hxxps://drive[.]google[.]com/file/d/1e9sQz-FLV3_rq4CMNanNH7VAbkFvpv3G/view?usp=drive_link

Analysis

max time kernel
1330s
max time network
1229s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15-10-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1e9sQz-FLV3_rq4CMNanNH7VAbkFvpv3G/view?usp=drive_link

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2156	Rainmeter-4.5.20.exe

Loads dropped DLL 4 IoCs

pid	Process
2156	Rainmeter-4.5.20.exe
2156	Rainmeter-4.5.20.exe
2156	Rainmeter-4.5.20.exe
2156	Rainmeter-4.5.20.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
12	drive.google.com
156	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rainmeter-4.5.20.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Clipup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{E74CAD00-E205-457C-A98D-098F8A8921D1}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
3976	msedge.exe
3976	msedge.exe
1124	identity_helper.exe
1124	identity_helper.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2340	msedge.exe
2340	msedge.exe
4960	msedge.exe
4960	msedge.exe
2600	msedge.exe
2600	msedge.exe
1824	msedge.exe
1824	msedge.exe
2308	msedge.exe
2308	msedge.exe
3456	msedge.exe
3456	msedge.exe
4212	identity_helper.exe
4212	identity_helper.exe
1416	msedge.exe
1416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeRestorePrivilege	4596	7zG.exe
Token: 35	4596	7zG.exe
Token: SeSecurityPrivilege	4596	7zG.exe
Token: SeSecurityPrivilege	4596	7zG.exe
Token: SeRestorePrivilege	4496	7zG.exe
Token: 35	4496	7zG.exe
Token: SeSecurityPrivilege	4496	7zG.exe
Token: SeSecurityPrivilege	4496	7zG.exe
Token: SeRestorePrivilege	3836	7zG.exe
Token: 35	3836	7zG.exe
Token: SeSecurityPrivilege	3836	7zG.exe
Token: SeSecurityPrivilege	3836	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4272	SystemSettingsAdminFlows.exe
448	SystemSettingsAdminFlows.exe
2284	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 3912	3976	msedge.exe	84
PID 3976 wrote to memory of 3912	3976	msedge.exe	84
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 740	3976	msedge.exe	85
PID 3976 wrote to memory of 4812	3976	msedge.exe	86
PID 3976 wrote to memory of 4812	3976	msedge.exe	86
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87
PID 3976 wrote to memory of 3476	3976	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1e9sQz-FLV3_rq4CMNanNH7VAbkFvpv3G/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8d8b46f8,0x7ffe8d8b4708,0x7ffe8d8b4718
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13105677682445066252,16736801999481918648,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey
1⤵
- Suspicious use of SetWindowsHookEx
PID:4272
- C:\Windows\system32\Clipup.exe
  C:\Windows\system32\Clipup.exe -d -k VK7JG-NPHTM-C97JM-9MPGT-3V66T %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install
  2⤵
  PID:1596
- - C:\Windows\system32\Clipup.exe
    C:\Windows\system32\Clipup.exe -d -k VK7JG-NPHTM-C97JM-9MPGT-3V66T %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install -ppl C:\Users\Admin\AppData\Local\Temp\temE3EE.tmp
    3⤵
    - Checks SCSI registry key(s)
    PID:4040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4556

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Windows to MacOS\" -ad -an -ai#7zMap14698:94:7zEvent5527
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta934079bh0ca1h433dh98c2hb50591855b38
1⤵
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe8d8b46f8,0x7ffe8d8b4708,0x7ffe8d8b4718
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7877549684622681814,7587310610361549791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7877549684622681814,7587310610361549791,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,7877549684622681814,7587310610361549791,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault82713fd0h0b02h4f4dh828bh7281fbfb0f7d
1⤵
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8d8b46f8,0x7ffe8d8b4708,0x7ffe8d8b4718
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6693797310786090266,11585151257290382526,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6693797310786090266,11585151257290382526,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6693797310786090266,11585151257290382526,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4980

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey
1⤵
- Suspicious use of SetWindowsHookEx
PID:448

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
1⤵
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd231e8abhb2b8h4880hb433h4062beb430af
1⤵
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8d8b46f8,0x7ffe8d8b4708,0x7ffe8d8b4718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3113942206518573072,17349519208376835714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3113942206518573072,17349519208376835714,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3113942206518573072,17349519208376835714,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\LockSave.shtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8d8b46f8,0x7ffe8d8b4708,0x7ffe8d8b4718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291214711435511709,6416643210890644896,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:4556

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Windows to MacOS\" -spe -an -ai#7zMap7311:94:7zEvent3925
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4496

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Windows to MacOS\*\" -spe -an -ai#7zMap15089:332:7zEvent22867
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3836

C:\Users\Admin\Desktop\Windows to MacOS\Rainmeter-4.5.20.exe
"C:\Users\Admin\Desktop\Windows to MacOS\Rainmeter-4.5.20.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2926010c0031a6b8c884cc903876023d

SHA1
f25669fe48f2cb9ed2a0aab3dd830f48f5d05190

SHA256
90438a7078d5acc78cf1ff265f081f9d9453b23fe806f2842eb65b1d43b221bd

SHA512
7bc82158f7add62a384070f7dd93c623aa7c287cd4edbc8260907c33356b7b82a2018078118c2c16282207ecae0d8d9a2dbb3ae9241f33bd7a3e8d3f392653a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5002d271251d88d519e66f352bfe7c68

SHA1
e799c40eebcd2cda90f85b9cdb61b0295542a008

SHA256
644ed7861450bbbada72d6bdc93b573de913d8ebc6c3d0254ae0d94ccb3fea95

SHA512
411eaa877a84dd8168760d1b10d8d0a5ed90b725bdb1680e0c5caeaabf6bf5fb8266eb493fa30ecff4d676502972479e1881108f7654edf0379c018923cb0781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f59e2d1e98f5e7867743b14c79e8471a

SHA1
9f5e5bed72de66c17d4ed4da09d738f4482fa338

SHA256
b3a9e83fd9c37fb6c9b8e6d6e06cbe955e1661c516b7de69005c74eea66a5777

SHA512
5a5a68352b8ef427bee9a8dda4009ad375c74ed97c872e141f409fe86e17d5fa029c530c6f2a4d86d7aff9524a8e8f5f469080bf2626be5143171abdb6acba48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46420a892643e6a89230dcb6054d7c98

SHA1
7ffc27abaf61f8ea8247bb2215fba9352cddb707

SHA256
96fcd4d5e222c036e61b45f9e35977dbc24a8bd756299d0b8a8505caa1727b09

SHA512
cf26a6da57252dfcba9ee166abf7aadfb994aecb29bc1a4c22f47ec6774642949e0f2f538f74b40938fe675defc005d88d1875c875e20e20d0feaabb0b499a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
98330d1f263b0552dfae0affda7e8303

SHA1
4bf765f8b0f425543be91518729c3f476eb7f44e

SHA256
eb16aaf49e1e0e594aea6996861c21e58da8507de073095a2cd4610df9362cb6

SHA512
6aa8c94b3f3c9bc34b4da87050472098c638632d1b716f0f37166cac4d7c8bc06d976e9cf5f8879371f25754993c36408058169b9a7c8983a697f1a73acbeed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\850c6194-503b-43e2-b563-40522abf80a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
0847f502f3670eeee3c2b5cd93c8db94

SHA1
984881be882fea76d390d373222c08f34cc7a31b

SHA256
bede435865df71b9152966ba6e550b07ae481f795dd2b69063add1e99bf6c23d

SHA512
2eadbe0158bb6a8c19016cd5fee52c4efefc3ae2e8655c16300cd449f1774ee875594c6f7826ac7c4c9dfe215a5c9acafdcb68b8bffa00a70468598aa3b46c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
139KB

MD5
8ad8863b67842e87b076dce7f4e170a4

SHA1
a7f3e94d45418a1c0ad834946fb131d5353df466

SHA256
ac6a16db8b5a7ecf844c1c778335915d24f4a74c5030cbd8d8590337c02a19b9

SHA512
0c7bd379a362440aa6a07da9b65a012ae2b15d6263ab00eb18ecc1e649da9d1fe260192f30e46bdaafc0c005a1662a3dc8dc911fe1a49e4e94fba3fea937298d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
63KB

MD5
c80a4cb90170306cd3c0c315df08206e

SHA1
3af2716ad7bd4d8361e69aee380540fcfba86b18

SHA256
355fcafa80bcc320b64a84300ccba7d088779a296a96fa74c1e1a8afc5a2a01f

SHA512
cf31010a4d006a4e5ee135199e94bfba1e7c5da0e4ea3cd8f4e9c241b624c4aaf5b61cdbfdce1b14eed7706f107ab302b79a9968a8b9027f063b81ff58aa748f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
bfb459129519786edbbe483f070ff428

SHA1
5b2e44f50de39fc24b694506726c9566df8d53a4

SHA256
096a5ca6f0f8afe69d1d9e17ea214911ff3a20587f2f83197f567baa45c47d39

SHA512
99a5ebdbbd876b4fd26d889139bd991b76e83829d6a8c494306a06292021f5dae9d0b1219425fb623a22e43e8800e88176385a04a201eedf5138ee7e771ae141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b556a91f1433120e5ba8439e0a316360

SHA1
1a2f6f87790c22bf36f0e7b2a9410080cbd50c70

SHA256
186f50f0a434248690319cf0063d0e04b31b4579a2d75e6628166fc8d6d35e42

SHA512
e7e4d56358ab0e98a6bc49d7f2cf117f0cd4931d18a24830001cbf4ddacd0ab1f5480c3689184d3438797f78e636c4f21e628d407b44226b702291ff2bbfe83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7b8957a8ab3a5c848e9aff593acdedb3

SHA1
a4510cf74e3a65dd7544010a2e5624fdc447b09b

SHA256
a44e863cdff84c4f393cf2a94aa70378f54f4ade5c44f8976bde3b327ddcc24c

SHA512
366b2979692eae08fdbfd5a6e1079d493925d1e2b5890f56b8423c371560f50fdebdda0a0281371ab8d34fa6f83a5825dbf6805eb4e6296a2bf8fe2ecbc8c5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
99288dfc318d81f2abb737eacd5e4bdb

SHA1
127e2367c0e2a581f5cee077e96b40ce75fff2b2

SHA256
8726f1d0163865f7c811b82677da74b7fd0fe1d515977f271a267c0da03bd6ad

SHA512
dc1a349cec2403127f25a7e9a18ff58ac74d93fc783415eed64e3f10957f0966d5d412613f79efdf0749e49f2c85904502e319abbab2b088f3b39940f0203735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3b72c8398b8931a8041a65cbea724fe1

SHA1
a9ebfe542b5925d828b2113cb903788d6b270019

SHA256
4dbb97b70a17c06caf9a360b345be061ef60b4c70f364dabbac406f4b653ab85

SHA512
8637c99d8a336fc8f861b6de2041058203421031b79a0deb276cad19a3ebc9086351655339527b74b9592942c259c055ced9ba8bd1f50874869bb7f4c50d5006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f41262a5b9ad6297c89c180e67bf3cd1

SHA1
5bfd379b4611fc91aa9506b7607c07b53246256e

SHA256
6702b570d3b184861ff52597eb81b5ddd9a09881ac2ee39b06c1100d09b5992c

SHA512
4d01e8ee8096cc2f922bf6277f81251d9daaa22b4dcff6ed3fde4d7e5d4bab913b93a2b25b8a106e548d213a1acffdc6672cad0667557f3ef2e0268e1b4b45d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
47f064d95c551bf840780f8f2915e127

SHA1
4122f0997f32b382fcb78b3976d2b3826bce2444

SHA256
a83f02cfbf404dc2bf1f41e4154c834dc2b723aa40a35a4fef7ad76459b90587

SHA512
f6e97fb7b690d869a4a5c5d303ac16bb7f5c1429515cd51c3961fa966b319c2eff5ba8dd8ca131beb7fba4360e9b4c492e3cb523e5944e8d2e7dd043f547c6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1e9dab88a9a077ba89bfdb20795f1c4c

SHA1
61e0f52a265cd710f1a9b6e9881d698241e15bc1

SHA256
88cd531ab5a2d79df040a881e246ad7c5da8408b93ecf75badda60194abcc7ea

SHA512
b7c87c09f59e3ab058a5dd27bac180723a3e47a993ab56a2ca10c40a338d7d2dfeb0afd2ab5a3c0de5896840085026923caa7929b84e16f8f653bb2de5b32b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log

Filesize
681B

MD5
0f33225eea4c9b61f4139fc511039791

SHA1
5528d58d6ec9b49ca18d7f0da53ddeb253bdd653

SHA256
ee0c18633ce73ebfeba003bccf1a39249ad08b69ed511a24927fd46434e89d27

SHA512
89c8250a83a542645181a5accfe8a2881805c85202dc2db5c9607a6df7d0af6d3e5ceb2ee749677f0c525aecebad799b1143c2b83b5b0cf2017d83189414f6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.ldb

Filesize
44KB

MD5
357ea1d71151b83fdd5a8984a598fbdb

SHA1
725504355f0a1f3230fb71acc2bacd53ff3b6180

SHA256
b0eba2fe1a6453139e5a230348077f3f848a1ce33c7e5bfd6cf1c5fc0131f8dd

SHA512
bf402c8dd17a12a84ccd2c7ed8c451826db547ee42662575582546f52a8c49875ca5b471678e27889333e128721a27740caedcf498f763b0e9b3a1ddc7d08b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
497B

MD5
7434e5b25c21ab3ce249d393871f9c4b

SHA1
3e5817b41a1154aae9554859edb4b1bb0a4505e6

SHA256
a344528616fbb0f1b3d7252812620939e6203deaa16b914fd86174f4a6e4bd03

SHA512
f59b2144eb4576db1a6fa07890a5c63f23943b43960a32a0889ca6d837cf124f17e6bfa3319478ca65e3d15ce79dc1fa1aed665aa79353f14c71151be08aff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
154B

MD5
b286e1060bfb9ae4445d254caefdf404

SHA1
357b629a45694b5f61ddced46a693bc016366f39

SHA256
591d3c62148f85d38f491c223fdb56c277b950074e05b5feccf2693dfb0e672e

SHA512
91a0de7af4cb80937c666e0e915d0de74187c8beb267417b5739e0a579e1e163d03340155f7b05b48d263b4218d39948b0ed3afbd9b482632e1e885212441df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa03a93875fae4be2406970757d89382

SHA1
4ee14b1307d85773943edf80760e38af3e4f79f5

SHA256
ad8d31962eb78324fdd757a3478d0d9432830db23766bd143a0169571ebda448

SHA512
0770a7716814a0b1da135e97358c09fe9e3a8b48b41c7f5693f0d768fec5c10e4599b769030a6604b81e9b786de03bdc6f3e069458ca0ae66220c8d66db2eb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fb7b0004128db5cebd20288f7bc38f27

SHA1
cf7eaa251dec1ab60954c08cfdfdc383c6921a2e

SHA256
baa232bbd6b9a5c2194ddbf6298054b2ddc411280cc1cce0eb01dd4349477dce

SHA512
390497030742c9e54bd5bb29fba7d5f9a76d432839964eebe7d41ae9144da32640791d5b59fb3cab97b8c0a727732c92be14ccb024118364483f9615610570fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b12f4a8b819f6da3f25384f3cc49a214

SHA1
4ba39ab749cdbf4a7092afb7a268e92246681329

SHA256
46ed1b1c31212654cd1327a09601aef5d6c5d27d588703f8c1146f6a8b56d319

SHA512
41e31c6b29f64c7e1a7d2c1ad3fda4c1554ae4d65b7c639d22c2b9b2f61ca670cebcce278435534c80eb32e9f41998128a0301f19d2c2d35d50ef3afe43f7aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c1662781eb5b6597b24fa46a31308851

SHA1
afa51925993dd0a843e5fc409251df8a6eef00a7

SHA256
8100e895e85b28a8fc559a4b1537af0bf148064bf1d3a7615bf33ccbce5067e9

SHA512
92869b147cc79f9a52fc90a58bbc9f818d933e2d1f6889e1b9c0f897daa3d6013422d44f32444e4f1b036757233914d4812ec922461228e26873efafc087fc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6bb57c0e7adfc0ad42b7dd2bc389195d

SHA1
37b0437c323b5ada2deec23ce0260c41d9cf2e81

SHA256
e80334820c14eafa9b35c34d4e070895d83cb0052fe0dae68924d118c2151f92

SHA512
51b8deef7b47efad8ae6635e723d53d71b647a348ce8ea8cdd86d2efd695daa8189b4f1eb64f717fbeeec2f72cf07fc4be1ecbbc85a5af9a21bf46ca56582709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b28e9b3fd396999fe3c6a1d50cf5bf92

SHA1
2711ef80c32b3378f18c13972a18c4c648669370

SHA256
3e54556dced91d2b6d5e7b04a3ef27f70fceafa5bbef2037fb7b88f7c1421afd

SHA512
9cae926e7f234581a7a638457e138966d014fbce22cdfb4972438581e8a670e584ca5a94477a82d28be60e29f7dbb7bd02fb48ade208f88c7f1f1c153d2d0f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c72cd822ed6e56c28f726b85cf83d502

SHA1
d7c86530090214ed003302167d02dca0e64c61ae

SHA256
17989f9ab9a75f6d6ae494ae8b06b58ad029d21d205334219fc40608fd5091fe

SHA512
7f1b692b5eba4c8f9adbfe4856b00d5e9eaa4b4b62363dd32ae06996a9408c074c5e1aefa7f601e3a84746ebd79e4d33789b4c693ff54fbc68c32c2c69448457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
3f97fe1847198514d1ce387500280252

SHA1
58f65e6f0b320d6eda22556cc2687b29ca6c2bc5

SHA256
03e0f4709d003c5e10e9ceabd56f07a2e84f935fa35145af2a49dd4be49007a0

SHA512
14ef6cb26101692dae69e7c95a4f753a1146c1d6f4ff8eb0a1a075047417130384db6f868ccb24f675f4a893d1a6452aae21922681b949b780e60d39ca4dcbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
12ea541fbd2fc501ce004700412a8661

SHA1
bb72af8c4d825be1ec012d7add679f5d19802920

SHA256
5c91c302bcd2bae34121f157fdeb8a9b4cf06a76b940ef83b8f082b1b9f847bb

SHA512
045c06c9fc95efadebe5f0829b2d2dbed9d3aa1f48cfdd7f5dc02194ea57ab09d5daa56de3184f99e3cc373634cb9ab739bee80f12eff5820fdadb32b1679e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8247638cf0c3c0a549b5746f29740001

SHA1
048832baea900918da1d36247bf6aa2b4b98b39c

SHA256
624839bc6b8b828407ade74898de2d66e8e279818c3f2f99709b50ab00c281f7

SHA512
2a00de532ee21bf540e95c59537f642c595ec2174855556e2a8ca5f25c6d2eed2dcb25c1edf30dd0adce81ac33cdb32920236be8b8a16c26b66fdfabdc9f7def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
83b2182108da27f7d251c3f7a6070827

SHA1
76e1825207256c240ee7cdcd16726229136c1470

SHA256
5d88a09273ee0f96a712738b8259264e0b5a8fb7211f2980f7cd39829d6642e0

SHA512
8ca9feba16bbbb9cb635058ed8c618de6e5f07720c85b9ddbd0dfa3f2463021a2b91182bdaac6a66133e8caa44c2490c4e132dca47a10bde9ee8aa405e0b0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cee89876866885580e4d28e127e1d736

SHA1
a0b7863ef443ea838e8b856e461a07c63db5be9b

SHA256
a24bb05199c3886e325bbaafaf83a7b372a5c2e07b7993c56af75c29ea10cf56

SHA512
76585ee4490408288f2c7618e4dd876a3c21a7e36098eba5dc6f1b833ee9c7addefd6cf39c94f7c548a09fd8d6ff3db7de09291e35525b8af834ecb47371dbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5d5d742e2ee9f9de5e9845d54710a5d8

SHA1
1d5b76fe635fba870f2952d0597bc7180507d6c2

SHA256
66cbfcd53d82c28c01b93be06f8a642b6484ec6c8fd4a6d28e159def859e7cb2

SHA512
10c128d6d457e60c4e47b97e5cbf93ce1a8d246b1748bb5222d973212e5bfeccf7268e0ad084e7803aaeda0a2d9809593eff6cc62587f155065cd7ebdb6c6ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b99e26bf895c0f6d8bb45bf5aadc306c

SHA1
ecbe56838f074bf1533ce61b605fdc95bbedc199

SHA256
a4d9e94f94ba7e50b2954013aa72159eef0a1219a18c2e754df339043016d842

SHA512
b3acb51977287de08c12aa7590525d4dcccee52b9a96e13143590847a5e30574975abcf8c50dd01c7fa757c7be91aaccbd4776d5e94301dcf96bdf0fb901b718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
501B

MD5
cb630b68bdc50efd67d085fae8664568

SHA1
dea735222cef2cc7e3c2c4972cf1f2ea4b6a77c1

SHA256
6cc9bd0d953da75ed199b06ac3282ad82d3863526cc6ff8502dffb5569bc2857

SHA512
64274606de44a7e043817369f49e4a185df069b657b21d6e8c13e3faf7cfc89906a4756deab5c8a3020fc66774e0d9b141f6bf0d3a0adbda33323e263e74e69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b12bd51939ea3bc4b30ea14f511eff93

SHA1
2574925381989cd3df6a6e2de74efe31ebafc771

SHA256
9f99bbc255c47b37e75cc511439a16c2c4ab0c066dc0d332187914617565ea9a

SHA512
eec499f356b07c956011b4aa09e657206365a890cf0eb1f40493b0051b6f15aa653de48107b265e0290d09fef857faee5969e45544b232bb92cffa685d2700bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9c5e6ea20b3c85d7587585554d8ac9f3

SHA1
feb2ca4f65344e6eee2c4eed81836dea5a0c8ccd

SHA256
526be20f3467657a1e0d66e3e4343d11d40615f27e5758400d89a8bf4a9fa1b0

SHA512
5094f10cd8ce0f8ffffc9362636681f2cf20771c0241decc3ea5d6dab8cc2dbd70e7f4485b0f4da705f31c7aae1cc1dde94b1cbb14e4553ce6a1a84d0f8a83a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68a63c2f9a8a2834fe1164a89e61d47c

SHA1
4c9992da63e5e681313d9571edbd92be3c21357f

SHA256
178b51704aa9ca4f02a7e90032a60756a5fb3b80eb5d2185ca3ce3a324593d6a

SHA512
cd96a899aac8a7b1c97152d6c8f00b4aca08a32ad887cb825bbe3ab80d4a4712bddd774286c9285e972ad2d185987b912c8bbbe4b1d3ff6a6b0251fab8cedc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
96bbf1eca49a669ee02f261a9a05cbf8

SHA1
268b1bfa4899b2ed7acba3a38290f6f85ab46f86

SHA256
7cbfef63a46ea89271492bd343537d3d5adbd031d7eea3d778ff25f1c85a7ad5

SHA512
42f88602ec8f58db72b7777c1cf442d52256d330ba8636ef8a6cbcfd980290062ecd6ef02c3c6c1671dd49d32ba65a0c99076819e06263167cf251cdb0cdb147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9691c4a2a302ee731782a99fedf95dd2

SHA1
f06a063ea17c88dfbff31060c4af9f6b36207e99

SHA256
56485277652ccb867c2496359a9e7636bf50a0a94b3ec1e1e8f083217820f5f4

SHA512
b051638e310ef8b38e47cda97d637e43d86689354e6e2916cd1f6be182950d8ae1cb16edc08cf1fbe9c668908016cdbcbd5c5978b37e0fd8b0bcad39990caa6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6913114a979e4ce5fb44aabcfabe2b3

SHA1
6cf34cd1ee03414f3bb58cfd4538cbde37f59e0d

SHA256
1f39823b3cd0ae786a6c8790c5e8fafb79d6d762d273422cd1f88994d291f985

SHA512
c407418963cb519be92a21f22122b4db624f6f0bdfd9e2ed474d138055cae954584b2a5c6ef0d14fd8acdb3480df51d1deef08dc12f5b4e7645571bd1111d612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
96e70d1a803649d50ae6e3d3de0e0905

SHA1
bf176a2a3fb7a03641603c24a9973aa682082821

SHA256
a55a23a0329061c52b20d42aeef8e436a74236f2040658e4f081bf6273d235a9

SHA512
69ecb77580a5ad66e0bbfe59bcb8d79bccf3f2269d44b17916feb15c425611ee526b125304b10547d007bab29290e988fb0121fe8acece83c1003cac47026d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7f4181addd7baab02f43699cd6af0b71

SHA1
43df554aa7e75e0ad24cb28ca257981ce9457e7c

SHA256
79ffbbf786377cd943695db9d8a8c64a2d4869ed3b63d17079961772cb9107d3

SHA512
eb6cf88f4a17e11ad02e4c04af512ca150d1778a60fad063451cd98868e1b7c0457bdc9117b7fcaefe3bd719a7ab3f69cc325310f23596a0b15ab5babea91c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
702edf237bb8717b3a395fb19eb3db2f

SHA1
24e3202dbb939f9106e70c7a8664b29c47c7f994

SHA256
c93c0dd259923d56387f5124f85e1bd9fd26677b4b0466247c2b9aa2044d93bc

SHA512
1af4fa718e2c858be0df9726c72ae2622e3a93295762e6f0a613feef009484d71c640a5337b466efe293304138f33bb00dbae46fd698c0221d92500e826ed02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
337B

MD5
a2906a2d526a2896c861ad93adddf29d

SHA1
bd3c7656357adc0b2524812c4da53e5416c9e41f

SHA256
32d2f3b4c43bb0d5bdbafeb7255b349fbb6114f9c3de00fd703816a642b85acd

SHA512
edff9ba6709682eda28c0e7e5db8f5c02eb24b233d056b87916ebcac6e440076ef392f55383442598936a62568551b3a74136503dda0581af8af624ae97ffef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5a880900152bea3fc647c2c0bf708a0d

SHA1
fa8256d88aa613f3da2e7168a48f191cfb7f1abf

SHA256
6c508d1b4de94ae2954a2e5af1ce1e9a505aa15098813ae043c41f4bf2b6095e

SHA512
9845b5ddaf43a9174b28e958efb1dfe5ba3e4601970e7258b6e06dcd4d274abf966870604c7fee14ac018f3700b3cc9398e4da4df8f5c563c15b4fc942c4c831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b41e611cec58fabd01f4f1e98a2988b2

SHA1
16320895dbc48072ec43500abc5074321ec36d6a

SHA256
cdfded50c74a234d793629f04d6cec22e666c3b8fff019cd2db6f10fb196a0cc

SHA512
2c1dfbd8008f83b4399451e8a11cbeb131f4a3afbe34b8f99967c9af6819983b89e5b4c3dc0a8a0c6bc7ad7e6ef7a53dbf9f866bec57f7395a4fe86857f1ac0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
37f774621424200e5946751b6a489a86

SHA1
7c0955e39e123de5f47a222f35d4d3ed875d8df8

SHA256
25078cb0f66c46b7313e8700a409b5149c797f84efef85c3f5bfab3d1d0372d1

SHA512
42a8906b678e4ba49f49ee105892366390f55236bca59bb0ebf33e7cef7b4cedd7182785503e90d70115d77f768a5bcb295090bde0c58a7ea76dce364e824103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d14cc912606868e618c64698e7649bce

SHA1
6771ec02c410bb0df8766a7b1c58ebcfe4d5c6d2

SHA256
9d6a29b1d541dfd161c7c3f958a1471521e0eeef08e65e1bbd06e18be8c01e35

SHA512
fc798baa1e34269256243e6532b1002dca52595e3845dd2e5a1ab129a028648177e443e1aed2ed902fe93994c57c31a9d9ee6075fdeaba503a70f007e09acd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e1b21dd15886bd6b24b5f2cb397435b9

SHA1
bda71cc01fb407e31dae3dbe418e34b6f7df2ed0

SHA256
996a876f8996f5a96333f41a53aff658392d04ef5454b644721db57f8f3b576d

SHA512
3d8527f1135cdaee6f68cb148f13c55085a16c795094d0bad896d01782cf70e859c29ac50d7d1a7c0a5d24a459bac5bd9438273597fbc155d6ca4ddc3be90f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e5f595729a36b04813d2cd48949b079a

SHA1
c9fe9c41986ef67c8936281e556bbed4c2c11c5a

SHA256
9c307137f62c103b8166a510b6cdd490090fa0f5d438205eb14ddd9d577bd6c4

SHA512
7db74607cf325ca10d9512f0e1558a46092975247b79f958990d738bbce8e6d2375f38afe7f5a3069a10ca07e1e739744e81bac31ca03a1c57759f4c67c2540f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2c872fddce2aeb0eea372f1a327bc90a

SHA1
f5bef84b6c9be2dfc7ec14f16e98b2b8e3242f3d

SHA256
a043759d6b93301a2bb435a1b305710790468e52730f778629aab19647ad8ed8

SHA512
f8a07cc6b58c56079d255e3ecbd79a8d1c551252f74e51c4c4b11442ae1f5b12ea8d70d7f16d78a634778cbded9994f3e4ac903d3a9bdc7214d84378c5e0846f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
80691251bf330da91e534d6da42b59ba

SHA1
551157e4c6c1f8d1d812259ccc59543efaa21e08

SHA256
dc33834ab7c8ea8f2983f30f9f3041eb3770650100d139eeb6fb3db44ad39c5d

SHA512
d45c9934becfbb212dc77f8e288583a8dcaa7e262f578ae33a23995e3613bc359592098dde0ea12fc5901bdc4f1c1bd802c664bbe758fba6363b58e7e36a2df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
655c941191bcad667e370839f73f9970

SHA1
8538c2ebdb32b05ebbececa26ea392469bfdf5bf

SHA256
e8436bb5f16bf85b037c1a5e0219048e355abb9f4552d774c736e0ca8c30c5dc

SHA512
80fc4e8ce7c73dd8ac11c233b01ec47e709176c95b279daaecbe44c4d9d17a8d0450a96074834394d9abcd39b3fc5fd7aa5104c49544c0c41249a9cc94a783b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0f80e2b6f1c2bc3d6497c8afc4928762

SHA1
fae17b3ec1abd3a9cc1f9c51e3d338ce368357bb

SHA256
d10e8162d12988d4a527a9d30af179ffb601deaf94a9c46fc9b87babeba997d0

SHA512
287acae78369bc588823910d7d7df8abceb37cf2e6e772d16f14cea9f512888cadf53896091a55ea7f19a5e5c836a8eb71be8a77f25f550c9ff96e4ff26e417e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9a34ee28409cbe90daa384792619b5c2

SHA1
40973f7f4a23aeb900b8ef250bf755ce85e10bdc

SHA256
8258bbfcbcf75c9ed73f569703e123a4e760ac4601b617fd97db4796ae82e283

SHA512
2efec26bfed4cfc0505b5b3edfca01e809cd9e6e23de120433b56abbd472a9707327faafdb66db62b0e5a33a461943fc995d14a07a3a4310e7adbd021852afe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
64f0a93de97049511a0960b6e8b1337a

SHA1
1ccd619a926009162fdbddbb00995951fd23f976

SHA256
2949413b4d9e672d62c99d64f68baada86141cdf16c0b9b7f277e94838a26f38

SHA512
3aae277f44e2627edacdb9729bd40a0778162aba97d602dfd171001d387b0067c9495b1ab6a3fd8971b89391155f790dd7b7e9cdf6f7785ff070afd02ae6372c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
557ed3a06ec4a2a838a7a54e439f6df9

SHA1
97a4a511fd4477c8c0b67272d2daa75568a9b599

SHA256
58be1bb8c5d234015ed0f2e6f7173277e09d04cbdad8b4b12a7a4c9dacf08951

SHA512
0ce2e2b67832f2755d26b91cf11b1d05b66d10593f58167c73aa920317d24b39ed54a974e993a985a7b1f4b03e42ae97f803ca3703ef29fc3d4536baa4198c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe62ec3f.TMP

Filesize
1KB

MD5
be3a7623cf4dedbbcb96433ae9501b9f

SHA1
3cb2912b8bdeffe6d0282566f249dcd7b9833249

SHA256
0b5fe1e5d9295e54a668f53b16ccb7ec68a81f66054173a469b4b1e6df68cad3

SHA512
c5d99371c725339c141110e01c92930b081926932aafc81232447dac8946ff078b081c329c6718f829ae31cd982522b15a97eac98accd65861a46c2a1f2cc14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
008f6591290b09ce1f94242315085dce

SHA1
c842ea67dff29a85a7d543325ed28da7420127a8

SHA256
5f2f7b1260a2f451555d14d2461bb59003e3ead3328d1e0ec4d89a6df616a717

SHA512
007ec87846b4159eeda493962caed062153c5376cf3d43aa3a36c19451237ad78bd3411bd8cf2bb5d5b09adb59be049900d126cf8ef7dac136b05f53a3eb8598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
85f573f708a2fd6e767a8966f27e8d02

SHA1
2a2e76bcc3e261301de7d9ac7b6a11431320383c

SHA256
2becd9edf66b1897db8390b2c4e415d2aa9c29aaa6ec77cd1676286c8bf4f61a

SHA512
5817089e736be0d38f5062ab9bc34cb8c31f913cb96b5c33d26972cf4b9253862d76e2495b5e90e75b14f8df259eb74e73c0b2af981cecdacf25e400703b76fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db76a3cd-6422-4d2e-80f2-0719dd4e0550.tmp

Filesize
6KB

MD5
7e62fb5820c8d5e443efd60a68ab1333

SHA1
94ec83d7754359bf911bc53b8d7e7742820d691d

SHA256
33cb3656dd6d2ca180be2d5f07e488277b322214da54cc557172090abd25c351

SHA512
9235116c5aa8d47dc08f2c67715c2cdc8f2db47e537cef030fcf4bdc788e4c359b1578c06e007c12124ab2a523cbdf7850c46cf194d48de5c7c7bd2000a3b340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
dee7062776f9d8f3a771e19215461edb

SHA1
8289fbe2c5dbf24e6e92c033c35abccdf04d5580

SHA256
e3542de6d4c19a65ae67480a857e47dfd546406573954ca9e7beebf70a68c099

SHA512
96d06175e950060d530565d6ee26109c5f0095b7ee2107560fd48010560b3662155ca47e48fa218a0af4f8e826454a62aa14759a2eb20929af604129b79c8f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f50b38c7d0b5d71e5ae956650e535ef3

SHA1
b93171a94eaacd64483978ea2aa6ef1a52255b92

SHA256
c621dde7cc78d6815d1f6a9ac9d8d3b13aac9b580f65a3872dcf7c0742ce5b06

SHA512
86dd69086c40610796e0e2f5cd2394e6db9e0e68ad2080522db2d1c2197733102d6ede8947c0fd386c1069f85b3a83a72de9d287acae63cfcfd3f340be9aec08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7e3e1c6a7eb767a614c3540673c0c220

SHA1
5de3eaaae2595d31ae4b3bd122717a17c67e19dd

SHA256
9688274eb8ddb054dbafb5769e1469adab255a761427124c3bc44d286863a83f

SHA512
df7c6b72fd7356cdafb04d0995939065989c9978df38430dd87ec56ef082f6425fc0553cfb175eb47d4f4c00ffeec7d200271a404a07e9ac2cde016a01bb1128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7018655db851fa4a9f7c663beac615f8

SHA1
a437e45be1ef129347114a76017013e1ef1214ca

SHA256
3ded83fe31ce25800be5a94e45ce7b38ef563fd0f13633fd95a6476a6e7cb235

SHA512
146fb82ea05a26d72c6ca73347ad3fe48329b0d59235a33e491d0e88acc7ac06b2c5b8fe18f9cab980a51179c5eaf4824014074b6a9c80de27ce0b3f964b3880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
12c282f4dee735512b3a61cb9064e5b4

SHA1
9261a2c8716a5ff71ea2bae685a954b5825ca3e0

SHA256
0bd8c1c4b97184092a8e464f88ff045b6ace3ab13dd625f5054a0e3434055ce3

SHA512
c31e7ebf61c0c476331c57ddc62270b084207fdc2fb2096c2f7af240e05aafb8f91a6adbea73b05edcd905c9d195538dd1ab3596d685d2da9da970dfe86d5ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
37ca5ed57d2b5d45067242615a74b185

SHA1
6e1cf1c4cb12c6aec76213332a3018d68910f750

SHA256
07758f3e0437771357993e5244b11f0c4c03a3ed0c25ce6fdf0df373c58732ff

SHA512
778301a73787e18af16df59c918221fb71eaca3863f724f5042ea0744fed1d8596bb5f77932cfbb630953713b3bc69c27a80f9e9bb453eb8996f312194884e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
17KB

MD5
165bb0dacb90320c0e21bbaaea64309d

SHA1
a0694f3d40806c01e6566d1a124a93d4b9c21a3d

SHA256
6951822c5e226f17c9a20fa3677ed03c7b0dec5e8d8962ccdbb10ca25ce85b9c

SHA512
515d5bccd68e173d18cac7e54e8360f0c7f11758a2decf3bcb158c45ede2c04a37e29fcc7cafb9d93e40b6321bb5d2d5b5728e2a81c1295d1121a180e033e8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
7a296a30f8ad62ec1bfe8017d4624c7f

SHA1
5dbbbd798e5d20b4c8458b324f8252b4cf566773

SHA256
dfcd21f36d356aef31434d2e40d0b3a9313c3d30b939f7d6665011004498b882

SHA512
a06369cd1ccbed31933c8472a069c2ae5d77a02cda1a6c3e066d5f7fe34a4cd55d2242bad711411aad9d7336f1a428e7f583809ba4e87545d23df530a844c93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
17KB

MD5
df06f8ddff0a739947a7359932fedf36

SHA1
4fb38e5aea57fc5f2538bcb43fcc1278baae277e

SHA256
6cc50c9bc1a253f13881235c8bd8685aee9587aa7c79909278da4012e57c753f

SHA512
3428ded5d7503aee1d1a145d1c71dda276a8bba668e8daeed1397fb23e276d7abd2b6d85606ff8a03294bfb4164e86c696216376fe1bd0eee7405287f0415f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f344169c1684855c6d1d7a209367a0d

SHA1
d5f3690b147180ef89e6b8598c3cf77e8837316b

SHA256
2d1f6e535976ae67f567e7070da1863b3576d28d83c4ad4c77deba04ebd840e3

SHA512
0986e6d77c21bde56497af9fb9e1280dad56606ce5fc5e9ac347a15fe95564aa91a731bc729d2aa1fc0c961df2dfdf6cd66a1133bd8bd3559065a75e2ea138b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1dcfb0f06f0e15107bd4804644b6532

SHA1
819a9fcfa1795fb590beb09296f5a455092221c3

SHA256
77abfc4008f73d62dce408e6b2512bf286331de90d5e2c841b82dbb99bf635c4

SHA512
887a9aa316ae42a1aca7a4400d235e7b03beb9508a306c4bcdc31d659156f89f0588d2b794113f3d9a86309205c76c38d0ea7a6e8eddad73c456e719b6b0463f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
623ea5223e14d5f46514eeb3196b7547

SHA1
5e69e23e1b2e006c0bd412d15d66c8a1e9d8576b

SHA256
be04e80bf81e613ec11b13d3a528ba38fa9a4b9f088ed948084fe8cb0354fafe

SHA512
e1b631542159cbe2e8d92f559d77910cbce73f5b22e5afabdde536aec637586c4836cecebf3e989515cce26f744e46e0fe9cc295ae334bfa154a6842f0befa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a4b51ceffac7e60dfa6f7ba2ce96824

SHA1
2a2579ec34b044373dde0dd92a6bb64b066de067

SHA256
a6d871cc9a7fae079ee4568f9186ebc17bb7dc2dc4ae7b7bccdb9db8f3b65639

SHA512
a4f5b7db1d007f57c4626a2d7b6ea2bcb33cdf2adf87bf9222418c25df692aba49c9f921de2e71f1638eb8f7aa946612503e00a681a87f325fc29bb98d27263a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
771af8e3a370a017d21927e30b647b7a

SHA1
bdb3a143bf03bda157549cf7497ff2c13740c7c1

SHA256
01f410dfb7f5f130ee9cab264a92f925fa6b0a23c129a0dcf77ea4573ae9434c

SHA512
1973997aeb9433faec4af0d432abb7cce04ed637bcea23fde276dff71bd0084bb88ff6a52b66d86d01cc13fd1c4a3ed3791224894b17c1a89abfe58a400297a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f38530da00cd6aafedbee2c6b03e1c4

SHA1
e0f967e0e95d4f8be1643f241adee1d3060a0b9a

SHA256
47d0ff3abbf8038fc02cf82de83589ffc4b820cc53e038d04a212ca09fef46b6

SHA512
783e866cadd91ff23ebd26cb1b1c306b53f94f71066aa36d17f60ddd88595ea8893eb80f89ce2015895f2efeb404453c5d5ef1d845e980caa63bffb8ebb405e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad053b66b6b95bc83f557c68c7431a84

SHA1
23285a237e038251937acf79279ffbf63c4311cb

SHA256
4ed40d09331e8c3ed1fad879970f2674b1c38e6b0ef09c7eb2a5aee2a7272970

SHA512
bef57a1f89fd985237d04a36d4f3e3d70e79e50fb517c8bc41c6cc8edc895271397335ae413ec850b8096b8930035ddb38945313763e3129c2a99f4b535db966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d500e55234c9d6c42ea57cbaa1f91633

SHA1
a3fa02d2b996d708b84ccb9404ce592e91190394

SHA256
5910623249b41dc4ccad25197201f435766ad6b568100188660f7e8003e6a589

SHA512
ddd1df2be7a118fc61b8d3a823d8d3d1f0cb383b6645ac4180db011f93474181a7e992bda63073447db670a1ab7de21e8f87e3c7427ea5c12c8a049d1e0f75d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
56c30e6e4ae2962101bbc97cfb66881f

SHA1
b74624c87203fa20ce41bbfb17768205ccc8b289

SHA256
01514428cc50d6b9e7b21f7ce494dbc88b610eae6a1427bea8c4441cfae7f13b

SHA512
0e6a2b3cf8786afaa218d25a6c969286e5f83748ac055593695603daaff38698477828fc7f36f3bb23677327c4141bbe4a7e710d248f64e8a2828ec5547a65fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\temE3EE.tmp

Filesize
206B

MD5
b13af738aa8be55154b2752979d76827

SHA1
64a5f927720af02a367c105c65c1f5da639b7a93

SHA256
663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b

SHA512
cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4

Download Submit
C:\Users\Admin\Desktop\Windows to MacOS\macOS Theme\macOS\launchpad\Contacts.runtimeconfig.json

Filesize
154B

MD5
42f40b6c1b9ab7f8f92b0ae5d8c5fdab

SHA1
92e1d5e7ffae89550a815389b851648f9bb6e64b

SHA256
ed69fdc80437b2d0fd2b177d018a6e800517200e4fb6dd54705f5a62a908ec38

SHA512
dac3b6a2cf992f23e0d15ad31449ba15f1a309dbbdaf11f7e62c44c7081fab8968986ff6690039c86522609b03ae95b127938c5e6f3c3ff9396a2911e81bc40e

Download Submit
C:\Users\Admin\Downloads\6a522ae9-b04a-42db-8857-4f8ebb2743c6.tmp

Filesize
13KB

MD5
f2de81148a5888b9b7b517736ad25eb7

SHA1
5847364ba7b1717d04a1e2583f09106f50186fc8

SHA256
288f7d8b4136eefe10e0c3a8d312e265ed471f610d89154caf170edea9b80cd9

SHA512
4cfdc13909db04cd44233ffba1bcf1cc5af8bd5a6f877eb0e0054a128f02ed0e3b514bf9ee4907aaa818725974723ca1a8e4ab2fb3621cd64ab4c5e5f1194394

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1596-1013-0x00000202AC110000-0x00000202AC120000-memory.dmp

Filesize
64KB

Download
memory/1596-1032-0x00000202AC110000-0x00000202AC120000-memory.dmp

Filesize
64KB

Download
memory/1596-1014-0x00000202AC110000-0x00000202AC120000-memory.dmp

Filesize
64KB

Download
memory/4040-1018-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1020-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1019-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1030-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1015-0x0000028D36F90000-0x0000028D36FA0000-memory.dmp

Filesize
64KB

Download
memory/4040-1016-0x0000028D36F90000-0x0000028D36FA0000-memory.dmp

Filesize
64KB

Download
memory/4040-1023-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1022-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1021-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1017-0x0000028D36FA0000-0x0000028D36FB0000-memory.dmp

Filesize
64KB

Download
memory/4040-1029-0x0000028D36F90000-0x0000028D36FA0000-memory.dmp

Filesize
64KB

Download
memory/4272-1011-0x000002218D720000-0x000002218D730000-memory.dmp

Filesize
64KB

Download
memory/4272-1010-0x000002218D720000-0x000002218D730000-memory.dmp

Filesize
64KB

Download
memory/4272-1012-0x000002218D720000-0x000002218D730000-memory.dmp

Filesize
64KB

Download
memory/4272-1036-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download
memory/4272-1035-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download
memory/4272-845-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download
memory/4272-844-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download
memory/4272-843-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download
memory/4272-1037-0x0000022192030000-0x0000022192040000-memory.dmp

Filesize
64KB

Download