hxxps://allsoftscr[.]com/download/

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://allsoftscr.com/download/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{EF2CCD07-A8CD-4884-AB26-261657BFDBF1}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 7683.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
4016	msedge.exe
4016	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5540	msedge.exe
5540	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5744	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 1784	4016	msedge.exe	84
PID 4016 wrote to memory of 1784	4016	msedge.exe	84
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 3384	4016	msedge.exe	85
PID 4016 wrote to memory of 5044	4016	msedge.exe	86
PID 4016 wrote to memory of 5044	4016	msedge.exe	86
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87
PID 4016 wrote to memory of 4648	4016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://allsoftscr.com/download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8f2946f8,0x7ffd8f294708,0x7ffd8f294718
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,8700897714159379473,908182550815106682,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
1.2MB

MD5
038c1f469deb6932520d09a340856ebc

SHA1
8b361a8c0489b69e9ef4e132e36f20c161c5ec1e

SHA256
5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451

SHA512
fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
27KB

MD5
f930621607e050dff86f94bbf4806b73

SHA1
d06bdf16d5794550b78713955629c465b6970676

SHA256
fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e

SHA512
df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
38KB

MD5
fd2e534bb938f2264a9fb3e04d33b37e

SHA1
b60e723c3018339aaee529c9f8e83d23c643ef03

SHA256
42708a98cc8a61ae83f5f453f6b3a2769d2aa99e65f5ff9981b6816094f02b53

SHA512
132f704e5bd74e0c44243f86f7edf1fc7d9990ba1f1da0a5a93a3af43b7f33a1880953cbd250d640801ab20e43f4fb8b5e9bfe450c4098a3f836b11ea17dc7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
44KB

MD5
abed7ac5961e80723f84d306e1f57938

SHA1
b6c9bcabf7f7fa04e731287fd73388856b2263f9

SHA256
877953fb9d72cdc9442c319fee460e2765e701da62933f830eaee5cfb1fcc087

SHA512
f7c38f843e687513c5309470a416ee2c9f652310b85eb43fafaf60726653e91aaac7e785d16ab77ad82e246e18d2a44e6862cd818c27166ca29d0db57e45744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b4cec0bd0458389876878b92e18f10a3

SHA1
0ae3ec960a18c1ea2a90d57327db42f8908d7947

SHA256
f35a49b60af332b38466d2bc5464500aac39ba1942fcc042025ee35c1f28bb52

SHA512
afc420ae3fb39f919febae5138872f550d5a690a0ee18fd79938f658f4b4b761d4fceda6fd2645b588f5617d50f887ee05fee4042dc51449553ff1b528c130cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
24334db6c6020d278a439cdbeec6ea1c

SHA1
9cd1cc0814076718ac70e742e9f6f8a29bd49c54

SHA256
aff6b21e7f0c11b08ead7552c32f37b634fedd334ade6126115a0b9ed843591b

SHA512
f5822e8ca4d22058ba71753d9b9d758ddd5408b03cf5fb0649e154de88d454f8b1ed65ca04ccd4581d378815deb8b921361ddfccf0f2b18d255ed8a0ca345d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f878b19cf9a966bcac1fae2749c982c

SHA1
ce6a11c3e0a8adbb87a92a5c2465f2110a3482b5

SHA256
609d2cdd28fd84abd742c587698f52941230cf1ba6772f9e62b2179d3c0326e0

SHA512
48b2490d4b9427a2247c25a3539600744b1ac64bbf2d07f6d9233338662a4d6393ba7d3ae72c7e916cabc51f2a37f2102a76ff53f58686c85a1c1c554b304bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1024061d09d25799429960a3c7447f4f

SHA1
26185bad80ef407473fcfbd5d857c04d8106e51b

SHA256
a8b81267c77b8f8502bee85772d27e32584fd9f93dc3dd428c6d8d45bc48a87f

SHA512
413fb1ef13e52594cd8ed7de735c17751c08614a28412951a6731e94037541549530e55632d7dba1ba7f59a05be0cea642770916ec35313a708df26aca3919ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
afb2e6bdb8b8282ce15bbfe54b15c924

SHA1
98145aad6a6a88bf2c145441896d8502f94628de

SHA256
d6d36cbe3fb4a210e648a89981495246864862027e85be0fdef66ea1966c35c8

SHA512
01380a86ddb4fe558f3b93196502f0ec307468553906592c85e9a341bc4c7f516ba4d77d4e84eccfcdef72d0618beacc8a168dc23ee7ba33f041bdbf3654df56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\00\00000000

Filesize
3.3MB

MD5
3bdf96b3e02075e63f1a999ff37db119

SHA1
525d559dfca20e676c4653aa9c018ef338ebf7ab

SHA256
ccf9fcac880e8e0d633944a89aa861a8d89961a981b7fa26b0d7fa3f000ca3ce

SHA512
9575019a8150769c110e0498e1758cdf9e54a5e399b3d5847d45b7d4ee8a84a83128e7cc438575f81da53769a4e8c5a84f3e0dadaa56299ad33fe426ba51d7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5d1899842869268cc0d2f5ec4757cb29

SHA1
2d5f9d497c8dc26884c9820ff4bde8889bbcef15

SHA256
beb66f021f5debf88a9cb18d8eac80e6f0fd6c7d47152d4519a66b6c2535b530

SHA512
cf28db374b6156f9caae5152119d69ffb0c5ffb343f9ffce684f2658c753c444377c88f621e191b79cec6d000e25b921b379ac5b277c1ad666de189944f1917c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
54377b176ce8edf3e13a025ff455279c

SHA1
d703dac1bea4d1eef7b78e6eaef5f2bc3fa1f814

SHA256
f2395fa80dee0d8b3cffb80fbe2047a7a392dca54c406fb9204ea65e1dc3de44

SHA512
c38a09c514ebfde6a1baf4dc600711c3b33dcfa207262bd7ba6ba4d148b29e7b2c864c7f58c48ac5849963fdd2b0326d10585ce4844ef63b725bfa7cae79d6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
db22ceca74f6940cbd31d6265298c20d

SHA1
8f5669275977ba85251c4d9fdff84a92a7175bcb

SHA256
7ebda360f756ac63ad34e1880d652576d552dec3b2decc6bb0a6f59c3f13dba0

SHA512
a2517ae8898a9a4e0d97b1c2f73b267324658f032e55582e186b54377b08375a8996fb4b093d63eab81d49554a434443c5c9abe776f8057f00412a4bcb3ed5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
284a536467d39863944c8c658eaba415

SHA1
5f7296dc60c465d6912b51856496f9407810395d

SHA256
9f7ac9821d48577649dabf32cad37ff63585b7c107bc1d0158495b9e8150059e

SHA512
6abaac2f2eb42922c47b58d7518ec7b2323325e977f10d87baf797a39fa00aa89456effd29117378d675d622a7f97fd1e95435d2f881f0bf6fc2c825270b28a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30a663eb9eb11b6c0ec13a00d0394d4e

SHA1
f8754de666bb368622a410ff5588a89d715c7c82

SHA256
5accfa41472c85e4c6457b18d92a55779f4cc9f4ab112b06761a32a843115724

SHA512
691073c15bcc07626ccd24b9f2fb151bca3200977854b324b6fc8f76bffad7b0191c24f6c66cf64bc292b98c313384fbad74a29d34a2929df929a0ed6d22239d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfe39b3953e715510a152576f30f9b7a

SHA1
2e7ff25dfa84b5883a230be6f30d82a89364c73c

SHA256
826fd8df4b1456f1e88c8223e0b1fcbc3251300c116d0f3cde6febee66c1ff84

SHA512
e6253dc6cd9d2cdbe1522d615a84b0216416b86c8d8277e54f6599aa8cbe99c936d8c5ebe9e115e3d7f276bf877bd97533f52715830d43a858fe6e7646ff09cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fbf8742451f61b6efbe68318986da454

SHA1
d7ccf359881e960da54266f634b03e5df84702a3

SHA256
af767306847d40ae014a50883fae48569d55bd01e2d8d6a6bd506ca1253a146e

SHA512
06a1f9917cf995593fd78385e9b4eda4563e0cabd5fd7ac192b9f4fdb6f1e52b9e284dbcbcfcf4b2f4f5ecdcd8513e4117c824e202aff6127b9b27b356dc726c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cccac014fd52af92acf207d5f1934e88

SHA1
4a64039fc5cd381071b38ef936c1f6f0e3e3b56f

SHA256
d64a988acb628041936ea57be70cd583ca3356433b10094343d07e9ebe7dd24f

SHA512
e0bbfb7bb38c032e305f9103b000ee97ec3b4d0c52f75021ae2f68a562ac0771c9f7a9db18c464beb1eeb20763c28f74b6a23675224db3c48fbe980871e216b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0345101d9c93f40f53483434cd015103

SHA1
5e09a94a338f6a05517538a05f97044983be6c26

SHA256
fbbc8b60a7c6fb30cf444329da00944c3ffb866d0095c2f8b86dae637b0ff41a

SHA512
a6c61cc26c00a0c218ac73c3102f504cea13be04ba6f9c397c385c7b62e49c7dc9974e877a411461230dc69c136d9a3403138b565396845d24f7977be0c42a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c514c3531aa22664100bd6b50e34b788

SHA1
0c8b64aa72cf373854886770fe194cd01bd62607

SHA256
b7e82ff3cd9d36007338dfd7968b85e06cb629c0bbe75b70bc8c9df9a6ff9d52

SHA512
3e1c9ceae79e5017165e0a0d09c5c93b410a2c5fde12e7ef323e886ef6ebd5555e7d5bf82a05eee2cd6c97b0adb94360752ec104eab02c78075287843f044371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
effdb048fd9b20cf2042718487f65956

SHA1
48e6d72b187b9d080f73eeb8f948a8ee5d70c45a

SHA256
e55ce0f92d9ef5833297e98e831e2f39e02002edc5d084fabc72378394db1701

SHA512
f3f6169bbc28aaaf01ad386c2a33d958e908f4bf2b813bd9edf07a8d83ac72d8a15f9d2ee64386771d82fcda4c705e52987b08ffa8b3d4981d1b59341333dcb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
befc894377e0287cd4c14b513d84e9ad

SHA1
3a0eaf3c306452ed7265b810aad235c85003066d

SHA256
263b179e79885e2d7b10994d7241254b3d83e3f1652a5e0f46b7475adc2113c4

SHA512
858f047b4dd1d0dcaf769a774dd9feb41fc441530dcd3cc9b3d72d8188da6d08177056ea0dc71624292cace6997e7119337a8a94ffa7823dec6c4f8b4cb5d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ff31679c85e2777b34ae22df0e1fc41

SHA1
92dcfa4fd346732f697ca4ff852ef5f3c11005bd

SHA256
01da2a9e376ab22540d8267a6bf460695b754a6fb403a313231a8df2804e36e3

SHA512
4a10187b8b2ae780e0cfe1488cf9110422929a6a67ee7c21d7b8e28e003e055a57cdc5f494fa70b43e55189a943db05cd7ec33b38756a666b59e3fb7f0c5846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4fc0bb2d224b5c94aead2b3df2886157

SHA1
0d994fc7934c24207a862fe61bb004ea498c6412

SHA256
df7f4f572e0dcf48d8c337b9e49c90d5d6fbc490c4f0411bd3caf99acfad5f82

SHA512
f8adcd49ba8f3d9985bc826b3038fef59f42aab206783adc6b30aa19085fd6dd0217746f4b99d8b4c8b147d47939ad66d12ec8fe0d40386b69b4213dba6612d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
385113c15cc273a509780387331bd162

SHA1
b265fe59be43ae1d11c4c9de57f5fc84fb61ad35

SHA256
b981c672feccd19c43613a8c4e3dd989b242cffed0b9a001734a20f008d62b6b

SHA512
b014ea506e3dd62a9f3e684e140d8607a151bc88e56caa55cb2f3e07e2593a8c8c85c0215915a3867481680793eaad83dcc7b66d3f5194d2f7b6b52f1a5da564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d436a226d6181065d05e43753ff4e6b1

SHA1
0d90df44c063113c0310bd1ed3b119b2ff5ec086

SHA256
5adfb59e10b9ca28b9372d9130f2488cc7c289b3e6fae5f7a04b307df16b3591

SHA512
d33506170b266d681f265304352f6ede3796ef0adeafb30d2eb5ba66de31c66e73f1ff180a7169c791656084765fd443ef2118a65ec7c7efcf70f521eeee79ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff3208bc805dc0f1a0d1421ce4de6e18

SHA1
9d1a2461150d92694efefa0685e77fa10eff4ac0

SHA256
e61466b416a522bd10c3e351b8cec9edcc528b279eb644201bf5fc201fbe720b

SHA512
a512a3a8693a94411a5781a9bbbf39cdef61ed3cb2db938ad4d92dca48f26883876849c39dd1ca006d5e7705ef3760040c1feebad736c28e9cd16960771f00bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
be72b144703c68aa755868ecb714cb07

SHA1
e6af61fb45f32b95c6684bce8015ed7703c004a7

SHA256
8dc49222f09fa020311b208c64b6e3a3663b11cf5f27ab6cae0a146c13fa76ff

SHA512
4fc011c7a8dc0b4cadbaf4cfe2bd0680242cd8396f523a64aa1559ad7dfe77232517790853bcf6299a23dd99f5374e157b19de118df02e2a695e410b55a3833e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584a52.TMP

Filesize
48B

MD5
33618ba8a81fb815a467fe2356bf96ae

SHA1
15a7b5de903e4400fb4ee5e7bd0aed2c15b38ddd

SHA256
88539f4d8b630bfc9a7e7795fd4eab5bf0855242f8c7e1b736b26a687ef09512

SHA512
11b38772b3cf3dac924ee677b78a4a2791cbff9625a36a84debe8b1e32415e7e001d1cc9762b97f4d9ab924da3e425b7911732665f19a2d04563766f20d59102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
baacf1eb9617f7a173bd02819ebf97c3

SHA1
9aeb3a999f35e154531c50a26ef4cd0d66606972

SHA256
a4e2897e33399f845c8902c8628e4148a91dfe2179ef7e3b3bef8d58adaa4e0e

SHA512
c622f47e67d8792a779c5a2d5e960fd91352c278c9aa3650859522273d451b6e844ee7ad7378bf11962dd77df4237491e319e5048623a3e31c09643d9e92e99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59e494e1d11d7f43c857b242f57e5e57

SHA1
f1a746a45e7328283f81bb1f00a67b7bcc4b2c53

SHA256
ba93e422f74588943faa6f401357233d703a33364505221b4aa0c30dbe06ccf9

SHA512
366b85747fbb595152d5a26827bb1f86509158297381cb5c7cda1f11cdb66f854a96a4cdc4c00cfc2aefae69e23d24255ef84e8a08bcda08872841a108b25acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b23767399ea30f5792e6dd1a345ba70d

SHA1
bed57be5607dcef14ea5983c6a2171679efe4310

SHA256
8a80e9acbb6906ea6bcc799339327cd62920eb1ac2b1df04c68426ae43438cba

SHA512
481b931ce7c09b78bcd3b7991783abd575c5786adf8ce1befbf8fdacada7dcf7abd0d5bfa6758694e599de45edb9ae3cdbf58f34f3aef061438c4f83ca95900c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
723b128c5ec57444cb7ad688cd7d8642

SHA1
4fd25d6ba401f8fe4a4620f4164750ae5b9969ed

SHA256
37282a90ec97827418eab4241ca496fce7610e67e744b2eed51ea6dbcb52ecf7

SHA512
777c4f879ee0710be0dd1d10e1b0ed0fb7e89e33c85410602bc243d817a76641f5a8cf92ad115f507acfff13010ce8b3803288c835da6085eec211a74fa3fbc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab18004277b3f619ea7fcb7df8601cb7

SHA1
8b21c382a397444f485a9b63223364f7aa03d13b

SHA256
0e23dbefafa44315b79495e637bded10e3d36ae31c20b6d98cfc1e58e602032a

SHA512
7214148b3ad32a6439f421ff0368a5f2ab4b4ce7123ee2089f72579f8bc55779b26972c4972df104cd0bf8a05dfcc3729acfe8265bb9a7920c02d8b14a82dee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
614bc139c5085fda440bb0bbdf3f3158

SHA1
efcd383ba6851ca9007235c9fc4ebb7db2883bd4

SHA256
d75e7fdaee92f06b7cd72efeef97de1eeaff043707dd17c1fffbd4d29e8a84fc

SHA512
9b9f6070c153e2c551b8e651abd2104953cb01abb91e471dc51ead25e0b375a8f8b1adf44637ca20b8e7b04aedc99029a52c76ac74ced87e963ee12b6e875bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aafeed04d8ec2176fe43c81cf0aa6b4c

SHA1
fc10354418ac2cf4c230ad9cb8cd53cc1be8a434

SHA256
a93bc57cfeee86f349abf3aa405f93c6cd84299a27fa91d7c2f7f6967380e10d

SHA512
2803cf05376ae88fc92213a3cae08450dd8f85cde58791a66f2155d8012f9bf32a4fe4573f0c5d4f3b85c0524c1a8c2eeda1af150f58f9cf9136d01feb9986b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9b68fe4dea39af5abaf7f0dcd196f325

SHA1
0c9d52c216a5172e3882fc97885794b70bddcacd

SHA256
0a37d37293e4c1dca69ae93eff698267e701f472caaa951c9b9c8594358892a6

SHA512
72295831b99c5465dcfec6226f26743e9080f384f468d4436715e23edd11e9b5aa67a284b3186cd6e964f9e5effd1e4e9b3b6d106fb24748b7e18aea9a017171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
81debce50936991affb1d4f8e5c397dc

SHA1
2eedf914428a1856477f1fdda933981eecb58e9a

SHA256
340e8ae8ec886d0a533514b3b55aef8b41e13f10a4f84e4f51765ff95f56ff7f

SHA512
f888799d2b60fb02068039ddfcfe2537aeebe8d705e370f1704aaaf4847ef0a72472831da1f47d49e948e949b21753967345102c2a83fb160b80645eeba2281c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818d2.TMP

Filesize
539B

MD5
a8401ecbb632181e07af960a3cf1857a

SHA1
9e8c0cf457c952e3c0a8ba31cda81b7d768d10a3

SHA256
1a9b67b5b4420a07b2b69fa59a9cfd5aa0de1e180c275f68c6541b7cf89c26af

SHA512
5e79da49c89b1335d1bc21ebea25aef6e72d514f8371c5d85ff9d2cb12745dcf90230c0b4d14f4bfa0a1b8159efbea229d51160b3e980037a5ee0d1b36762b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc3a508920148503544206a77caee4b4

SHA1
b8355f3444e72d1d487fa229459131e2bbdb604d

SHA256
588abcce9d56151c0bd5d110091f8bfd7cd1b6b61f868ab31cdfdd10fe88a352

SHA512
079346e7c02dfc1ce2c8998c83f71dd1263550aa107770b25a5c9b158c1a5416a29c409f5692a9ee20cdda48943cdcecfb50ce08f5b34c0b95eebf0610464b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
911e0a2f54bf06b36237162872d6ffcc

SHA1
e0a7c83d1f9f8e599518a87da701193fdfc7aaf5

SHA256
c5bbdb17fa2b417111fa0c1861d92b553bc89ea61fa6e0eb27ab655142852784

SHA512
0b7c600d4f70df4972b7da0bcd71782b288864209407808fec6f4def9195d9efb05257a25e75981cd07532836be01cedcac482a2c8f5b929d98f11dc5cbaad25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e5f2b9978a10076ec9a1f52a96bc9a1f

SHA1
964572fd66a9e63be48df86ebc6e794abd57cf6d

SHA256
ec83655285543d289c46828cce37678d49e60d2c9fd2c2710b527a87cd9f32b2

SHA512
394effb236cac21e7f970cb77dff2594a7df0f1d7a97a477df774c8c4ab4d6b15b33f371572d79975d585da29ece3cd7ec6bbc50b6bf8517fdca39f8565a7a46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
827e71dee1e8af45a19544b4d7f0ad07

SHA1
1c7f4ce41ac4fd8e45954d2d18bab9cac79a5682

SHA256
71e78ca4059564466be11ac6cff34cac3873bbac26e02a020ef4aa119e407adb

SHA512
c99c07c215e491cf16b4a8a65f663afa7c458f8d5b6030dd54dd6a0bcdeeaf007acb0bda601940cb8166d39f8497420dc8a0eba8eb88c986b6cc650ff1688822

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d16debcbe4b349557754346db1a2a886

SHA1
0ead6d89e3877bf035e42d22a69158b48c38fff3

SHA256
48474b9ecbc1132e12f816aef377cc6d99da75fbc7bfc98b564b234ab420ee02

SHA512
d1281411c32f9a437574b470d2de1b64212ac1b03eedd6864cd89e80e1f22ace4e16f027cf261e0e0997d91ed60f8def13da734f6649ebbfbfe645036a89a148

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
eb352d8fc7c5d5581746a9f0bd4341d6

SHA1
dcc7004ab5a8e95d14488d4be7693ee35dc2f5de

SHA256
e08022737fb0339d442392e3c7e70fac87bef587253da7def09cee80b5e30817

SHA512
8046b4fe3196015709d54a9204ce205a488cfe9e3a0b4bcaa5f2c36790285023ffaaf091b1cddc95c7a11e5c1c070efc8be260208f918ab7e29867e3b6b51103

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4737201d5a8d8fda6ed8cec85fa7a94e

SHA1
87acd3499d62c8ffba31ab16d3a015f93d9f2905

SHA256
643162522314566e5cd8ffe320bcf8d30b09291f05229d4654476f35edf39118

SHA512
80a6d4afeec1327fa58262a6b5df86d1fb2c8b905adf986794ed7653e3ffe2e44e2b115a803d256ef0a782e199cd8f49a2f1dcfae11a9c69a31061bfbcc050fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
825263a1440cd475c6764f40ab0e2783

SHA1
a4bebb699dba9998f1477a0edb1060f18b4f0470

SHA256
6dded6addbca32fbd00fda9c14fda4f1597cee6434608261cb7b0e381011f00b

SHA512
601643d8ccbc869028304c0a6aa9b5c5f2eadf2ffc5c745a49f946eed5d97b8c927bdbefbdb7cf37a9451ed8811d1aa1b6c4414c6d477c8f39585621febc1898

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
61bac7e44a9ca29d1400a51550676b3f

SHA1
4554cdbb0de0ca33f1dc79a8675831e866e4ebe7

SHA256
883cf76ea1abf97bab7e4e7e86d70035549b959d09b72123f1771979224b1cf6

SHA512
18b87a03c9245e19b8eee141d9eaeba9b47515b0f24664338c8d13bf9d670273b118972cc8a08878d08716e30f84a0813ade88013c78ff0ee34ec512cbc04018

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
321edf4477b9b3c27691f30c1191d96a

SHA1
895bac187209eecfe233fbe152ed8173f83f7bb7

SHA256
c8043c9a7a32e75c288a87a0f64cfb63b045312dc849df5ff8af7df4d071bce5

SHA512
f9ce6c3561320f26300569195c74c5fb97169f0090f4edc8d42e390bae034458ca9eb81e5cb20630de68f0e101487ce73be54314babd600498dd42ce7b29ead9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 715516.crdownload

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit