d938ac33d8a52798da8aeb7be132f

Download Submit
C:\Users\Admin\a9c2w\Temp\tempPOSTData

Filesize
619B

MD5
25e4f90b79f6cb33fd71feab03395978

SHA1
f8af37a7bd859786eb52c12a453e7beeed5ce5bf

SHA256
41bae9849b20b29e9d803f40b7376b542f7a5591f17f32b3b636912318ca06f1

SHA512
0209eb2afd4c5d452251ed1b4a3e4a793e7ab4bfdcfc3c371a6adb9b879fa121e0daf4fcbadaf4706e4fa5f00348cb8c48ded9aa4732093102d222d757bfc49c

Download Submit
C:\Users\Admin\a9c2w\Temp\tempPOSTData

Filesize
3KB

MD5
bf51103c5b4efa8300c342d6bc4d0333

SHA1
bfecc2382b603e0a85b4f0e32a7b07f9c19e51bd

SHA256
353203f4eaaf78fe3d6503e513a47a948da4bed5cb1d2dcbe569c4788e04204b

SHA512
2df3c6c7742214e35be76c17907901756173192ce3c076c16c6bcc3cfd74600126d92015c3d5abf6c14c0284ae322f6e256e4f326f4cd03b45069e0abb76ba56

Download Submit
C:\Users\Admin\a9c2w\nwjs\locales\bg.pak.info

Filesize
831KB

MD5
f2a134d21e79420e0e025b2f5d0e0564

SHA1
e4f6ead92945b87c3b980878c707467dc84cd616

SHA256
4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

SHA512
032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

Download Submit
memory/1676-2066-0x00000265A9890000-0x00000265A98A0000-memory.dmp

Filesize
64KB

Download
memory/1676-2089-0x00000265A9990000-0x00000265A99A0000-memory.dmp

Filesize
64KB

Download
memory/1676-2140-0x00000265B1D00000-0x00000265B1D01000-memory.dmp

Filesize
4KB

Download
memory/1676-2142-0x00000265B1D30000-0x00000265B1D31000-memory.dmp

Filesize
4KB

Download
memory/1676-2144-0x00000265B1D30000-0x00000265B1D31000-memory.dmp

Filesize
4KB

Download
memory/1676-2145-0x00000265B1E40000-0x00000265B1E41000-memory.dmp

Filesize
4KB

Download
memory/2168-2499-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2492-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2491-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2493-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2497-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2498-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2500-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2503-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2502-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download
memory/2168-2501-0x000001DB68220000-0x000001DB68221000-memory.dmp

Filesize
4KB

Download