b6e7c9b6f72670061b169ea66ab2b197c3795d66ffb3f3593d94323bc3d11468

Analysis

max time kernel
60s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hasleo-wintohdd-5-9.exe
Size

9.3MB
MD5

04c8401b79f024faf424bd3d192105f6
SHA1

bb0f0303bc16c7b09b6a0e60f190464c1fd9b6cb
SHA256

b6e7c9b6f72670061b169ea66ab2b197c3795d66ffb3f3593d94323bc3d11468
SHA512

8ce53f36d4386f81b367bd14a29fbfe2f5be4f090a85ccab0bea89260e74daa08e4d1f853b8c965bdaec32c5cc2815e039a46f54efcdb1d1371b1ef6dd3c4d73
SSDEEP

196608:JeDxdyMMPxLl5WCmAyo4dN6nV91en4+/PlsloDDLOKiH2yBQGp2TnQK:JeDHywouiC4+HlslMHOH2k2TP

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2964	hasleo-wintohdd-5-9.tmp
692	WinToHDD.exe

Loads dropped DLL 4 IoCs

pid	Process
2964	hasleo-wintohdd-5-9.tmp
692	WinToHDD.exe
692	WinToHDD.exe
692	WinToHDD.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	WinToHDD.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\hu_HU\LC_MESSAGES\is-IIIHJ.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\zh_TW\LC_MESSAGES\is-JIFIL.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\libcurl.dll	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\WinToHDD.ini	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\en_US\LC_MESSAGES\is-5LOEK.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\Log.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\zh_CN\LC_MESSAGES\is-1GB4O.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ar_EG\LC_MESSAGES\is-SHAKV.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\is-EAJCT.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\AppLoader.exe	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\libcurl.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\is-FTJLC.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\ar_EG\LC_MESSAGES\is-3965T.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.exe	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\bin\is-JHDP7.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\it_IT\LC_MESSAGES\is-L5NLN.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\ko_KR\LC_MESSAGES\is-58SB3.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\tr_TR\LC_MESSAGES\is-O1R1K.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\WINPE\Windows\System32\is-87JO4.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\is-P8HD0.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\de_DE\LC_MESSAGES\is-DE1B7.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\intl.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\en_US\LC_MESSAGES\is-5NFJS.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\fr_FR\LC_MESSAGES\is-5CK27.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ko_KR\LC_MESSAGES\is-C36FN.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\bin\is-0I7U1.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\tr_TR\LC_MESSAGES\is-LRVRE.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\AppLoader.exe	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\libcurl.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\pt_BR\LC_MESSAGES\is-AJLHG.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\bin\is-45OEQ.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\WINPE\Windows\System32\is-7D6NR.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ar_EG\LC_MESSAGES\is-EBRKV.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ru_RU\LC_MESSAGES\is-2VPLG.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\ar_EG\LC_MESSAGES\is-117CO.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\hu_HU\LC_MESSAGES\is-8NOCJ.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\is-V5P1T.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\pt_BR\LC_MESSAGES\is-PI5OG.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\unins000.dat	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\unins000.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\ar_EG\LC_MESSAGES\is-SANID.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\zh_CN\LC_MESSAGES\is-4CK0B.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\intl.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\it_IT\LC_MESSAGES\is-1VFJD.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\bin\is-F25JH.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\unins000.dat	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\intl.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\is-BONBR.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\ko_KR\LC_MESSAGES\is-7D9FP.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\ja_JP\LC_MESSAGES\is-QM76J.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\res\ru_RU\LC_MESSAGES\is-8LK4K.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\zh_CN\LC_MESSAGES\is-0D11C.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\it_IT\LC_MESSAGES\is-92EJJ.tmp	hasleo-wintohdd-5-9.tmp
File opened for modification	C:\Program Files\Hasleo\WinToHDD\bin\VHDOperationEx.dll	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ja_JP\LC_MESSAGES\is-GULKD.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\el_GR\LC_MESSAGES\is-2SO2N.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\pl_PL\LC_MESSAGES\is-PE7FN.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\is-KL5G1.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\es_ES\LC_MESSAGES\is-V0PTG.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\is-JSTDP.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\is-9OGK2.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\bg_BG\LC_MESSAGES\is-TPMEA.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\zh_TW\LC_MESSAGES\is-06Q8A.tmp	hasleo-wintohdd-5-9.tmp
File created	C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\res\nl_NL\LC_MESSAGES\is-CPCRD.tmp	hasleo-wintohdd-5-9.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hasleo-wintohdd-5-9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hasleo-wintohdd-5-9.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2964	hasleo-wintohdd-5-9.tmp
2964	hasleo-wintohdd-5-9.tmp
3284	msedge.exe
3284	msedge.exe
1084	msedge.exe
1084	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
4332	msedge.exe
4332	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeSystemEnvironmentPrivilege	692	WinToHDD.exe
Token: SeBackupPrivilege	692	WinToHDD.exe
Token: SeRestorePrivilege	692	WinToHDD.exe
Token: SeTakeOwnershipPrivilege	692	WinToHDD.exe
Token: SeManageVolumePrivilege	692	WinToHDD.exe
Token: SeBackupPrivilege	692	WinToHDD.exe
Token: SeSecurityPrivilege	692	WinToHDD.exe
Token: SeRestorePrivilege	692	WinToHDD.exe
Token: SeSecurityPrivilege	692	WinToHDD.exe
Token: SeTakeOwnershipPrivilege	692	WinToHDD.exe
Token: SeManageVolumePrivilege	692	WinToHDD.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2964	hasleo-wintohdd-5-9.tmp
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
692	WinToHDD.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 2964	3716	hasleo-wintohdd-5-9.exe	84
PID 3716 wrote to memory of 2964	3716	hasleo-wintohdd-5-9.exe	84
PID 3716 wrote to memory of 2964	3716	hasleo-wintohdd-5-9.exe	84
PID 2964 wrote to memory of 1084	2964	hasleo-wintohdd-5-9.tmp	100
PID 2964 wrote to memory of 1084	2964	hasleo-wintohdd-5-9.tmp	100
PID 1084 wrote to memory of 3120	1084	msedge.exe	101
PID 1084 wrote to memory of 3120	1084	msedge.exe	101
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 4408	1084	msedge.exe	102
PID 1084 wrote to memory of 3284	1084	msedge.exe	103
PID 1084 wrote to memory of 3284	1084	msedge.exe	103
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104
PID 1084 wrote to memory of 2208	1084	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\hasleo-wintohdd-5-9.exe
"C:\Users\Admin\AppData\Local\Temp\hasleo-wintohdd-5-9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Users\Admin\AppData\Local\Temp\is-LRBH8.tmp\hasleo-wintohdd-5-9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LRBH8.tmp\hasleo-wintohdd-5-9.tmp" /SL5="$A0046,9309272,131584,C:\Users\Admin\AppData\Local\Temp\hasleo-wintohdd-5-9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.easyuefi.com/wintohdd/thanks-install.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4c1b46f8,0x7ffe4c1b4708,0x7ffe4c1b4718
      4⤵
      PID:3120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
      4⤵
      PID:2208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:4436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
      4⤵
      PID:3896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      PID:1536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4752718910494443904,7352360541622281012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.exe
"C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.easyuefi.com/wintohdd/faq/en_US/How-to-use-WinToHDD.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0xf8,0x124,0xfc,0x128,0x7ffe4c1b46f8,0x7ffe4c1b4708,0x7ffe4c1b4718
    3⤵
    PID:3340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,9501777006847716830,8989377810156406061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
    3⤵
    PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.ini

Filesize
2KB

MD5
23ed691d8cfc8b0c964a6c11714e760f

SHA1
e12d0fc13106905d6c5c316e15bceddb0d6b99c1

SHA256
7d2dd72013238732fa5595b57d7c58bd2ecb9467d2fdbd770f6f8253c86b2c57

SHA512
48f1f90223de1820637a80559518b68fdaa6f6e20b6f760d4a57c45b60e599a7a5820801b8bcdd3794f4cd7ffb06672bdb9c3870443afd48579a70ebd8d2efc5

Download Submit
C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.ini

Filesize
2KB

MD5
4bf57f0ecdad0fdb895de5b7fd37e038

SHA1
d1a39aa652efbc134ebba22c347145dbc5b431b8

SHA256
cb098f6ab093fd4e6a1d0fd6411dd5b9fecd35f89b87ff0aa136ffb04e5931ba

SHA512
2fcf3777f12a3a8a30287ef75b6bc5d754fc7eac443aade2d773f50f494e6fb99c934bbe3a6672ac9a84ed89a970420d77f8bfc0c2dcfa582815c5d798b71841

Download Submit
C:\Program Files\Hasleo\WinToHDD\bin\WinToHDD.ini

Filesize
2KB

MD5
b37a5cd9a036abe7a29f84e4352e820d

SHA1
22c0798eb1ff490cded40b92928eac12938afe4b

SHA256
9155e061ec8087e78fbb888df28f7ea390ce002b9fafc18baedd87f0dc47389a

SHA512
75a35ebb958ffdf829c179b47a0b5d05865ff92b0271333f7cd37b551522861ba8bdf1543b9d592f3ea98836345a1423fac0b32e30b2b416bac224661aec38e8

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\AppLoader.exe

Filesize
294KB

MD5
f7bbcba9317be9d32509f2e0351477e3

SHA1
f94f2d5aa24506ec83bc4967fd887665bf4013c4

SHA256
b5593c77178ee938bde72f21d53b7a4d489d38d5d32b394266b26511d14e2650

SHA512
ab34cdcc64989dfaeb6e8fa2663f0f191c0e926212fa08dd2351ecf6a4546e20baa349e9ceee6c6310eb60cbf98715088762c95ba2e5dd0653e3a281075a53b3

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\Log.dll

Filesize
142KB

MD5
90764df961c69d29be1a8618a3662da2

SHA1
22fb435b228fef7d14b8d1d909952df3f36a329d

SHA256
2c80aff5d54503fc42cb9045b81c158f1acb939c4e4ca4253ab789b54e056a57

SHA512
203d0afdb9679c0d1dd0ef21f1e93b5a0e6c3f2b059c67576b8b9fabb72c4d6cf423e4f0c2119c451556b3f47d56355854ee465321d6364945aa7540ed22c310

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\VHDOperationEx.dll

Filesize
154KB

MD5
e2173401e74fcaffdb0773f4b2344367

SHA1
2e64a32a724b42cf43d1036dc07555bee9c0f340

SHA256
bac7612021aa0b41cd170d29d349b43a5c6c06174b5d947d57f9e34595fa79aa

SHA512
d89b4b86d8e5f68929ed6c924fb57326477250af2c6b6d0546a82f9e1924f883f34f0f137a7eecd1a9f42f98d2ccaaa0df5c25b5e319a6fea2c6a152bdb07a24

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\WinToHDD.exe

Filesize
10.6MB

MD5
127a003bdc8f91ee5be061c00d17f271

SHA1
d3d08a4b62162d89b3b715340b323adff4c8987d

SHA256
37d8583401b3de734544d8e9ed2071abf92f4249f3868c6a085e3a9405831c27

SHA512
21cb21b4c79246ae862492696252968bf87cd238cf676766038ba90601c1c86e3aa743077f7555c3b63d30ba3d8763c8bffb95c4ecb57478a5e0883eaf6255c6

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\intl.dll

Filesize
163KB

MD5
2f3968935656d99209098348c3c0e14b

SHA1
4cc08d2814f66f8ce6cb2e44eccfc5d19850e821

SHA256
0c6666834020998d0f66efec6ba34526fcd5be801ddc85c32cb09d120fb11191

SHA512
3642626793036bbe64675756b2771f85632ff4c10a943e02651aaef179413993e6f720e1617b932f196576abaa192061daf25f81689367733093a6e668900da4

Download Submit
C:\Program Files\Hasleo\WinToHDD\x64\WinToHDD\bin\libcurl.dll

Filesize
568KB

MD5
f5d8347d2d4f161f428a4e4c1affe775

SHA1
03328cdf971dc5a7aeb581b72388d7973a14f922

SHA256
c9e30152b83955e6765cbe8f7b10eb360c20f6b4f0d0368f3fc6c8f96faa1980

SHA512
c17fcf036dde6fdabd0568b6ab02ac3ade8da693c2f44882db429455060a9d6dda1602f69c3580db4bc0bfc184418a6005f48941563faa4c9a10e57c939cbb8b

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\bin\WinToHDD.ini

Filesize
2KB

MD5
29084ca0cdbded4c812f5854c97ec659

SHA1
8406eef1cbfacb34d01629ac37a98244b3dd398d

SHA256
9560fd4c39dbc6ccee7ee2518c829b107fe390fc971664ddd00cfb9117304f6b

SHA512
6d2e3cbcabf51492f73d608f908e4cfd90d600d759677791fa0b41e51846285b56ca401699f7038a086c63365607b09065625bc3189ae5a3d986aac7736c6cc1

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ar_EG\LC_MESSAGES\Translated by.txt

Filesize
216B

MD5
4e9e72c45fe5346e550596a02d35ec6e

SHA1
a70a75d3f97bff3f0b6af8db846c5a2d4b9da6a9

SHA256
fca389291438b10c0d0bd5976bb20500a5552c70cab229c5164fcc2f9970b68d

SHA512
06f54c12afe4145bb3359e10905a6b8e1438fca25ce26c4a4ef7d32d81075e86d8d94b9e7a25a8188074c3de1568b964eca28396bc683d7079148e2368d2c37d

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ar_EG\LC_MESSAGES\WinToHDD.mo

Filesize
27KB

MD5
8ad2f4a3436186fa54665d0a0e7f145c

SHA1
3ee66e9e5656fbe5ceedc7b9b0e575a465cebee2

SHA256
56ce6a5d0d86713b85793f2cad64e4bf36da117f2dfce3c2599808eea1ff5ec2

SHA512
57df24faa86350d5fad0258497a02c79818aef44212917ed2b75d5f43937b92c30375c1661972cb67a1328a55bc998aa571c6f09193e23fbb5c912c0de904e11

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\bg_BG\LC_MESSAGES\WinToHDD.mo

Filesize
27KB

MD5
73ab075be14a02a5ee8c342ea4b95acc

SHA1
5f3c4da82f625149acdd1a4d31077a4d3d7a4bf7

SHA256
eafbd7a1a0cccfcf70405d3d3714dbb4a80b831b3c394051aee31346e7c6c6ae

SHA512
d5483b69ba8b54f53527ae127f1c75845c11ebc72987d41cb6e993e596496918d26edc74f03acad2fd4e76f15e24db1d22918983f86a96a4fcd1cb5877ffc227

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\de_DE\LC_MESSAGES\WinToHDD.mo

Filesize
33KB

MD5
88297ec4e50113070598fa3c115a59e8

SHA1
618a25b5f15ca2a9b8ce4c6b0b042378e552aea4

SHA256
0dc0f875710e534532ecfe53284005117b99ca72eb016b5aa65313697466f551

SHA512
8ba39911cea0844bed031c85c8463e81139e398a78e90239ca43ee0fc57a3cacc283839c3f0a9309758f879625715aeff279fb6eadb7de558f1ebf379d812a0b

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\el_GR\LC_MESSAGES\WinToHDD.mo

Filesize
43KB

MD5
d5d057d6d91bc2bf3eac4a8a278884d5

SHA1
38427642087d6750b09eec4f58a0258a43970fff

SHA256
378181db33d6ff469025de85e220769cc9607bb4abae990a480f69444badba14

SHA512
d917116491f4876af05028578632307c5b325933e1307e458187299076bfd6ed8c0d45d618a6dd460ee71f370aa0a83c5fab6d9d52fe3cf581e2cb6f258f5c98

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\en_US\LC_MESSAGES\WinToHDD.mo

Filesize
30KB

MD5
238c8d53a17d33f118c0399d06f95a08

SHA1
3975fbd837941dbf85900298528fa2a77e146752

SHA256
96fb37c15a6c298465c64d94fd7bcad35a202b5d457fb644fa48fb3e9139e3ae

SHA512
bc4c361152f71e7abcf5c9590e41204ce0a8ae4b79cb4cfa1b48e1bf3c40c1b29dbd70e3440db1d44c3d7beabba9d2ac724471152ca7879bd0d03b2586d658d2

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\es_ES\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
0721f489df5992c6b939701242f63ab9

SHA1
1d402237124ead1ba50632c5705d9bc7534a73f6

SHA256
23360d062aa328d807b5401da7fcc5f3eee90cde2138aae402416dd2cbff81f4

SHA512
e34bf7c4b1f34b82b22fdd03e1de3d9f7147b93630d4e4540beae0d99384468d168e948b3599a971346d7cb5769b3fca152ed8ad64e937f0592a37f4e5fc70e0

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\fr_FR\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
0f2ae0892ddd18e76877870bbd3ea187

SHA1
76a924755896293c875279e726e5a705c763fdc7

SHA256
2bcf734166f35014a791353f59b1376dc0bcfea1f1e71ed97d9b12df52f24c8c

SHA512
1aa9d783fc621742f3ba28991d1102fcadf97a656eaa9b6271ffa2568a02046b55e65a6bb61dbb192153437cb71451dea3ce5c254c09ddff40fab63acfa3c90c

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\hu_HU\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
08aeca6ac231267c7b2fdde168b2a708

SHA1
0558fae0ad8a3279acba755bd5aa3eb6b70696bc

SHA256
e2586add6e74f6f67eebf2ac2497474c3b0bb9db04f7553701b137723bd0e1f2

SHA512
8fec9388b81166f5dc427e97037d16aaa7fee662eb3e9b6f9dd7284be334a78c5ae7a00cbec8cbff0d2c69f92b82ec8d7afa518aa4451bb90145678d30c63932

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\it_IT\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
2b6e5a26f8e260ba7a9486dbbd7bdc32

SHA1
ecebd5011d7730d31f41de8c6a56bc5ab23af5b6

SHA256
67de8e69cb1eff89c2e76b7a37ebc32e223619a134c63d0bda2e8502b553b27e

SHA512
d3bdb05baa957e643416c37b8903532775d32ae9b8adacd303a24770f0c43c73e98abef51a32509049713968ac2fa4a730b930f4a674e5f13fa17b5d43cbe91a

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ja_JP\LC_MESSAGES\WinToHDD.mo

Filesize
37KB

MD5
e35a4f7c13c643efbd4209ac865e4c95

SHA1
d8a65e976d3121531fbbef2c5ea7197245570d7a

SHA256
659c9f3e2e88a2c0e1f55f8ad86c6a7d93f4bc76ea7848b8359652af0539080b

SHA512
39a09c2f4955225218bd77d52eb12f32f309ed736a6655362c7c2faf8e10466ab8041393418a4d99f62e1feb09800a94b330a104c5f8be3bfae06aece1802290

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ko_KR\LC_MESSAGES\WinToHDD.mo

Filesize
33KB

MD5
8b8b80e406b29e365c6a010cb097b242

SHA1
9143ebdcde220df509093fca758151520600a875

SHA256
275404eaf57f355f17c26d94fd4590f8836ff9d947e4f75ef1c485ccc55acb46

SHA512
0c605c9b2247afebd3d659e0e57094de89eeee9eb9939331200fadf68c0adba26ce30a6e9d5ec78a628cdc464d9b6cf0f44210ec84163d4fb72c3c3b8da5e550

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\nl_NL\LC_MESSAGES\WinToHDD.mo

Filesize
31KB

MD5
f4d30d8f091c55154ba73af352f61961

SHA1
373431e2ebed7fbac45ce5316307c909fd044015

SHA256
4e797fc55709061cd319cf87d664e27e04dadfe69f6d54201a57bfaf11b9db82

SHA512
8d0057b50639c70305cfaae373654fd5582f82e5e7e203788dc5823780995942474c762f0e69848a97cee41c7fda29d77e8095840e9542336e7d57a0461b0d9b

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\pl_PL\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
aeca59a06049c53cc70ca125d82cc882

SHA1
82a296bbb644f6323f4b6d60e4b3a2b6b762ff53

SHA256
424a5a4e18b4f16ca07db525a184e3437c79c939fb914c5257e3c49752aef5b5

SHA512
191ff213cf337a4fab5a47492fa17434c444de785b3a5a45c792180b8fa792c9526eae181a553e89828a6d05273ab50b9af549871493dadb4e3b41f0d41c8f93

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\pt_BR\LC_MESSAGES\WinToHDD.mo

Filesize
32KB

MD5
5f88b9493896cd32cee7a8f68ee3e53f

SHA1
35b98c57944238f99793279c87d73c997e109e30

SHA256
1013d3f269ae12d857e0a614be51d8a84b23c75da96dacf72ae1fa4fbde7c3ef

SHA512
71ef53c114de5b37443cd0809700adb1f14bd7f44e30385673c5adc69225b26c4fe9a1cca776708ac443fa3697f95343937cd9d5e69ed235c110cc2e701ffb05

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\ru_RU\LC_MESSAGES\WinToHDD.mo

Filesize
40KB

MD5
df66ca101099490515c42cae193a7619

SHA1
cbf9a3b4c736272ae49b235879545acd81688714

SHA256
4ddfbb407488dea5e351a30471f274430b4e174db671e89ef53780b03cac62d6

SHA512
c97b34e96a34a65fee7a178e09c4457fca351a1d2feed08ee9288eb382a9b7e6c9cb059f2d6dc32b7a5b095c34ea3b0fdba76e6feac2d1a417ca20480ae0e2e4

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\tr_TR\LC_MESSAGES\WinToHDD.mo

Filesize
31KB

MD5
119d9eda34235864f5ad05c6d4300261

SHA1
9d5cd41d0f6cf5b403a088895b57a19487ded296

SHA256
2fb2e258ca60d079622daa263592fd4fb5a979d32fbec18b0603fe86bbe72781

SHA512
22f831bdb55d132902d60404cb2af303adae4f803b6d90167789cc64fc66a8518ac5ce6afd19e163c4caed92961542e0142c44344da089c87ccbaf37bb9a8f3e

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\zh_CN\LC_MESSAGES\WinToHDD.mo

Filesize
29KB

MD5
3a98b48e0994b9610eac564fddc3d959

SHA1
8ee87ba9efe903b5ad720f2ce4c2f8e20737b8cf

SHA256
39fb77e9bc9d1f62f98db0ff4cf26960f9b71824c35a12d57d7e5fae7c8fe0c7

SHA512
90efb1b4bf83d93d711e7633762e99b2fea3a595ac175779188da589da652f79730ce049416a87eff2bd8f3819deadc158450a51d3e88153606d6b0109c49d57

Download Submit
C:\Program Files\Hasleo\WinToHDD\x86\WinToHDD\res\zh_TW\LC_MESSAGES\WinToHDD.mo

Filesize
29KB

MD5
4606db1fe4f3640f9633fa64b7d03202

SHA1
900e4b6e6bf63804aa3aa80158f87afd2f544685

SHA256
901a958493c42b1c9831e5927ad62cf8ab763950ab45bb90c1410e015c4bd104

SHA512
e7a038114d2b143831da67eda83604f92c8e90bbed7b452ea88ea714650dd53fba1051c8ac525a429015fb92317860b7ef6b7aa7f6f99bfdcac34b912c075050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
831dbb4bb5d64769325253b50465071d

SHA1
0314bd9f2eb134ad87d09430865143774547bdd5

SHA256
c02edf7e41d2c2f644220b0796a75ba8a683950c8d9e1907aaaa1b73a647935a

SHA512
bb80f1a844551ed84872fdb5da9f479f966b880850b626319efeedac5cf0185a330d7289c70bbfce38c068165bd1ef1ea64e5b7f2d01725706b269c610f07536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15949999-8f5d-48b8-a3d5-880ccc1e7845.tmp

Filesize
6KB

MD5
9d98691adfa1583f52101211d8dd3558

SHA1
c93b7ef1ee1e320913e2bce0c373a1d79503a585

SHA256
cc61e62d44c84c7226abf74d7357138b3f0686657161937d2dd09af8aaf2117d

SHA512
7b1270680892e41b0afc3c475e298287ae81b1fc06ecfcf6936c477642e680cc364338b15f767f090a54ee9aeb3ee65ef72a8c9bbf9ec718af26ff8d52c209a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
23d14b8db51dceffda4d726649a6daf6

SHA1
bc64129807acdf421eec1a2411f1cee75e17464f

SHA256
3e7462e1aecfc808bdd1faed2987a3bd94fb39aa4f53ccb0a530d96f9dd70400

SHA512
b83a630c05176e705d443448d55aee98104428ed9e584eb31ccae3f83b635008e434ab271e6db14906fa28b4c065ec8c823e10c5de3df61b2f41c2bad0740d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
eeab09b0260f9a46825ab1b70d2ed0d7

SHA1
e47a1d4434474872c93a60e430264520892710c4

SHA256
1aa0e4e4b41a5bf261a28b8f3f1c3aedac63c05c42df1b45842beadeb87ab899

SHA512
c5e0a79bd90014867372893eefc159f7346c8a8ee4c5e8caac1ba5b7e49ddbd30badfdb6489dc4e8f2fa8b2d34f51f4e62bd01251b4a164e52fb271bd11cb347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
390f7ebe806f7e77653b8a79f23cc3b8

SHA1
cb1e5a15b32c883be8a2fe85b839f1b7b61a480a

SHA256
67c488695082d8ef38fd479160a7e8a860d6aff5723c0c45b487074fceefb21e

SHA512
675750a43431820e01426512711594f3c2c5213423d4addc42add56b2ea679663129d773eb1e33c7a7579491e68784c6ead58fb11f3e7744c85ae212df931fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
aae9303f6797c6ae4be3e4a5207e957f

SHA1
3fe6f2bb28bd3eef1a90caa693c881ce3056a1ea

SHA256
81575e529bbe5a2a256ab65066d5f3c02f761601c4e860acca8a7e9bc907b08e

SHA512
81dd3399a69f745b5ffc3a71fdeea4f88eaf99ef23991271cdd74ec6e6de3b0cfe7764bad4004dd4e7a6bdb615c1fd41877b30733cddda5e4c0bb977c8351cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
37KB

MD5
e1bc1ba0ffb3920a10d9be861cf9980b

SHA1
2f512f79540ed1c9236eac98c7e6de55edcd8482

SHA256
4a2434a49dd4b64ae51ce6e16c50dd1059359ef7a86ebefc7f893829076a2c9b

SHA512
12e9bd2237141e95b6d30e5fdc69ad2c1244d8b0ad3f00d46be83a36ea1c4e9f79b5e1969c17273c3993be8a9e41569392d7eb12246855c3a07e115d6dcf2f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f8f721834ab3afc7_0

Filesize
217B

MD5
ca14325563529e98f72d18056f5519a4

SHA1
c54e76a5afb358d1a4fdbe135c1202fa3c6ebf0c

SHA256
ce533567f351fe0d60984166bb7c08cbc99f6d9659af71618720dad3578380f7

SHA512
8907bb9d20f4d459c064e445d54c6c2bdc8e84977d0746753e2daa8458b72406ed4ed61496a000af2d50fb7fa7997011d5f194bc8ad4fa7d93bc1b967284a4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
368bbb6d763da748cb431b7afc4d6136

SHA1
0d5c07ae27121e0040a91ca711584c6b812e6352

SHA256
4fa7867a3cb99c0d90200544bcc3fef8aadb05fe08764c5777b11a6b6598d4f6

SHA512
de918e4c79bc7d79a5b4202e86102ebf905f994c40f03f031e8332b9e574c5a36063a35cff4050b8ace153e0a51b620879f795c99f53cb91b8d6dab9a3571667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a271bc7c20ad0592458d41ea93777ba8

SHA1
e11a78d6016c85960768638bf29499e0e71edb84

SHA256
66a565dbb9f7bd42c983fa568523153f482a6dd63660d5f8614d0dbf1b0283b4

SHA512
76e651edd68c885b0f3a0cf9e5cbe64058d60b2d59a0732509060234dfaa2fb4313ea2e2bd22d706e1a50830fab977cbd8285054e4863d38eb787e53c47d3044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6f2f179822bcc202eaaaa620a8f14513

SHA1
81409f56fadb187af2945d9d72e27d34b2247020

SHA256
bb748f5079d5b3e6969a976d0387f96693fb334440c8af9ad02e6a6a2813169e

SHA512
6f140ea7b7f244699da66b107fb306fec49f9f44620382554ba02588ea537bea3fadb79d9116f3849d0be1877c68d26cbaa8c0801ceaa4da0782fe7749b4b780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
f0ced6c425d339a0e8ee26faf9eec6c2

SHA1
6a1cdc9788561cad0f59fa8442a28017aefeed52

SHA256
5f22deb78f0cfb72ee86bc4d62f968bc0f4674bdae840553a83f2cf4665526b4

SHA512
a1f9541fdf6388687299797430e0a32a16cf17d662209a393146e966edcbeb58c1fe650bfefabf557527c52e6ae96c209af709d2eb3850f733d77b8a779ccccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
5114b5b22d303b7c4e148af1132964c4

SHA1
2e97379ec1e1bfd7bf8b6bdd212c7adaa8a400ad

SHA256
f69b1a9fd23c6123e4bcae745d8cf6c4ad531c6f90d3a10cf49aab9f90e8dd84

SHA512
45ef195d67f92db2f1035232c4cd5bd7db6cababa618a18760d3a07ea1587b5bcf302fffe4cd956bfd63524aeffdda765785cf30954640744f099c85551f515c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
ccec579927d77d446a32d80e0b8f49ab

SHA1
9f5a92a915f74fabe0d74d9d07b0d4725e9402eb

SHA256
d5df2c28e045dbd19f494582614b2c09af87cc897b253b3889f9315c015c382b

SHA512
5350ccd09b9fa6f782d3e06c4c94c9c29f007d1514aa2b6d5174c3ee506c7f42f15d953346cfb14f6bf3b296eb439d3db4485bbb9a852b39f4667e148fd041c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
848B

MD5
28b7a781ee1be815b23fe9f4cbcbda4c

SHA1
7f3505557cc606e6d482b1b44c47cdc89c054e3c

SHA256
c06999b036447494c2411ef9fc0a3f1e2b664d3ca4939f55105d98a0e0f5b7dd

SHA512
449200b5aa89f8ff025006dd14c90ca7b55a8e4fdcd3974bdef19137e0f6dfaa0a9e648b10d1835c0c0eabb640a2118219af83079e6b1a0afb25c9e90dc60c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
4b0742fa76fd367d13a22300c2d4806e

SHA1
6d1c3c94a9b16b0b3fa5f778fd2e5ccefbe7e173

SHA256
05f69022ad3af9331981530b4de61a01106b88fe426a160ce87bcb5007965258

SHA512
46ae8d1dfbecd2c21fe08e95d5cc7ff28ae7664d96204ba43d62dd866a71eca4be8334936cc3973d509bebcf51e73da860b3f77b8f0e1cbf0838e898476ffa9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8db262c5500c47718d867137cc5ab843

SHA1
8848c5fab5955e5eedc00efd48d9b85d75723cc7

SHA256
c2d1acbcb7f8ca8c93f3e553e4568873134b3f9d09d49462d9749477732f1f0c

SHA512
05e2f43e6408dffba8dfd8616519bee012931164db7715d727d41965f36f87a9356b7163081337c091b8f003a924441b772913b0057d5dd3ce6f81c4ab229610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
670B

MD5
58087278775c3e59aec0effa1115f82e

SHA1
b3babd445a2451de369a10e94852ad8cfca7c1d9

SHA256
5e426cd3a7ba7099d57a709a9ddd40911061d2ad31c402502cbad50184faf21a

SHA512
a7b74295e5b41e0c3acdee369e3aeacca159d4b5b52876ceb3660dbc9b3b5ed59bf5263dc6fe43b8e3bd60919b9b40425dc79160663214f3dee4e374f131ea38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
959B

MD5
c8744d382f6b3379789a397808af5e60

SHA1
fdcb1bc067ba79d9afb370f93746e9c47c3e1a95

SHA256
1c97c990dc2e5fcc17e1f36cbb33c0f12995643a9be106da3115aa8cc2e5b65f

SHA512
34c3c2da1a2e7f4f72a81535f6a2e8edccce4801ec604c1e667dc72cfbabca8105a80d4bb7af71cdd6d2ea45e2d2f4adba8bb41d03ce0a7aefde3166b91b91a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb3b5a7e084693d157ec8c2a6e155a7a

SHA1
f121921abcb16799516302b9e95149fa351d3061

SHA256
4608347ba68e582a4549663548b80844c16a881588fa2253a3e52322b2c13c06

SHA512
dfd204a6d1e6ae59851abfb4443d3c60b44b8a4fdcfbb6fe26c3d7262b7ac8b970d03388e3fd12f939ac40ced1b5c470bd85904763965f8423ccdd4fcd65d6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34ac58d47df0a779285e17670b7eb9ab

SHA1
2d984e6b80cc81ffba6ac6a3bc119fa8cf5446dd

SHA256
6fbdea6746182eee92cc95091a3a393d7a541b3047fda332da3b857f494d69aa

SHA512
af7551063f8a59bc2230cae1ccedf093624cf27cbb5c53c6e962bf962a76437b44b36e14e6b79336ab79e02c2544ae2fe9764b607b307582498330ee30460bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68718a5a20045d8999b80cec458d44b6

SHA1
d7ee528a91b4913ed81ee4ba467aec7bc70d3db5

SHA256
709927e2dacb0374ceb38dd716694b4b8634da609b1085abb801380f921258fc

SHA512
bd8fb9532ec45e527f1ce19a9e295c13521dadb22eb5f3e547196d0bda98638cffed869601c5ef205c52b2b650673959e8f6d04ccedb6963cce64f2f3f8966b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
00596e8bc4a2b4fff5d69c468014ef3e

SHA1
bdfcd0c83385552cf309c1f3ea28ae795610bd94

SHA256
41561b53ebc52f6dcc21ef08e2d2f6d146f3c761a452966e63a65dfec7e41297

SHA512
394345469b42cf35b463c6351529b477283b8c2a8130c4d1285a75cf97bc00e6723fb8c931773a515441a142adbb9a16464208090c9ab503bdf4fa7b527cefa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f65f2a7d88ee2dec6b9741a41a23be93

SHA1
c6221f96aa1124f83c850ac68a7e27ebc2083af3

SHA256
63d1cd68c22fbbb69f311dea5ee0ffead384b110d0628c236176386d5795171c

SHA512
874ff1d6f71e1701c5ce8e938a4e9d0522fd76503b47956304a463a48b97a817e6db078e849c26cbf6a9371fd387f3958c6f72341587cd0aed84809a34f41f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372043576414531

Filesize
2KB

MD5
a18e0e1e481aaf3e0d344aa4d5cf0e23

SHA1
64a8384869e241b0d31b64d45043a73be0b83768

SHA256
72eda16a53ec938f9b4dfb1e06fc02c65b4d369213f4f542afbeb562c0156476

SHA512
682ab55a0dcea826cd62a1bcc48ec6c0b3ff315c4dacccb49fcb3e405ba5ba0dd1d40d179da649b73e09325d5d3c8014673e9078f76e4c3229c6ee3bcea2fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0f277635b04523ad8d95bf5cb7214560

SHA1
d2c6ac496e085392d4a3214d440de7d7f0e2489d

SHA256
405707382bcc9f94baec45204c32bd8617e67f168a55d09350979d8eaccdf252

SHA512
05ae9f886c94addd4a39f1a969bbdc29d36cc97426dd001cd2d989b4c427ab9ea20165743a2a31fcd4c2ad4cac3d6a3fd992bd9f5fdae3c29825ed37e2c01ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
797001e818ce2b5ae13d9c1aee2385e6

SHA1
c8d32994e227f2ec72481916acfed782e774a920

SHA256
34c875b36ca2ad16b874559d22b205f180212733b7d7f3b3b5e5fb9a1d4fac37

SHA512
ae4c6a47ab67c930e1498c62e98717a039443dff45a88e1d02eda1066c3aedfdaa808329cc62c81110dcfe682da8e6c8b4aa8dd27f06727b768dcc2dcce44e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
24ca0bdeca1f21b30053a9fcaab0a0de

SHA1
84f5ddebee329890340f3f2ce4fc191976979508

SHA256
a133b035c29d23ffaeb1595edd6c833d358a0ecef814440be9646876591cb3b9

SHA512
0777531484277bec83fa75911c95d27edc7bd378a66662c8dc0ad1cca9838342444dc128c7d3b947ac29dc8ba2bb56ffa64e449b3a4abccb2df5eb002f67a75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d8ac6534ec0bdb02c9d1c74d47521864

SHA1
2cef81c6cf81b51d9e34defcf46313345209e60c

SHA256
172166b819c46927dd5ea295c2b06e6269e4a35e733a4caf7530a2796bffe128

SHA512
0b1cfe1613ec6ce3e267821ed05feb3d948e8b6fc89568879b20f64d30d9c4301d3850daf3f17b0a904f335a5b6b626191df994e6567fd4c47ad3f9203fff328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
92f9391d15b8c5ddf3fe1f7c40058359

SHA1
6cc25b3016b3e91370adc33cc27f344b0de55604

SHA256
7064bc14d5fe00926f0918d0d1f2109402b5cf64095b3107bc7ae311fd802f46

SHA512
64a540b1262c6687ac2743d1890b45b2fbdd4cb9591ea81b75416f7a7013005d6d54557563995ffaac9b8589da238698afd36688c005f1d17a7f888c17ad83a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
750123a8831cf6709ba544d3dfd3bb62

SHA1
eefae1d64b405ea1fe30f2fbcac3f448d2eb9628

SHA256
1d8033c3aef71f68fdc9e7439a491a1a377dde4d02c58834a2167dae01c713b1

SHA512
ac0a7a8f4e3ae158695596a869e6ae4475964146fbf73220bab477cdd22371149bf3e2b5c968cf920b0e2cb79f3625f252eaf8be672c4c220cc228897a6d5a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
888fa103565b3a418d817adb5dde5202

SHA1
6d7990ea3d91708047e626600c0e2ec527aeb943

SHA256
62f243caf5303939a0d2a2e767d532984787cf62abf5263f70724fd11250710f

SHA512
a6dd13a514fe7a87b0eed9df121e197bfc1c687bf1d59b66962ba8b737cf82a96f80f34846401fa4bfe3362392cd9e22895cba76e55ded3d02bf81346de61e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
156B

MD5
5ea6f47df65991fd6c2e24a62a9e1978

SHA1
6233e0063157307371bea984bd4f3dcbe255acd7

SHA256
91875d523cef985e27996b8b28518ffaf9813a056086f4414ac20e67818d8dc7

SHA512
c5851ec0b84f0aaf13e109ab0ae4e708633607495e6cdfccfc5053885ea87dd340d9c45a7deae78942fc4600e6872eb4cf9d714ea38434e5b605b51c4adfb3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
310ed379954a7b38ffbb1c703d7bf64f

SHA1
6ada219124a20d35948663d772701e51bcf9eac3

SHA256
0749c5d78cf4d6e1f13216d529b64a62fdabc0b825066c566212b6df90e2256c

SHA512
82d23c427a5aa08588bb65bc1f6f2a0adee228df99bdf0817f0a2f8b719f932311599d9905c699bffd667f3529bc1737ad9246e456dc2aa39169bef129703aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
6539ea27fc103012f4cf5833fda5ef4e

SHA1
973435f92c335ae4b033f18b5381a8abb98c6fd0

SHA256
aefdbd9efabd69bab83c5a7ae40b7bfdbf20f93c3d8ea18a378ca15961d9e114

SHA512
badf93ee84cc24bac565cf5581b81fb748cd32281d9f4209f0a75361dd5511a8fd8eda45108f62423ed87b7dff76f147b8e574e95d856da3e9be8169eccdfbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
9de5331bd1f46648717350049d308148

SHA1
66d4cb5453f9879291c2cf180346b5513dff17ea

SHA256
819efa43119e9800b4e237f207123353725734249c786beec2ffa13cfdfd9d76

SHA512
30dc3f4ae8749248016b6efee3ada300458181ab804c546b8c4437901c28da278d9e46e39020c168a5a86b53292e1645e95ea5ef6e04786b5ec41ed473a4c29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
eab0086f681c00c0d537a5560f4e00c1

SHA1
d73a84fcb404ae1df63fb5412cdd00567d3565a8

SHA256
926cc23e8dd5fdeeb3371d536b3d94b3d7c8b5ccb3f12bed42ce69dcce29125a

SHA512
78398e4e4f3b19837647deb3d4287ac8a2dfc577a7ed725ff0dd76d3c1c3b42bd49e0acad72b6bb630edede92e0667a4cae25ec539062e710dd2fba3ec7af8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d96b6a554c72705a6b413ce9ee7df5fe

SHA1
7308a21add2f1bd9e48c4be57a3835ca84f212fc

SHA256
29882f6b42f34344e40a57845d217ef79a3280c1b668e9442c070abfb81048db

SHA512
50dbcc03eefa3eaffe445a6a99b4ce7bafa22175edba550788f19aba9c9f9a0ee9c5de1f4b6db1f2aca7647d52922c923f037d14d03fe2e56aea3f7069ccdbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
505d210742f4459bd7b60e749d2d34b1

SHA1
e571c18d0f5d3117de7e6ad9426a62a7204c910e

SHA256
52c5a7b7d8f30458034512ae2a1125c543a4983e09ed47e3d69e4dba3befe389

SHA512
8678e191dd9c871453bf607e402193c19414d807c3c07e415f277e84b9fdd7b155e26ee099d2224e51140d44f5b1fa6b67416f7400fdf98eeafa6c9a9a3ef7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c678b81dfbc0945e8b19efbbb8187bd

SHA1
5e0681491e3e5278b2312b58bd27eb682b09ad95

SHA256
363c39aee062b76393ef3f4bb30973a3603f4822164525a11795e1e289cb69fc

SHA512
184758fdb7601fd816e015ef4e6d4388e8c3c32276dfdb14171d1b3696758fb9acbc4fcbfef34935a8315d0c104e000dcbdd44b4e4c827cb1fe44d43bb5b8c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
283b37eba379996623b1e94e8cb712cd

SHA1
78cb4e70643e8cefaacf41bc89436e1f4b0ab05d

SHA256
2a37e79387642e0209c85d5e55c99502243dd3fdb833b2c25fb03cf16c4f845e

SHA512
96985e78a4945b2d66ef04ada0d36bb6719564f5debad0d612b9fae53a11c54a2a24a303efbf5f2d3bacf75e04093026c3727ac82900c66eb61a3c870c764ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
022fe181b4a5ba348a6e4aad45a18c6f

SHA1
54c68726a74f8e0ae478f12b7999a0793499b279

SHA256
fbf96d00176cbca0c8a250992af6c7dc166613ae3e385676845854d5d987b56a

SHA512
098bed43e084b2223b8d9f37124dff453a7c5697f05d3ab6892fd73ab2e3d4a991e284863df1c6dcd15e468ac8e930293dfb18fa0c26be33b4e3aa0379a94887

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPUD1.tmp\unins000.dll

Filesize
748KB

MD5
d484948eb2fb6b29a12192e83ba1444a

SHA1
4ea95f20523b5da009a8302b191afce3ccac8341

SHA256
fe03060db07eee874fbdd5a97dbb6cd20f519b385ea1a28b9ba6b15e351f3d87

SHA512
c4e575abbdb5d84c095a8268e477ce9546ab43522c20949d2c273e8372486d03c4907b0310280137c1cf4e20d0a2aa69120d000e4a4f799ced75d8ef7e2b28ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LRBH8.tmp\hasleo-wintohdd-5-9.tmp

Filesize
1.1MB

MD5
1d3838613ecc9e4f9edea6a722380add

SHA1
7f47a17a977b5bdad81e159ef7468adb9d5a22a1

SHA256
9245d179299f957b6550dd48a79d4aa1d684a66192474a47b6f16721dd4198ca

SHA512
aab911953effb4692f335f9e6b2da2221972c5a5a17b62f67945803ee4714e3aa59843fcede58878c3737cff0339c9d3fccd026fb2369a1ae15b74cc2eb84dbe

Download Submit
memory/2964-15-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2964-8-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2964-255-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2964-6-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2964-259-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/3716-261-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3716-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3716-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3716-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3716-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download