hxxps://comfybox[.]floofey[.]dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7[.]108/history

Resubmissions

08/08/2024, 23:09

240808-2492jssbkp 7

08/08/2024, 23:06

240808-23pdfswble 3

Analysis

max time kernel
138s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://comfybox.floofey.dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7.108/history

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000234f0-494.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
1680	msedge.exe
1680	msedge.exe
3664	identity_helper.exe
3664	identity_helper.exe
3764	msedge.exe
3764	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: 33	3468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3468	AUDIODG.EXE
Token: SeRestorePrivilege	3808	7zG.exe
Token: 35	3808	7zG.exe
Token: SeSecurityPrivilege	3808	7zG.exe
Token: SeSecurityPrivilege	3808	7zG.exe
Token: SeRestorePrivilege	4020	7zG.exe
Token: 35	4020	7zG.exe
Token: SeSecurityPrivilege	4020	7zG.exe
Token: SeSecurityPrivilege	4020	7zG.exe
Token: SeRestorePrivilege	1012	7zG.exe
Token: 35	1012	7zG.exe
Token: SeSecurityPrivilege	1012	7zG.exe
Token: SeSecurityPrivilege	1012	7zG.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
3808	7zG.exe
4020	7zG.exe
1012	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 376	1680	msedge.exe	83
PID 1680 wrote to memory of 376	1680	msedge.exe	83
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 3036	1680	msedge.exe	84
PID 1680 wrote to memory of 396	1680	msedge.exe	85
PID 1680 wrote to memory of 396	1680	msedge.exe	85
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86
PID 1680 wrote to memory of 3780	1680	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://comfybox.floofey.dog/resources/brainrain-darkside-digital-insanity-sony-multi-keygen-v1-7.108/history
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeebe946f8,0x7ffeebe94708,0x7ffeebe94718
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4806739013170896189,16009745674494901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26663:72:7zEvent12418
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3808

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16613:72:7zEvent30573
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17257:72:7zEvent16113
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
9bc87b8853e31d8925a4b6dee2ce051f

SHA1
9fd11011409a4d4fd1cb37acd30096cc35600d33

SHA256
4a004e1497d54a40b6c327aba3cc3e114f7ef2310a3e2148b62b66488d1e4213

SHA512
e60de4b7df1fb56713bba24d37daf88ccadfa68aa4391a713515b5f2b7617525be61add858eb5d20f4967a890def721647293a1a2b89313d77c2376c51b3cfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
90adb83358265f56a82bc83475036abf

SHA1
03fc8b690a28c68acb9460951c6e702e4d1d7360

SHA256
640a56ae2081a1ee94caa91753a22decafdff7ba22b7127df9f238642148b301

SHA512
709c8c6060508176e872c73565955925d2e32045b350cd39dfce1592723f9685564f1c8933476d246d88c9b526fe781857329195e4ae740623886d50aaeaa953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
275B

MD5
47b6c15735dd02cc6f81628c84301106

SHA1
606df5fa048a4fe60d3d6389be71d23426a63685

SHA256
a970fb39596a233ee1513aebfa9fb9b09e7b88bc7300435c8f773d1bc44c0607

SHA512
dd8f3aa5d3f2e4189b119077de25cb00d21a1fbb079127716dadf874727e4f5756e7984e7448da5d0a2195aeaf237c7f8a17b614069fe59a3c2435d5fa85af65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f96bdde733dd283f9fedf76b68a5d107

SHA1
1e035b2a2ab945763860238521f46e5d37dbc72d

SHA256
371761d884b7accc970f3cd4d932a64fc2a660c68e9165ede27ad400fb163947

SHA512
211da48c8ca62c8b255be40f24e8c61fa6141924f41f98dda08e5ed24e4b9783f91d4e66ac4f1051e6ea1bdc8f93b4eee97043401edcf0ae65de59c7546e8d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50859d3a8e38c35d10c8b6baccb8c427

SHA1
6583af77b6bec68a897dfe17ddca45353c3ddc76

SHA256
f834e710b08b8697cf21fa50029557dfdb899fa2b7b31f350404396f832fe30c

SHA512
e2bc05eab9a60473817f0055da4d346b1e8a48fd9039d2c125d9120e0863e0739ed5c90026b45bcff1868d0a45dfabcf58433756bcccdb2509dd28918c53207d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31a7c2aa298db72261360031f3edc9be

SHA1
9a0d39a4bcc413e4b6395f3f1bf4a2c4d96a16a4

SHA256
3d2bb2471d6374ac8af6132edbb5b006a9a069a42b5cc7115ba74d0eda3698d1

SHA512
3b0614002cab6a3e9e81c60fe405d196250bfc3a269d6f4521c0b5c29bef4c2946c02bf9b09b52f7a2211354ba5a25a230243086e3818e5432e39de362527ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e8f760e8b9bb4b597bdef08a05a6972

SHA1
1209d026b5e93e75de8a3bab454decacefaaade5

SHA256
f8d4b3a271b69f3f06b980a5e36371019e6417e9acc88bfddbe19af97d9014b9

SHA512
9d89b040699b1ec9d8e16cbe6ea413965de6296b6cd8f5b8d0a41feeec16f284dd7725cf641e98ca99c5d64d51432d7eb1d4c45077ec65270736cd4c90edda9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\bdc66bd8-01a3-4e62-a7c7-471086f21852\index-dir\the-real-index

Filesize
72B

MD5
bfe5720960ca20c40019e3851d7ff4ce

SHA1
e39b2f2c9cdf38eda5efcce4c37922b5876d3b3a

SHA256
13a45c510803884f1e27a57d232578462f06c756e6c38fc883709648fc785636

SHA512
1fdf76306653cd96bf458295b7c576a50c362cbc3dbbe2d0d9f3f2ed31c11d3c9858465114c32d4d7f3cfcb488f8a808ee6049cf9659e95568c8cfd91fd4eda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\bdc66bd8-01a3-4e62-a7c7-471086f21852\index-dir\the-real-index~RFe57ee09.TMP

Filesize
48B

MD5
18d86a043c2d81127284deb385300e67

SHA1
7b4e114868de579ebe76ea6d46b8fb92d4fb09c0

SHA256
0eee1d3231e249517929bf78e8f1f79d5b02105672437584a043f3b1cfee8c6d

SHA512
7a87400476a6bc622ff2a10d276febfdf97b32539ac3af54f1be931b7deb5de4b6f27a59539b06b715fe8ee08b1fa2a3cd1b1551729612649ed43d8170bb1353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\index.txt

Filesize
96B

MD5
712ed332abc198d05eb14ee34203f9fd

SHA1
4583473e6a9188d053e5c7859664a191720a8d1e

SHA256
d35d5b07c4903283616c9bd7117a44e7e4b1e4f61efe47ad39d57902fbbca002

SHA512
443965af57734b002bedf8e5dbfb70c8aaea76393a47e9ec537c5502fb1b000d8952be666295b2527ddea6f277ecbc59430e4c13f40b71ad966894d38ccac666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a76ef3d8ab5a54d0719b4e40d3fba3115a0203c0\index.txt

Filesize
90B

MD5
3a4d56d6160725745fd7cfa266c5a769

SHA1
62db835d19354b445251fa930b47ab8540f498fb

SHA256
b8a9cc94557dbf85faeee68f215cca84806dc5668e8675317e7c668ab578408b

SHA512
59d121edafa941869226a99ceac56531229ed2f1419e2520d84924ed112e64be7907f7d4aaeaaa9700f85ab755a1e80e8e24e56b17b4a6465918389904baa7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
9KB

MD5
52de56f377341191f1fc977a2f8ba74e

SHA1
d350653a876ffe602cd6dd5f3a6b69dac4394910

SHA256
ece86d5fc81446fce73d5717ac97a501bb8a4572178c48748cf5df5db42e7d33

SHA512
8875ef8b0dde4ca48cf87eb41d1b525cc2d272e8208dfe5c872161e5d7ab80ff45164c7d8060cfeba6e6ceac16e997ac594338084b8ea9b3bbfeaacb5884a590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
4766cfcd2eec07859b64102471248150

SHA1
142ec9a1795c3be13b47f1f851b34437fb1b1f69

SHA256
0b6e6043974f19234f03fc75064a604f35314c0eb53f4dc71dc325719c58284a

SHA512
1c1e1c0b6f1a29853ae9cea07da3436a5b6c186b7bf402b912820dd9e71e1087eeca8031854169e57aedb2c3e947181855b74cd4ada4df941eab4b5bc477aaa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec63.TMP

Filesize
48B

MD5
c78b325fccbeeaceb9849b650de07fdb

SHA1
65124e2a8980643396406c91e424edbea1af55bc

SHA256
6336c9a23325defea692f2d32f7efd4218c59f981cc236072c2307db6a89c427

SHA512
b564178e080cc687c0c3d9e6defbdb56da71e35a808df034fd8dbfffa8f1f41f4a7a9fdd7b066a3c98f8723b9615e1dd865b113b8b569718761c1174855fbadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4a12a1ec8611a0c021d167b628c13b9a

SHA1
82292b93e553fa1b53767104c80698abdbc5a418

SHA256
f3a1ad6c6d6ca3b8ad968f7a7ed6e457cc6edda73b4b712ae9ff373fa88baffe

SHA512
83d98578c2e311612dddd0b6b71dc035dd7c9c3d18647245551d63f447d0e8c5948b7aa2338b8e29987ba378c6dcad256617cfa79280a1f169a3e7e983583591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
855092f666731d6c26419073aee3ab86

SHA1
c2c793a4755e19ddee47a2595217fd2c5fb40e05

SHA256
5663423ba9e3c31b1b958f0a2023fb707326553009a2830b75d2769c072f966d

SHA512
8e85996f6ca05a8c6850f436a42bba6c2a096cd76d5471a0c1821cb3db055e40bc0e1302465d1f572c448e0c11776faac85c25f32e4b0e1808f71037b7b66e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
fb18a38f5f356769470a3eae44864eb5

SHA1
9a50c9ef78db580ac4f31d325ee7df3cd3982dae

SHA256
43c5d42a766847c6b015a19dc86a8f945d876d2999f256b0bdc80bb1655e90f5

SHA512
b62686e597a7676239ed266e28ba35c076bb0cdfefec58d5f61aac21a1cbc8421d8b1f26b496fabda93cb7f7b9bfaea72c10c8bcbe249562b05876873271ae2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
9044d0a594ff0b733883fbd6ef0a2a6a

SHA1
4e9f4468ae78ec95670490140961da7d5be20ec8

SHA256
0741a0933e1e6685e34f22fdd708d8ec8ecea79028efa398a027cbbf523ab6cd

SHA512
eb309fc3e0066d864101d96ffeb9da146c19eac9400ddaeddc3ef71d6707d5c728a9dad7a2833ea61b4a4c780d7517392c5fce7b4eab993ab9bda2f3c674abe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
0d92301b7779150c2b25759fbeb07aa4

SHA1
5db8f4e57fc4815fc488e6dbab0276632ccec08b

SHA256
685a99c496447d46c812ed136bce230316f2b62c0dde9c02bac6d7f26183396d

SHA512
268f3a30209832e8c071f08c64eb9b1f5928718d61dd10eba043c3a4872647955545a918a2acfea6602baa92821f8e1228133a1474936e3d17eed71dbfe4691a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587d3a.TMP

Filesize
201B

MD5
cc34b192f2a2f97fe910e8def71ab911

SHA1
51c428c6f55ab34819fd2bfac1e09a2ed294b55b

SHA256
6133723dced3ddb54e21529bbc540dc34b25ed577a79e2a06605b2cd71290d39

SHA512
9b2dc57dafbaea9cff9f890bb0b99f3bc3478669076222cf0866ccad8b99d334fe4cd9099476bedf378316c265cfef7f0752b35814f14c9da9cd47730bfd7abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69f4026940bf1b21513350d96da25724

SHA1
ba7febe584cb290bad127a4885d9604094e0ccf9

SHA256
190d41f49cfd238ff83a31a84f356c6a925b6733f718afdd9c3ddcad7d0342ef

SHA512
cff13d6e1c337f72cd2b53998eaf2965bf99ee1ae7e04937cb3a4f883d2afa3bdcd965d957981430a945aeb80e2887f7c1621725a9905e2069928b6047954a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b45cdd8fdd8aa4612297f793bba84a2

SHA1
80bf89b760ef82bc47f73320b0f8b4024f436d0d

SHA256
a1f2ec09629d2742de797ef93fc055e27014e56fa68b8a9b84684f4c29790c5c

SHA512
b37641a0288e59147376e106b853f57634cbca8cc0fb071abcbb0035735ea79372341ec6deaedd61c2c557d23f5b9b60c75a4b20b88590e5811daa24bcfbd992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f96c3c04-2492-4cb7-baeb-dea727f60e68.tmp

Filesize
11KB

MD5
850b05d725a79215ff7205c5320c5644

SHA1
f43ea42ae76dcb33377bc6b1d58166f9136adbb4

SHA256
c83dda5daf9736edcc981f8e1e8bcdda1c74d2d75769e557b4a4ea4e7617e064

SHA512
c7e605eeeb5f6df74f4793aa3673e22196147c626f191c3e81e5a9e104e172e7502567865c0e816f31bb973061b90cd28dc45f51563f29d1e83ad75f5d3fecab

Download Submit
C:\Users\Admin\Downloads\Keygen.7z

Filesize
194KB

MD5
87c74d8b2bb383f8a889791576636405

SHA1
5e579a7e532db212cecf0ceb4554aa5ff1571e08

SHA256
a440dc7221aa021aae6949d5c639281f776b1d014e6f47c39ed7304ee6a532af

SHA512
7b17343fee6184d3a04da32ebf31f04d4ade30df27cd095ca103772e1d314f044f2522e947db9f514d78efc0ab8caabd9aef569ecf65cd3ba227bb73ab7f18e3

Download Submit
C:\Users\Admin\Downloads\Keygen.exe

Filesize
200KB

MD5
76a6770eab1f37c74d3037706ae428ac

SHA1
c8fdabde8765355db5d707688158205e0b6b79a7

SHA256
9606188bf930d3efc9cf08fe44947939a97afb5f30b52b0be969555fb592cc58

SHA512
42d4c46fc6bff5e95f359e3d8448491f242a9db627b335aca4de3d76443f0ebc1752e7b7a858dc35d040ddf9734495842ca35516159644956a788fb8b539d850

Download Submit