hxxps://mega[.]nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

max time kernel
1164s
max time network
1165s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/08/2024, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{D971434C-13FF-4DBC-8187-89D0657AAD73}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
4900	msedge.exe
4900	msedge.exe
2112	msedge.exe
2112	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe
3976	msedge.exe
3976	msedge.exe
1768	msedge.exe
1768	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2752	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2312	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4700	4900	msedge.exe	81
PID 4900 wrote to memory of 4700	4900	msedge.exe	81
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 4536	4900	msedge.exe	82
PID 4900 wrote to memory of 1516	4900	msedge.exe	83
PID 4900 wrote to memory of 1516	4900	msedge.exe	83
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84
PID 4900 wrote to memory of 3484	4900	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe57c13cb8,0x7ffe57c13cc8,0x7ffe57c13cd8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4104934216923557641,6540351791542516129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2752

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\165b7e24-71b5-41cd-986c-cdd8ad27dc2b.tmp

Filesize
6KB

MD5
2a52c6cf7d3b246eadb99331763aac6a

SHA1
5b913e6382b803bd5390288673e2ea24964ec7f3

SHA256
c12a5b7ec6094b99b60a7f6f2578662c87537f7d400d02d034b9a8bedcc3fefb

SHA512
1ee98315916e65c82f8966728dd6ed4b4827fdaa0a8bea5dbbbf45d5b22a195341428c1b302c10367d494b281ae0d48fe6b9c2f6525840a7c48b0c27066e50af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\700c516f-e9b2-4bc9-bb0a-36c10d21106f.tmp

Filesize
5KB

MD5
820abd426db9d1b55e043c5eb54d05d6

SHA1
a022c1fbfe1702d40c86c77e773406074608a150

SHA256
d246b5cd102f6d00bbdafb057b44608d8f69c2d8db5eb25cb77fb8505e24dd09

SHA512
79566c71489d79c2576b7b01b9d2c3434cbc06c98a348d371e201d9092d2b3556f7f1b465095eff42c7227cbfd9dd2be317b324791f61e085ad542bffd6795f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
16KB

MD5
17642a65d26526c1daffd4e2cc616095

SHA1
4c0f8532d20c282f7ac4ab3810bfd2ac2eb68b3e

SHA256
323d0acd8b4c0e63c5d7d2e12432bb95a0342a7935c02d4ee725f0a0a92e182b

SHA512
6eea19ca228e6033abc5e5ad452b5c5f6192e2f37a43f5d65a90b52c7d7c71f1b1e6dce13708910d81cd70202f0cfecc5e163cf03f2a5c5e725e021be462b28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
31KB

MD5
a5000941d6fcf9782819c5af267378e3

SHA1
4e438025036f937afffab4e152004a2dd2a24206

SHA256
0862ec5b3a05cb86d40f6f6eacf7b71e13130fb6efee40c1abc3d6c27d800c6d

SHA512
794a2fbcb0352857e4b830da2a1e99dd4c404c6840204fe623214b7b671cd00c23cd6253126465da8f614584bf3461543f2083460758c3471a10ebea5221ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
19KB

MD5
20e96b16741aaefa2e47d6e473ca311a

SHA1
9ee818aff2818515f1de0ad33a5b757b53cb5d5f

SHA256
0a4298d9150a1248b7312ff931ebda70559dd2dfabf26f7db4ce76d9699ee85c

SHA512
f284fb18398f1919c7d5cb4b11f6ad591c390f36830d3eb90af90c49fbf49bf763906040f055f65ddafc7fd121daf15e229f8d8dd6479f9d8949b035f33df5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
17KB

MD5
8470c46e4e4daf0e07d498a10a9f9ee0

SHA1
cd049ae97177c815fc4c2db16b06e470f34fd0fb

SHA256
ef9e5897023dbf6e2c88960f092b7b1ef0b86552c057c44a1fda9893decc5812

SHA512
c0653527a9c1f52bdd7bf0638550b162fc886aac921a63eb412e01ed08f86a73ec6f4575faca84dafbaea0843f4cab4e3960200b2f620c7d161d502e17725cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06de37724221a002_0

Filesize
19KB

MD5
97f21bd7b6641671ef4d1c8e307ec890

SHA1
576883eb4f0eba6aa1757804eda2116e9adb21d7

SHA256
0ff061af79e625314cbf90ea3e1521331ff0ceb7ba2de92c976520a42a585b5e

SHA512
b0a7bae6d4e03d30f3b8e271f12286c96077b4e720b2b715ddc4c90740b7137f5dbac1062bb96ac89e84ddf7ab12b79007a78d6f028634f66525484b69f87174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ef371de0d55283a_0

Filesize
17KB

MD5
14dcc385e4ae3e9ba3460c7a529c6403

SHA1
cdee0ff19b112da18c86cb73723d7af79a44a1f8

SHA256
70b4900cac0d875fe1f7bc229f371739e71d4d580fffb8c7cf3b300a60b5a20a

SHA512
79723f113117958cdddfb63ac3de1d58cfbd2aa8f2a849178891fc17f10351d4f6f398bae34689e16116b654164d0045a83191f81015cdc889237dad0a4b3678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1224a3513b186381_0

Filesize
289B

MD5
875e04feb203270f993440db1d7fad35

SHA1
7bbfafc19e625fa18b34e868b290a35e73f51202

SHA256
0e17111b0c0b947aaee7a948a646cab05b265f6a5b99f55e99a8055d5b8efb25

SHA512
9bbf04de9200a998409cca910a07137203d287887bb4b1d6000ed4d4f2f23f2762498296b5ca488a6302da8cf4a85132ad2b2beaf356399452816205c3b31a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1560d52b0dbb1979_0

Filesize
605KB

MD5
ad8d222beb574ffcf94846963f5e0c8a

SHA1
6bf43d70c3b436f88e57f532785b8c31b144ff96

SHA256
aa43b11477304ed0e00bef43c9da8bd4af2b34984e62ec76e73b209e0629f43e

SHA512
3bfe2ee919acf6def397e84285f403df5521371f5adca85a52b2162386e12f1d1f20e3bd456d2a0920b914c6b13850fec4f751d47af00f7314e60d5d5ea6077b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26026d8502b75f0e_0

Filesize
25KB

MD5
55b5dc9a86484d6f85b570e3a8b4faf6

SHA1
2c88a03b6fad3cb32e3dafbd4471200d9979ee27

SHA256
0435e75841052888319e52466c9b9a54eddada984a0de2bd9e8c25750da4b95c

SHA512
d76384ee60cb5422072f86fd98240410cd6357f07b9a78799e108705ebed86d33fe2d4b53b9827e1e26fb23497ade0b1a129e7dd3b398b55bc10ae949779828d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2829bb2026979a21_0

Filesize
4KB

MD5
f8ddcfb8a6ef042bde2f24d564c2937b

SHA1
c688fc1288e1d6779a640bad4575b00054377991

SHA256
a00748f41b51758be24d41b21d23911df3d7da5f289a5cf4f71ac653a07c23f9

SHA512
870c3c415b8cda832c676f252e47e3c89065189c5345a85c071468715299d87215ac8d1d1b29625733c9db0cc8f1104fec061dcd0328459d7dc8590761767d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c7c65233c18fc80_0

Filesize
1KB

MD5
84b156bf534a01c1dd528e6844c93467

SHA1
b561afd9bf9d8a54d457026825483303ba922c8c

SHA256
ec33b1a265d8adbd357f9c166e8202b9754d92af0af5f70e93d793f3ecea1772

SHA512
7744e6452029d898f0ecbe7bbc887f05c3e035c68155e4ca575f337a120ac739aedffad11f74a06ace4325ef0174075c93fd6805ead1cb868e9c9bcc7acdcc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d0894bc2c75c39d_0

Filesize
89KB

MD5
b0fe63953df44aa83367a9bc88285433

SHA1
7b12a2a1a70bdb99fb6be2b12b42ba90af0596d8

SHA256
f6d9e4db9447c9af62c753d645a2bbc54b8a6b2752ebb4dc1c119afcf119fa7d

SHA512
ecaa7d3306940e387e90c8d74ab50e33c25ea2bfd9f2acfd5d1edc8bb89f719c58313cf920570b76a936135d4713dc923fea0ede6358864df520e7217c6d1be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f85294d10a0d6d0_0

Filesize
14KB

MD5
2fd89d18d599de5db4c61d74424df488

SHA1
d03150c546d5ea7b7f58069a586ecc5ce78be571

SHA256
de081bb0b248b19e9a5c2af1f71d1d560cf66c673e09a8e1c7bb758ebbeea710

SHA512
a0096331287f7a261ca28993f00ba1c64c5d4142c5a01decea449ca710f019f7f8c7a97b52dbefb02ee1087828353aabbb292f294155600230256f5fe16dc012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81e64727e1ad59d3_0

Filesize
249B

MD5
cc349e9e591ab637d03d5c9afc98f7e6

SHA1
ec7bbdce91e25ffb153d88ca21cec7344e4a0e3a

SHA256
85d62098f9559f54a8c5e9b970e9e86fa1120ac28e5d62c3f23109d38e2696a2

SHA512
c0c45e04c5040d799ce9d031b5130ab81d79eed9652a9b7b6a74dbdf85d46793ed9c020ce843acfaed61858d3e20ff1e4ec4bb1d827779b300409fab89f529dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9a0dedeae678ce8499fe0cad784daa46

SHA1
b759c4e752ccf66bb273dd1f4557597b92f65ae6

SHA256
6dbbb11eb15236cb91fa1178064b5d85affd96841a558de1b1184a5483055859

SHA512
701f6690272df2dfeb00af327fea9da0ed60ceccee8412c7fb5acbe493af1d5664a8de4f2736c5747f6f1041d5d26c2b50ecd4448a99d83d1b1cf824071c47cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f4f562a79e4087bd057f0b3da7cc293

SHA1
823abecf62617bfa83b4d96e963941c487c8bd1c

SHA256
f832a1f04deb48c59c33ccc06b44595d018d3ae438c305f092eaa6ab2679d2aa

SHA512
1aeb5129e1bb95a576fda7c94fbd2da73d934387f0e840316854fd6004ad4a37c55157198ffaea289f47454aa92ce71e25c022595f33ecc9ac8ec822253c49ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5899fe7369b4f24641b13ce71b0bb85

SHA1
9040d9838f657a69d6c07417e36b10e6b71fe2f7

SHA256
99076739eab08b068ff85001bf2ad8dbcd2db9f7d19e42d3f0f1df081675775c

SHA512
5b4bb9ac72e3bd3fa996100c6aa05c6753f4c7dd58e1524aa0242683f0785b33bddfae93dbb1730fb9cd0d169b1410a76c3f3abc50fe634f63c9b59d788d3cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d0c014b62d1caf6833470fde04e8b47e

SHA1
92a233ef069cf3bd49d83ff0950f2e8a3f9d41b7

SHA256
b2a5288acb120ce0eb7fbebb525196dc05a0bded055002405bad088c60af4dfb

SHA512
f693297122775d22808887ae068bf94c482484d5aad1445f102c5b2f672d88f2da5b29221b200dfc9446dfbe909c9a76ce29cb1eadd503a611b216484c44eec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a15232f0fc388c57de8ced902c9fb4bb

SHA1
34d5b4bd9768a5e7b276274e9f07c0b1682380c3

SHA256
c67b636a646a2b1852bfb4a260fcf597669dd1dd31023c986ffa0b4dea9d448d

SHA512
d9fcee58bda0b6c1be04642036969fecd81c4fabc47c66365300127786405ce6fc4b763343130b6fe29141652e071506fbd5e8c516924f8411569b867f9c606a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee35ef4e5a791683da9590b2ef4156e6

SHA1
b01e8d36d52f0d38d16eb18569e71b00507499a5

SHA256
ac35361baf0e8f837cd6fa4192ce342278327a0a666cea95fa766980b7ac74f8

SHA512
e5924995a8e7119691126be55c95ef67d55595e12b98cae8261728cbda8c307fdc8ad3e685920240b712c7ec612b27bedb3c2afbc7b7ad4c6abf31a9466a7d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c2e4bb46a4a0e0b0d3386e66b629c78d

SHA1
d050b650144570f199d03a27975931ffde1b552f

SHA256
45b4471434bca2212769e02f73440e51e788eff54c8b5d80ad929f1127434dfe

SHA512
b43d005ba237601e329a0fe86a5bf3c4db375288d183c35c3cd5145553b24c53e436e36d53b38190619c80baa117d185ae6ca3cc8779567704c7b9b8e01441aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6feb2b6cfebf4f2d69cc25b511897803

SHA1
e25ac428b80242b0e5063d03c320d71314ec5c70

SHA256
0202718f610bdd193885914a550dc2e816fed8c556758c1a6df5c1704527ec8f

SHA512
a783bbb89a825b1d2422814c4304e7aae1c827b0e0f12d488b946bc1a4a1796943f964be129436c66dead795dbd61db1c4d4280b0171298ca58a3db27267cf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
425041d29b6fbe8ab5308cf469775e2b

SHA1
f31612f0eac67f78ec231d28f98b51e8739ac536

SHA256
d270aaec20035732e18abb551a143f26adc953d23b8d3037f8a54dddb6f53053

SHA512
583d23c98eff5407ed6f757aa93cb692a38017c57ef64aba1a805bad95696b3f36348286800e27f456956a173b58d937b73905171c0d32158395fc7a9e058cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
463e48939486a0bd6a7c5b90181e3906

SHA1
bec8f93d42b746db8693d6839fc9f659fdc5eead

SHA256
c27fde5e349b569687d758906a645efcf6b1d08df3cb4191aa87fd642ca370b8

SHA512
cb93943a5e0cbc1c038b352d6b37d198c1894326a4ff3af096398dc4a0f77e489223ef674f1258dbd76ca829177e075ba86c319d87ec28d08aed049560283b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8eb7441f630293a33dc022168973041f

SHA1
1aca7b93db62eaf870d8bb7d60272c5baa9fc398

SHA256
93f596e6cd08223cab6721160edd6b8261f93f6fe7603c52507d5f0c9e4f970a

SHA512
6a117627fa76042326aa80fc9972d9e4b90cbd569236f382e92d48060560d1a0ca3d0ce8bd9edf7f223459c320089ffde3c3d7ec5ad8f0d10ca1bb8fa3ec5a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
561d4194dcf5051c64cc9c61a9a09c5d

SHA1
8de8471c905c1ae050693ecef149612a51756267

SHA256
cde5394861419855d172e03b410db31af12933374f03701299dbbd92644e5576

SHA512
7f43f6e9e1216ac3d0b8efa6707854256f666d2c935e85e445d0369c6620ea04f35fd58bb2faf5de913f70536049c9fe5ed6d78bdd6347669b50d1bda0e23708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf1edfe2523b337425c9f0a8c7bb57d7

SHA1
8a16b5766628111726e5b035f7dc62d44a709042

SHA256
5ababc27163df184af0d3123feded2b85b38f15e8b84dfc8ca78a6e882a894b4

SHA512
564590846c17bb18a6a533aa67b4152fd8bcff0a9211cbb05b488969f38171d1c936fe8796e6521565031d4136057ef94a2eb647e150f5499073658d44c7844a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6572a3d9b9fad12ea886f3a4aa66519a

SHA1
13d583eae43bea1ca4103709a7367057b67236bf

SHA256
bcac9fb685186efd709ff60331ab42d6db0940049980f13f6b103e58e97f4ac2

SHA512
2937a9ed43e248937b954f83ead4dd94f3153e2a2405580beac7f1cf046f07b67bbc0b5b9057b6f35e75eae0e0d30b346d5621a67903dc74c26246eabdd04c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd80260511a678a478d47b14a7298699

SHA1
d01da632df91ffff607bf769b91f0e981c88652d

SHA256
198465e95ae322ca097708124a62fdd3186b527badedc4c948402bf3e7a4903d

SHA512
8dc410ca50a862ddc968d04cbfccb95f2bbc4896c1170e9c028a89be5185b8db9ba1ee854f90be997078011dfc2b0e3d29022fa553c805e3e411e74cbbb4e831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e91a48d3d1fa3111cf6ec5ed452c8d52

SHA1
0007023513b240dbc14cc1802c64d082771cfc9b

SHA256
fc4464c7fa454b5233ac305ff681c5ee3a3053d43193e6b9acf224872dbce5ae

SHA512
a0ff293fa56fa9c5c1c64e785d268fee9982351f59db68089479c325bc6f8e2e74b65853ffd86e431da631ad804eff573a4bfa4d7c65d5ecb899fc1647a92a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9f05652f44ffd413e64e581da553880f

SHA1
e204957fc8cfdf19f317b8127f5c02d774052e3e

SHA256
0d06ef237a8f6d94c87ae4f995dc1420c6134c7c6d544c53425a0ea107a4b44c

SHA512
51f4f6ba16c273f648a7dcb0b42e8aeaeb778ce1f15e61a6773d31fa7eba1c6aabfa88ff755e1aa6c85937982540d8b0e95be7dc8791b0abdc06ac5322622b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5ff4d084ae60536a182ec0193e27467

SHA1
e50b16e6557942d73cf0d2a4348f12f2be0de40a

SHA256
33f17d25efe131a4d0041c4d1b6fc0a566091238b2b38c21121c9687ab0f2f01

SHA512
e8a1e4607f4d6669b702b9bde69e8a2c10aa80f1d55cd5198dc371456762c07797d54fd771a9d3c00b074a6982b6e8227c30f5eadd34a5bb870ee2cb4385ab13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9eb715fe5200af37bbfba75d92a81593

SHA1
4dba27879caee6cbdc28873ed6accb6500e345b3

SHA256
8e462c7a2c5bdb078a908d9d7affffd587b3ab0812e72183dfd2dee4fbcba6d2

SHA512
421f609bf6edad99398983b3c5118121a317c95b3beb6493ccbda08b51ef4c6eabd3d347a98ead7e55ce9caca44deeb72f8c6b710ba5b7904e7021fbdaf05171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
756e910270abfc353e9f2bd6cb20a02d

SHA1
a6557adbccfb48206538e34f28029b95ab118614

SHA256
afd7a6873216aa5ecb3a773f33948b0b74b30e6f93be324129d8fb7c10afe4b8

SHA512
f1c8be87d6e9c96281ef00242db5ad2ce78235301920c5e31736726ddde3257b4759cc44ba690b7ecaa002590491b938b875fa62788541618b9b38ea6eff73e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d99f37552a82fdd980af871938a2e566

SHA1
43e00632a4da36849abf106e6555973775dc8c14

SHA256
b49b313b6cc282e1110d8568dfacb092cd9ba3e5ceea1b629b160dcbb0118000

SHA512
1a5c6bd29b83bcd288a0e380ca9d0e93dd8d07f10acf8d991182af393f9a75b24bd50610b49bd893bb38c04a321ef5e71c379bc27da2705bbb7a3c318cb471e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffd403159c52320583e7a9535203c3ef

SHA1
f82230cc35cb5d99f25279c4f2157e7fba206335

SHA256
5cfa2887e4026d62945d3a92b008479d5a4b2fd433da153a2c3e3317010089ca

SHA512
24ee11da708b5653bb43f3a1bb0a11ccd2d2bc1b49bf9b93be0b6feb7f88e80b3e278094fce03e241081e731ea5c46aa4a2a433b04f2912f070831074db4e177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
435b6f6797145a1dea2adbec95941f34

SHA1
091803182a50e30720430f446eb5f029b43dbd89

SHA256
fdf686cef967396b4870a8f97debbf8ba4444005947c66d03d51d1cf368a8c0f

SHA512
27a90402e9ec7ba75450f8cb6a6168b7bbc360407a87b3b59d979218877daf42f0bdcd3d11ec46a3d0450add99b44f06e120c71439f6e5c43a7ae402c255c3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9ad2a6b107fefab5f3bac2383da11e26

SHA1
22a356194bad8e17aa9b02482d5b510ca3e6ea32

SHA256
9eab3d6c4c1afc2a7e2335c9587f9f605bcb57a0d384483c661ec646e64a7dea

SHA512
b71337b9b25caa578a88501cc9e27b8d3e52773a8f4d418012c636654c5b3a7a758d4bf30b55b69349d59ebd22fb60f2ed25a3c24eb0e311a847168352229134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5ab9684caa006063f2f2ce58d430a66a

SHA1
d50090e250539cf1ed408202fb0d2425b88b8d5e

SHA256
fc977d55d99f478cf016d059d0ff9945ce09a3f55f063512ba5ef2b4496ca2bd

SHA512
69d187be89f6edb55b1276cdf481752459d00050d38e7b8cff1389d79b6de8c52b1c09d035b8f2c5a1fc43a14840777bebfd0670c49b545d739bfebdbde249c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff27e9679edf4561fe3cbbf920103fa0

SHA1
20146c2c25c66e98edd6c597cc99ce43d19e5b9c

SHA256
e6d675c222987b4289d71281ccba4ac4637b89b149fe25ed5addeec75bffab04

SHA512
0a1dfea66cebc7ee08370293fb15ace86bc9f3365cc5ad63810d4ec9273216ddfbb1193219ca50818555f4b8d9c7be946c0bb11c950192404c5f032732ee7c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
107e06678c5868059cb2339fac8fb675

SHA1
3f8bcc87e4fcfa5f32c523538b4e46e3965128ac

SHA256
9c327e48fe2867c43bcc365d4821c5933e938fa1ff4cc6918d03173e1aff7511

SHA512
8300bf9b6b047a2496805c7f4507ddb19b8e16f952620cc4f3fd16152f96c0f3857adabbde5cd89d57f90b36c12449116ce62e8e1eb0e690e21d9d94653e8861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c394cb524fc29130f07181735364d5f

SHA1
349ff801c684016762a2e022914d70ec1edd1a41

SHA256
80549bed2ca6ee12ed5846e82b9577175b8626f3f53c3ee8c62bd5ce67447558

SHA512
721049e9967f06fe08878d6edc4d6a8a36cacb507c367bc1f392b0dbee8ea9a9a2b0c67ef66de296d7d57143dbbffc13190efb39f45ea2487506680e0f150d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7cb59829867a98710c22c7df089bba2

SHA1
81b63020a582b6ab8be817e68b3718f6d1aae9dd

SHA256
0773eb5bdcf3f94bbfca3a24cbdde7dd7acc845d631a9d61641de20a519f4a43

SHA512
03dd78346e15db283a4ff4a14cd540aa7d61bf90faaf8c6e3f5db9f3d47f8b38948926a5078a271283a2998c3de6420fbf186ed90c893a38400d24358e0a8b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b2170044d2c4bb638c59091c2ebea2d

SHA1
c40898dc501fd62f918690502b38e20d0fc7fe64

SHA256
68c22d8ab7df9fef2ec618491170e477027fb3ffc240673763f0f4cb42734677

SHA512
591e8dc7d4dc3153220ae2f4e86941c12a9dde07686d797e21da928763ceae29ca4328320176867b274fc2b83d2f07944c51e3fadac53ac719e699887cb83788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73d7cd24fd5e5b423fa3ac2ef38ee9d6

SHA1
b97d4eab57c9f4f8b1c6d39e58a58e732869bb20

SHA256
5390e9ff79d29ac579c299b01f0039f92ad50ae798c5009349fe7235c9e06185

SHA512
4bdbab7ecacc9ad873f041c17f8899df13d26869ad9d8432d00d769dd726496b808bc47d13ae6b616ff1f32ab580639ac947f4b1309b13dc461dadc2e9e41b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3feb5cfa62ccf4799fcd3cc62f40a7b1

SHA1
9af3df0634e87476f95059c41d69249db69c5b4e

SHA256
78058da7f6ad294a8fd0e46f63b617a2376df558e0ab418f91c29f004faf41b8

SHA512
3a053a04ceb3f4b4c26f1bca93a3557d43bf3f115e5a06c6d1190dcb03af5545a48c8ec86a04c89b6872273834650a2b5ab8e40fef7ada93ca7b1feb2792fc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d642cb2ffab7debdbefb423a64eb9c3

SHA1
a78448f83774362bb0fc998c38c6493d8202d6d6

SHA256
a1839445e29aac283bbbc141fa59ae147e728fb6945eee3a668866b58d969e20

SHA512
4ac35d51272617b91d5b8fad7a1477249e942dc55d35f0215f36485dfc017b770d7f86ee70f8e8d165ca39116dd113098c1ab3b65e1a891f78347cf075c8e93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f055dfe3dc7b9795f038242f3980068f

SHA1
64bb2202c87ccb425726aace814d701af3cb6493

SHA256
3aee23dfcdf28f97bc49ed9c9b51b8b60725b9a1e54fa54f94e80f2ad5bcfaa2

SHA512
c53afb54ddb895883377d31fc10ef89d3e6a70123271c121808bd5f69f006389ef25f0b7fbf652883893a0e7318fd80b40165e8fd180f840ed49c531e98d29cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4739362a5b94f98d934e3ce3a1532d9

SHA1
ee12a765e43333bc3dc34dae94b23b1f0a862373

SHA256
12601608b31c61e36badd39b51605493a022bc2c3d29e5a1b18d0fc3253ce069

SHA512
cba3ec50c047a6cef292034b7121d1bc6211a3e02b7b5421197e63e15a5dcc1ed69bbe40146769fd8a27032cfe6d1e2c7a4194fb0848fde930d691e8213960af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c1490cc437f182385339c25b72ca57c

SHA1
530be0029a2f33035ac1e87606e0947819216493

SHA256
267ed1bc875116f33c1cb7dc1ac4da7406b2710060d8b17d5841a157b8d3a8a7

SHA512
8b4e01912343c03b20d5481613316336fce114ac38a915d401b27b20461b20fff822b74f7f5210db836038765e4b110e098972cbe2fbc3113a5746bb4749a4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c6aab0289fbedc844340eb94dd981cd

SHA1
da47a0ac649994a15e844a4f05ac4eed3b41a53c

SHA256
84f70a1321d21ac2ed0af56d0aecb766a9b6b81385683742be5e4adde9818985

SHA512
7899f161c4e6e5b0b34ae99b0ab3987f72937de33282749677b3316b27c3cacb97f318544ec3ed334f3dc2b6fde884ea9094433e07b8daec8ee963b3d52b9702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6982d1ed92e30377c4ba1be210fe3fda

SHA1
b7d7cb5ec4ca9e2c8b1c8678821bb711c7a2c2ec

SHA256
29c4fb25131e8fc8c8f8cd1139a568377640ad02424fb8fd7796459960b143c8

SHA512
4ea2faf5497b1fdb8939a99e23cd8d5be24ca5596a45829ea66e73b44eca0213ab516d9a98f235521a8c8e4b1fdd47c552ad38f92e95a6b6b5fc5f9ad7170f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
267d98ae5d710c7c84606c24205ab3e5

SHA1
32c127d7215da799aded73bb2e9a6f39a7e6acff

SHA256
181ae1f5285ff7c05c3ef05381c4effc4a5af2ce665450c78fddf64f769e25d2

SHA512
46810ebe221c78848d024db816f1dbfc863df109db9156751e9e58acedd426831640916e9409f548bb9ee43bb6940b85d9d366e004f9c4ac71a774d07d05eed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c9d0abdc76ed16e0c3430db2dfc5604

SHA1
6b2ee1779007597c6253bfe07d4b6679dacb2570

SHA256
2d40629a112487b08f37964f508f152316a47e35d12e3bb8c84026373e703e13

SHA512
cc864c02d39273bc55b466009cd7b89e6b8def60b8a9e96853e16c417f0148b69966661f41b53dc1b81a86871b068e5fe43d57f0f60d9093500fa203a128f38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0fc63500a87c7c0d63d35aefdf83653

SHA1
87bb059314676e33b577d0db2e43a3b736d36aac

SHA256
696a67570b2f4725946d2a49a7c9beda2e4613baa0f8f2ad4ed053c45b7b7b4a

SHA512
c5c8b60904c40d0e7ec96127f5cfb298ec9803edb92e15b4c64fa851fb69137506eaa4d6a0b592a939d375fb4623cacb6d4d3c21d369d77942039e3917decf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84f0fa1bb6b7fbe3370935bcc2efeec1

SHA1
5b277294ac255784eed4b0efebb8d10a2ef2710d

SHA256
73fa76f0f23c5ee1b23e5b36ff13d7ba221f5636b0bb32bc1ff4396ae58c4b2b

SHA512
9dba36113e87c9a8199c290f129fa136d07c8c46b897e0d6dfa31e0752429a9ad6cebab0cb12928cf4ef0ec53f9d021a885fbe91467807c1a634cc417f92971b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e483eb705c4f61fcf5cd171e6e0895e

SHA1
f3dc43f4163eafcc32d25e1a52c360d05ee15c90

SHA256
1c7790386cabb51952c304c36064534df815b291efc3b1708cab886802152b86

SHA512
ce5a6daac3e5083465cad48e11de4a9f8a7d87174651bb1258590ababa722dafb353b3fa16aa1b9e8982e172ccdc0bfee1a33986f66e3dded1635575cf96e754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0bb45318d121d6b2502ede1d37897617

SHA1
9ec38d05edff2562ec8c534991eb89836262bf9e

SHA256
f9e9f029adf7c923822da2df43f96395b0be61fb7e8b29bdc3c91750b744bb0d

SHA512
67bc01182168d8e40df8cfb751a5292cd86357576a6616db8b32938096d33a5df8ccfcf28a6c26ad302e9696c48400da85d281e0d06b6b1bb77df2aaf89f78f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f201.TMP

Filesize
48B

MD5
ddf37d12f386784be4ca44713555c608

SHA1
ce4991228c4bcf78f3e423bf0c69af7bf7ddcc37

SHA256
c03357111553a0d2f02ba62ba7ffd29daae22efd40b3c170d78955b013acae85

SHA512
12a68826301c308960729acdf58db01a67743825afc7f3116164a2c6e43eb7c68e6de94accba4afc3e450e186677124b8f82082d15b605f114d2a175986c2a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9decd8998f20d754df4cc26f58762c2

SHA1
85b4da3823b055e000de78b898c19249ef721527

SHA256
34d1107df8180051972830a4b55b99b95c21b275f9825e055213c1c5521773fa

SHA512
e7c0515e5a95dd45a891e5138da7db0b361f3f88d9dd8f2566cd08c69a3dc9b4199cb00c783b87fd59d8f948b89f2e6bd7ccf5ca910020efc98145110a88ebcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ebfc86c316d8af0422837862ebdff7f4

SHA1
04483224d5545d6e4719f109f878c86da742ddc2

SHA256
1a4b479981b1544d2e5a6eabbc3c43e5b34229c0461decace80eb9b424204878

SHA512
4268766c54fc19a7e977097628157efba1b614c006c29b62ead50cd83ac5dde3c601f764487f211e7272f0cd101618c57a703531c961d70e3dd6d643ee8a52cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d940d750714de8f4fec94895720f338a

SHA1
332fcaf34b4b57ced53d500eb1aa413866e3895d

SHA256
da6f30858feb973461f9a7b3583ec5f610551999bb5b2be52ba98fa9edcfc8df

SHA512
0c15e4fc9800a4baae76bbe43af3a6663a02c27cbff952bb776dfa4a0bc524d518278c79bc9b4b94d78444a911b1944da45758deff382c88d1f6a26116783025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16791b68150aaeaae032587c401f6bea

SHA1
3d7cc75089d7a3e059bb273c8a2b497d677a7cec

SHA256
7db3e255a5850e806cec66664cb17ce9a61db5f82baea9e89c89ce1497c84269

SHA512
833b1bc46ecab85a6092ae0101500b5cf708fbcce0c331e8c8791c55826c09a41dffa5ca28a3a81a47aded2429d47495e5bf9f467c475b028ea13a210bfe87cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f979f46b7997213bc9ab6717838a1a7

SHA1
9bb9563eb4f0618724593fdb16ba2a1c64f22468

SHA256
1420374d5d03a95f455fee7c764ce51a4eefa2fb9944ff99a8939a44f7248d2a

SHA512
6b0517b878a83a726e6a608be9d3b2bae87e03c7f1b971e459fe416f9d1b44e1ed8ea3d646633560ba9db154cbf5a01576ed8848226db8d0ba865ad4446acb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b72ef9e23c37960b149ac32b8dc0bcd5

SHA1
c696afd8e769faaadf5c0230e174c0dac2f43f6d

SHA256
2d1e1c2cd9959d4f44cb12447a3082e9776c8b67148ada22ae67eaa78f4c0d72

SHA512
2ba4dc121947b3ba26281cead24d8aa40c9221226b40065021d16abfef97a5f08bedeca0183abfe58f670916d9581665074d7e827b68df9437d782bdac6faa17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
619fc8ea1d465a4bab5ade03b047f5e0

SHA1
531d1d9ce683e9164acfcfbbbe0abb70301191f0

SHA256
7a699ae105316ac76635410867ee97115257d8bacc2cf2ae49b41223b3daa1e4

SHA512
500910c820317d35069eb7a58c2e598659654bb5caac0effef5ae4ba287ccac67268f8dae4049a54541ac08e9a09d6c20f2c03dc917038243048ca8f217d5044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64de44672186bb52ddbe909c707ef1ca

SHA1
30416b9629446f9469e76e9c9e9db57c31484eb6

SHA256
64adff0c09ad09ebcf18f3615eff629ee09ea9a48fcb14ed6e3201488169121e

SHA512
26758ce9f77e5cf4c5bc62354c2a15654f2c1486817ed62fbe5833f0ebabd0cee7abd67d944265b00386536c1549c43c1f7d79bcb457841d28ef5d21b22a0570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aeafffe49cb3d7f7a620b796e8a67059

SHA1
77ef360befea1d9fb19722e4d91ec3a192368524

SHA256
05b17e68e827fcd87267726e52edb36577726c7b7cb3a9cd2302f64bebb244c1

SHA512
c4d7e9072a2f65ab0bf1443dc25595baedfae89fbfc28b539a7cdb2d485873deeced251032ac60320d7f349b58033fbab71c0f9a95a9a3742c94566d9c4a55b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a01fcc76020dc113f7e809a7637e6dbd

SHA1
34be58d6136e1c92253f2201ffeb1ffa2e4e1e37

SHA256
0313d36134cfcf075382bf51ccae9e30dc5fbcfc94349bcda903a5438fac3acf

SHA512
43711ef836c4e5a7aaad0da6308dd274e119cb9afaf4d2523e47f3ee01d367bb9257fc1b37277adba559dd89a43ac51efd975702cc3284d3074136788955651c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
b3390dfa2922bdd3314f2fe2f568a376

SHA1
53c91ba87cb2491f547cc2f1997c9971fba85088

SHA256
283a79706e3809e5b74bfc2ab33f7d24520675502da284c8409d8bdecfb3aac6

SHA512
3d8533d44cf128ed3f1586fc6f69ec07ea349680eb825151951e3a109a70cf35424c5ea8c2e5d50e82e9544533b122e0eb0bdcc99a181f17aba243ba7346263e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6be50f7d512787b5234027cdeba99ea8

SHA1
1470ac63f5b6810327eccaa27b856ff1bbf756ce

SHA256
0d4ce5d66346543a8eab7817812ad885f310b65d3159e349c284d3832196a4f1

SHA512
58a00a0989f15b20bd8e279df3cf1e55c614165bb8e6e1f84570aaac3c88aa4a37818f1aed7db48968fc84f2a25afca43c3b161e477a6bad195b0f10ca3a410b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bd2aec8115096b7e464f2ee3c603db0

SHA1
33d5afd4173ebd3f82292a7e4192f185d9c174fa

SHA256
99563c7558b4d6791863e17734fafc70ac7aa4915f31d40883d5e821a56a6189

SHA512
406a8faf53e0a830d13a7451d4501c261f69639ba4a14507e34f97d44903f58c6a5db2514bcfe3e5e1dc44bb0bac9773b3f58147181572caed390462d43a37c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66f3c5d88e4827861210fd28802b8f49

SHA1
0e5a9bc2cca9a227b77268dbc1cb529ee8b5e516

SHA256
e3a0b39763560afc1997dc97a46e72b97b17d86b8cb2935e119458202e0ecc98

SHA512
e317d5310ddbd35c6c1b45450541c29509ba2af9bc0e4413f726ac73cba6685ef44f69b6ec4490c4d64e0e55d3ccdb2370fe033f997d706d990a15da58b56082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f1a3.TMP

Filesize
201B

MD5
607d54f2ee58898d02d5d49794ec80cc

SHA1
f6644f52eb0412719a92a6672922dca6d322b0b6

SHA256
47d8b061e1d755930ede023bc881a1a9e102eccdbe7549ef25250221273c0f90

SHA512
759f0804056ceb1d6b356bcdc11b5e524cf35964db8180a2fdde989176a76f6701e5ff896fb1ef9568e8dfedf55f3a72d4d2577ec6a6f29b86cf3b7e76758bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fea17abd-89e7-426c-a6c0-2d3e721f80b0.tmp

Filesize
1KB

MD5
aa66a43c2cae65325c935d07378866dd

SHA1
2e7a949c0fed24af330cd66032b778a4c4512c39

SHA256
dbbbc0bac7dfb846700675b8e32236bd942bb2dbf2ca87cf10e5961ea1d7e7d8

SHA512
6229f04126eb782757a7080c7082efb104d331bfbee69c9ba7a49cb55720db2bca2ee770998de20e9aa726cb207d4377317a1edefd13d2b1a8184a9f253ab52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b0ae90bb6e499586c928dc355c40bc0

SHA1
95ce2cda1c9b1f69640a2df3775c5b2b97399814

SHA256
a1dfa287423e43dd5c6c7b96c3568b098514bcef3f68fcbcb817a1652195d15d

SHA512
26de299e253b4790eeda74e830b69801f15bc4819c87cd41359b00f95d95a64b4df8a429dd03faa6d474ecd40ec31f9c0cf4e37ab2bf3e20bc26a7c885023c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3240f5f831870143289481903435cb97

SHA1
a90ffcfca960d280e01aaf58ed6ae8d4b8c87508

SHA256
c1993706b08e3dc9ca07f55e250f81695ad2ae298534b9cc8369e0afc9c62750

SHA512
f5187d97ac52db67fb5717a4c09bb41818a17dc732dfa338a3ab19e2b560115ff4de2401e6222e566f664a62ad800daf4f5121cc87eef6ea0f63ecef4b9eea36

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
30f9f69bd4cb3ca8ed4af465e6bf3b72

SHA1
1f7bf3625d683c1af38485d1eb39152949648749

SHA256
fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36

SHA512
ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit