hxxp://itch[.]io

Analysis

max time kernel
900s
max time network
447s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: blogger@master
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{9532F361-E422-4D0F-962C-4D2DF521E4E4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
316	msedge.exe
316	msedge.exe
3692	identity_helper.exe
3692	identity_helper.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
2624	msedge.exe
2624	msedge.exe
3796	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4736	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4736	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6052	PocketCampfire.exe
6052	PocketCampfire.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 1104	316	msedge.exe	83
PID 316 wrote to memory of 1104	316	msedge.exe	83
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 2820	316	msedge.exe	84
PID 316 wrote to memory of 1832	316	msedge.exe	85
PID 316 wrote to memory of 1832	316	msedge.exe	85
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86
PID 316 wrote to memory of 2452	316	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7452 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17009919781097213662,2097503814188983705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x3c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4516

C:\Users\Admin\Downloads\PocketCampfire_v2_WindowsZip\PocketCampfire.exe
"C:\Users\Admin\Downloads\PocketCampfire_v2_WindowsZip\PocketCampfire.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
98KB

MD5
00668bde5fab3e1b3e38b2d733006652

SHA1
1c352350b16b9170b67c223a2f9cba28bc379019

SHA256
5c85818ea20387a6d60dc33168971d4fee62c0bb6efc35c3dd118856e8d439d1

SHA512
6f133353afe93b4b29e15df635ff4338b0f4ce255a3358d6c712b2dc22756e3285910113189353d39f324b1ae315e3111d287a7283a8ca98323f8fb81fe37949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
26KB

MD5
b92faae6280e1e8991681306f3460e04

SHA1
97dabb789b0028f7bb42991208ce8eacff78fba8

SHA256
f3bf151e23146ea4689e501b3045c6e55552962e9aaeb3cadc02197f38b62b9f

SHA512
7abe5bf5eb6e3573d7e359ede3381ecf154dc3983695707e76be2e161ef35bf0915570f9ec11968f50327e01ad54ca756dae5a4b06fe3196943bcd0bfb457b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
29KB

MD5
307cc9c90b07960982452fd122fa89ca

SHA1
d3f42e1a37b7a5e959c39a58d2a0a0e052b49961

SHA256
c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718

SHA512
ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
630KB

MD5
f798d2a39df8db9cf4f4223a73b766bf

SHA1
6635b9d5bbb76faf7224aa2a43ef4b800c47dd5d

SHA256
0025bd2ae961705d6b49b2ed096a841085aac54e2e015bede34e7e2a58aae1bf

SHA512
a31fc091f7b7aac5229cfae15de6898f4d0d66b42a69720217e48abf96c5dbf92244ff191169e99c93618e667d13ea882ac4b6f79bbae6f1b5227786777349be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
734KB

MD5
3805383707ac674362519ecdda2b7cae

SHA1
490a6c06b303e73088bbdb9d99090b9f0abcd53c

SHA256
e24a1e252cb8099f045f3fe32fdd8d101e6ba7afe3b8c945effb7040922fd043

SHA512
6b0511b7f6a0fbde69238dc6cbf8e31e6f3a04e4f3aabb6d01ae312fa3220276faf53c45a4045ff20c89d6644839cbfe5733c7b16040063c5ed30ef0e14ff65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
695KB

MD5
fdcb524d3430359bcca99bd58dbb04b0

SHA1
589a860d7ccb03e0099a7e8ed536a38c7ade773f

SHA256
d978aecbce589f6da75ef05f6d1e44d06327cbd0078d6ada465156eb398c4f8a

SHA512
bda2ebc1a73170a503e257df08412211ab824ad8329a0cfd8c75157159add3f492ddab65faf6172080184950efaaa15921a5f6764204d3719cc7f4d2451f4183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
71cebbe35d4b0ced152759c631bda5c5

SHA1
913796176a0e9b6531410f302f20534bae850ab6

SHA256
224ae930f4034a131f12bfb6ef03fcceb56848ce485b99a063e68c12cae33d47

SHA512
7d7e3418db19877e23243a6c563f4d989845e3037f3b242f5dff8e80c40834c58624e0a7568db0f59515bd0899c017fe0b9743a6ba9bc83fd1a7a7d58bd1f72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f5a2d74ccaac068db563fe5be1cd31ad

SHA1
4824e54b6b29f2dc6c9a85cd822bfc9edaf9e5cb

SHA256
1af6610d428fa23b133168dcc5b34eb680e20018c32a865f08030213a437556d

SHA512
25cb1a48c180ffcc52cebc91e767a1d7e3351de0610d2cd9800bce09ca844368e2e0cdf35a7af5651bfe074deeb0228f2b55c4e1c51de74f52b8be3222cb5687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4e5592a17f0e57a7abd0518c0f59a4d5

SHA1
b5cc71fab2787f3fc01793b822c69e289a401b0f

SHA256
97162fe27e76b30582d985fdd9b375fc7015ed650ddf41d65dd8513b1db0de97

SHA512
88d71eb1986d916f6bedeb44b521783dd9b64e83c1221475e897ed1b122f2e6eb93d9c082d53654ecc43bf0e80349a83d6e4e91c6656cd6adb261816da83554c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
cf9461bc98efbf38bee78f6c0d81245c

SHA1
204951d497cc24ecee7db232fdf113fd706b4e07

SHA256
4a0a76d6d771087944290f0a1bb3a1881fba407fbd13076886e34098c90c9941

SHA512
fe7408cd0060744b291223c16e2542ae0a29a8c454030f357fa9e578f5c7275dbd55218a8889daa2988787559b50f8f4018baf901fbfa81e172ba138063ffdb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3d4f0240977c41adfda217687e11b22f

SHA1
385d180eeafa8ddfaaa03534d9e7f5b8eab4dc80

SHA256
6ff39f3c158ab2937be453f7890b0ea7dc9862b0261745ca169af681bb9b9b98

SHA512
7f523fc0b1469115807c48baa1540d26cb7d2da176be3337fc787026f5404af21982f2a145e116994eac62694dc7e3ac80aa583bd4550519166d1ab039ae77ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ae113a7f57d08d47e26f053bc9af548e

SHA1
15a1ebcac54e2fa784d630d1d261fdbefda2792a

SHA256
24e73b17efd128e098523e3cc8b5aa5b7ccefac4894b1e6c3ff260eb2fc67b56

SHA512
96fc52d12483114c862cd05ef05cfda03230fe7149d7a9399717c6fbc4523a87d402d94b33f7b521215b8f822a666bb7aa6be5ec95461443ee91b5ce67ef1553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
8a0ac21ed7442cb1ba8c663b6fd282c7

SHA1
0be2eeab521ea1d20409be7e880dbb42eea9d9e9

SHA256
b03d463e9e7e2b738678c01cde65d35a845b37052504695caebb29e5bb143b01

SHA512
5858dd58162ccf2750f575d79e34fbc53c67b6962626ff09f8928c4b7d1119dbe0392a8961ce4eede08a4c00ca134aebc7c16943d42e014bcfe4377a8f082b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11b1c0d9d883b33b6612529444911c9e

SHA1
4e77b950d693ed3a5b46f8fcfd3a17dda11b430c

SHA256
dd63175dc9591b9941ec3b4e0ae11b0e3b8bb87034cd490792365c99d535e828

SHA512
da0aa5fe7a5877dff1ec0365c2a0ef936641e81361258954922e2cb7607649e7b2123b17a76c30e1c885cb37660bae39b4cea8bc8676190fee55d3d6bf956ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d0731681871eec7a36220e03bbb1d76

SHA1
163cecec5b060e575eb58cca06738da7ca37b536

SHA256
0430db16a0538b78eac9ea099802479d58a3f444b603a919abfc50d0e65780d7

SHA512
ab5b19a727ed5ecf0923e3c3d29d432593465c123e1ee9c4b54045b12c5e5ac22549525c76987fa575fdfc4a8cd0c89753206269f82fff48d33ed08050273946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a0b1376100baa3cef63a2341944067e

SHA1
41b96f87327bb984116b2688a8f610481b151233

SHA256
3184cfb69ad510668134e13d5aef541c9103cba511af8826fe574637cefa189f

SHA512
0f7b539097e42b7728e20734493882d525e6d1410dee899960c477c55a08a8aee531956f1fb4c9b183ea63e7c831338cdf5f684006ff28693d430fb9d1fd7f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ed1f0eaff5a15ebd14b2862580252682

SHA1
5fb724589707738ee92b7ca3f7e33a8382ad8033

SHA256
e01f2b7f145d44c398adfde9d438a5f2468dac818e55f0ffbccd337e04960e25

SHA512
13552b5912ffcaa4768ec989926a20d3d3ac2f24ffceda6afe8ace5df7d6bf96a49f1ee7d1bc0b5abc72a258da20fcdda2254ea347eb659f1eff23310077c15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bbd448acb4a2d7e2e9f0794d8d06f0b0

SHA1
72bac2a235b5133d4780e4a5d96d7b0ada68e3a4

SHA256
76d3a1590c4817b2f5c22e792acbaa6b26bc6897a65a83730debd091b88b67be

SHA512
f4b8ce04f67eeabc4c868d2df1896d8cb39c5b6bca4882cd05af4bc83a077f97642bf86c495d6c9c696647eb12c860d9dab391f2240badd103b7864ea4d3f5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ee1914afbea8d134340bf1b606d859d

SHA1
d8af556c7886e27867376b03163020fdc164a170

SHA256
ea83ac675fc150fbac7ae057933f1a21c98f8d85eff4a8956402f0f678eb6bfd

SHA512
0f5fa14e55850b855690a7d7de397f995c3916a3630996eece78b53c447915fd9debc6f2901b3adf5dd0afb5d37b100cf309dbbc73829f0ee390b7e63923a232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e29dfd5b7ed1020df52b3309fa4476ce

SHA1
173160ddf2b034f55928fe7cfb3a260dad24612b

SHA256
5d813e0e7fc528142bd8d2bb8b5ce307ca5240608c4168902365461091c7c029

SHA512
869914aee7c5dd40234b978ee745727d3878958b10befe8dbe156b13c85201f043af0d81e6c3049f7ea23e2f94ac3a23140f9797b6549a5d8a580b840ce2a5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
62f4374a08b39f26c094f16802c58106

SHA1
46052ba0f231277ed4edcc5d371b61c0f21209a7

SHA256
ff748614c281eb29a300560297f0d4b1dace6a8bf56d93fd973112284d8519aa

SHA512
0034c949f6f380c5ba639386dcf3fef1a4fe4ce96d1f121a6e98e65f8a1b99359d7800da9b9bd60e5bd8d0cde18316a7dd605f6ab2c427de93df2528bfecac2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
282cd5791d78d6bd9db9bc500fa64858

SHA1
e8fe097f83504d2cb69739980868c8bd1008e814

SHA256
58d045a747ec06d8aeaa8ff7b5af8c80253ae814d1feb76912a5cd253e8002bd

SHA512
626af5f4b775cf6ec87cfaa6f02a5bef6e41e3de168521de275732914f17508a93195f472f65d074588470578bc908e27bc0fdedb1a599f2546bbf2dcd673881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91c6e1ddceb0583ec7476715fdeebcc5

SHA1
79114a9a34e605c1c4620c48e6120c06279a30f8

SHA256
7b5d8c0494c0129e8a48d8ea9a8d922e0ad6991c806673324c13ec78e1cc82e4

SHA512
ef3fc98f6ae8b76c07b01782ec43a2d457b1b51e46daceb3e3cec0cd46f890b5075ebde444761f989577fb323731b24422e691ab30595b721c9a5ae198bf9264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4961fa8a54d7af3d0da3d5bc8c5728d

SHA1
55b0013dc01bf0ccaa5f7c2eefb360f8ef32bcd0

SHA256
51776bb1fb4a1a5a9358bbf089a99bcd5bdd90fb57c522ddd466131bd5ca4cbe

SHA512
419765a86c1cae4a9a5a706baec4d51d18ff63b2940b558483fcccac65d98d88748a3dfc0517bcba97ea0306bd3e92bbf18c63004d729d106a2da01d79c6d4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d69e59b88f862cced8e69cfab63c1795

SHA1
ece5a57f51195ee4720fcad0855a115bd3a02d99

SHA256
e95cdff25fb743643006433e9d4b8f5505edf3fa08044532832efdce9ae226bb

SHA512
7f787adadb33a790c94932e941ab3506dddc4ccb10bde6beb60bbf7499bf4fae92f6fb2529361646342ac005139f9cc3129697a0bdcd059773dc0e70a7083a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\3823dfe6-7a3b-48d0-bda9-2dfc5c98ebfc\index-dir\the-real-index

Filesize
120B

MD5
dc197beeadfbdd6240c2292f65592765

SHA1
09b50ea9d7f522ff2a9ab53165b2e5230136a3ce

SHA256
6cb16b520254d4bbb52615f1ae0ddd1d4937fe0605c0ddec885b8869cdda0d34

SHA512
c021b21039c5af90e651bbc47a2901ad22dcaf49dd048a303e8ce5e47ef7df757b448442e8050f937c26cb3746645bf55977e03eff0bc5402867cc01d772f4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\3823dfe6-7a3b-48d0-bda9-2dfc5c98ebfc\index-dir\the-real-index~RFe5b39c9.TMP

Filesize
48B

MD5
b83d046483e89460c15aa7ba8dc8e156

SHA1
bcdd63e5fe8565cdceb94a0f5257aac8939b9acd

SHA256
e4106ae04d970975566c8bc3c5d5af646a016b6c8d0fb16204924896cc8ebdb9

SHA512
cf7f2ff9740b3bfe7544aed6f8ea5e323284f33d435bb618051abf66ec432deb7a475a7616a1b8922c60aa97aa29f85c6ad8843612c743091e9c6425f0b33ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\b5387dad-2b11-4fe5-8fd5-fbb533c708a0\index-dir\the-real-index

Filesize
96B

MD5
f88f5fc879e57250a15ea89b7ab623a0

SHA1
6e8445d80646ceede0668603bb03ec4320dda100

SHA256
ad0abd2adfbe6dd25e699af7a68333632334a14dae49352753a8da9140161572

SHA512
262c2f8a49ca8d1908a253668e20f7ba6c492f4b31941d44a2d262b5461872177516d65b7b6365b83f614e0c09928202c325b90faa8a9c5301af0d897ca209c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\b5387dad-2b11-4fe5-8fd5-fbb533c708a0\index-dir\the-real-index~RFe5b3b60.TMP

Filesize
48B

MD5
5ddbb73f341cfb0e21f33b7d895ac884

SHA1
91ec21a6257dad56c9dd3da0547ab6af167e752d

SHA256
2b6c661bf8badf52d86746485327fbbed14d908fa8a95cf6d3b3843e789345d8

SHA512
8dacbd95743383c37d98bbd649e6277ef5e70f54127343794c63be6c4e67868d54479512a6406cc244b1a04da8ca7b7d1166ae1fe45969d9c7b243925e1b5cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\c75a0584-afb1-4854-887e-1773774da510\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt

Filesize
235B

MD5
46f6362f02ba402f495418de854bfa5b

SHA1
7fce3f6d3ff8f21a8e00b0b0306f1dc5000f3bee

SHA256
74b333949320424a889e919a21af35d415188e4677c6ec027f701b9198d2434e

SHA512
f6affb47b0a75d6b51c98b9b09fe6e74b15015ab74dca53fd1326d487c29dd96c36cb73061431cf8d73c2398881de4f67fc2084b4f24ab19832f3ea8b0c9c617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt

Filesize
362B

MD5
3a6ad21cc551df162d1b287b460bdede

SHA1
818b486767236735c7f51650c019b24066451148

SHA256
3acc61476e5c120a8d48db33c61c46a63af273ef28846772373d7fb8fdb24729

SHA512
c715ae04affa21040fee9dcaf540c87dc03e70856301f32685bc21f4df0056bd4f139126e86d9ee2db97e5bf128b8f18f0087870c123a4c4478fb4ed58ed9279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt

Filesize
490B

MD5
a688c20d1107c2ce6689e1634f0d1c9b

SHA1
ead72ee900b3a2151e3a99c6ed7350444810a8c2

SHA256
e91e7b79d63df2665620481774ea3fb913913f10a596cd8d3debc8a2306e40d7

SHA512
49670a6894ab70734eebe7d2a115cbc8cad52771ad823e4e0d6f4af1f1113e0a44f57a7b1c1728cb8862cf3e321b581b32aa567692e258512908d57382c9655d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt

Filesize
620B

MD5
8d4368ae94936e90ff465c3ff2ec135b

SHA1
9b681441a600ac548a82aac11e23e51d9ed6ac14

SHA256
903f16e2d0f2a444cf9dd7a1dc0e8e826a1aed5df23eb6a6b93b8b2963baeaad

SHA512
cd0aff1b9016d5cca738baf9f0762d988295ccc05977a0a41895f5957fb9fc017ebca8fae59a477ec414e873777e9e0c1d1e00d95dbb94b2592ca0d91ac15687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt

Filesize
615B

MD5
92744d7269ac3c7e984b7fb80c197d5d

SHA1
e33d69a7527aa7fd59cf26df64ba3e35d2fa2d7a

SHA256
f58979120311181e1d0c34c868da18cce74bbb42f7d1f9916f6dcb7dfe2a6bb8

SHA512
f874ae2f07eb5a3e9a2c2a92be32701894d344e78cfa00e4e4c92bdbcddc593d861c22ae559096c9fa09b21544573bab483520907ffcd75ceadd3b49d17f0b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6430f1d0dae3c4761bfa6f80969bd2a24818059d\index.txt~RFe5ad812.TMP

Filesize
108B

MD5
4b78c3cd3e8f5a5d04c2216ce5cf41ca

SHA1
77796c83b3f1b83dc306919aaf3e922d95f42b38

SHA256
c7fbb3d509a6ea935657e5cbd9f3eeca4260a81243e1666ab063c82b74e45987

SHA512
cdf9b65093dcba3272637fb1b2b050388164d62cab7c25d7ab0537085731b222e5eb40de146f776ea1ec51fb8a4e224bc33ad1a2ac7f6a96994cc6a963be2175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5a9fb405721915a94e9c9ee823443449

SHA1
10a9020a1cd1b0fc3bfe42a5c3e62a660ded1f64

SHA256
2a60a0b2b9345103a108bf07a57664c6b918f81fd0e8d34be7aed4498b4866d1

SHA512
9bee7deff1e13beca8e0c93b70dd1e40c557299949efa9e17df2ae1e06ac8be6449930f8fbc2f9c8f79bd84a913f993bdf03a39f9bce3223b244d5960a9154e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b2528.TMP

Filesize
48B

MD5
a5e9b3d7c4956b0b62a931e0416030cc

SHA1
2cd0382e460f121c0875ff53475a5d139781d002

SHA256
da07781d098fd6b4a47be73b9be0d89f7b8a0132a7a9fe97fae921eaba9472dc

SHA512
6dcff2495585847664f8b4412c158fd2c9d1005f068b1f683ec369b7868480a691074c219fc8a27f29f6cdedacc18d07102fbf6f6d264012114fdae09a9a202c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
392fa4f8c495ec78c763e48a9496ec6e

SHA1
f877c7c0fc8ab8674969ef6ad62f954751b57aa2

SHA256
1cf80228f9d39130360157361e2f49a72d8c7cb2807e2bf5390e54ec996b29e0

SHA512
484d50780c55fdbef664e6448ff636fece6c9092a642bc77e77a5be0c254e8aeb83aeb25ccb4ec59d4b04250c7d9ed3829543a4d542ecd94bc4a4649845f81ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
2074fb722bfe4927429148bc193b8de9

SHA1
90bbe9a09c1914b7455dc0aab2ac1b4ac8f7ec75

SHA256
6048f3b7d112d93261bfdd8c7b0fd7690db2d70ba59e66cefcf90d6f085acc27

SHA512
22609eae300ad1ac6d09b1b078729ca372ba6155be5efc9aa41f55a9db5fdd78849be9f418e2274da371de4a69f7510556df9aa4666c8456f96a3459ec071de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6944cbba78834b79f5bbc1344d972f71

SHA1
a8d6b6de9f97c9725cba862532b6adb40451b084

SHA256
1e95e9af3fe08d51a396ed056d411bb575ba0f30cceec0e504bc50959e39323d

SHA512
8c387941d71023d977ca142e4aa7e1d827f62c4842437176ced0e08cb5b31a9a249784f1207258d32aa7ea03ab06fb2ca75b1b725bd5887c8b0bdf7543f87801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
222d7895acb49e991aaf7ea5e9df9bcf

SHA1
ebc7c68313081cbfadde67c113975adab19854c7

SHA256
b696971f43282acd8b57dd55ba48e2df410f2974818cf5df919daf8249d11423

SHA512
44cbe29ffe5d675e825cb7e9801bc6d9f3fddabc1e6791b482878dfc14df312abb5c31bb3163750a36a00e7e1cd20fab06e097aaa9e35e28e07dfd23997448c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cc69d1186ae39dbfc7c32e2894e8bdbe

SHA1
2aac7ad20f9815d35e7e9f5314b22454f7db1386

SHA256
a92fb3869050ea3d43591750314fe8d19ab4d6c584e155225b2cc993bb7470e8

SHA512
13b8accd1cbcb76b27d9bece7470a1b911ca7ab264b1e2023b79e3cc7f13bf4a368ee17fbe9105fc41b251471e22c883dfea9f01e9ccd0d78d4d2f6292c4d991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
99854fa10871d0f6987e14c5e954769c

SHA1
276203c1171ae0e9b60a882527636ed8796bdb72

SHA256
2e0e757e3f6d427c5cd96158763a4676b51da2aca78aa2344bf2be0c81462baa

SHA512
5f422d3d8818bcfe3cb83864adf2ff4e382c87beeb5cf429a63c979f51913202fb8efd4b71fbad4dcc3fe627984f9db95f9c899d236a2bbd64e64acc0d6396fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcfd14790aea2bfac20197d3663ca022

SHA1
98bb2b5d8617adccf0affb2d81fa88208181c657

SHA256
60a26d6918f02e40d168fffaace2b60f33e615d8350934a1e81b67f97df40372

SHA512
8783cf72d01e3c090f2e606c46a0194dfbddbff6e5858bce6dea898e898eb0e07faabd3dc4bc15f772352241d32ba419c18a5b76066d370c131bc279639dd6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587d2a.TMP

Filesize
371B

MD5
a390c0aa52058a4779c024939e440591

SHA1
104e7b46e70b569d53a934be054e156a9f37e449

SHA256
e698ec0b06e17156c82f3910b6f4c7e587457053dd150eacc4d9bc716c5957f3

SHA512
9950a3942015ecfe757394ca5ad7bf4520d56169b141059baa34c3a41e3a395d0b10e22c9b8a583ed424b9810a506fa6520069dc881c5ec8b6d1594aff5f79a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0604674-69be-43ce-9d77-3c1286b14d81.tmp

Filesize
8KB

MD5
dd0e29d79e90d928baad6cd395b979d9

SHA1
f95c05690b5b6cb6ade58631a2c86185f273ee48

SHA256
8be36b45b7308906fb55ebb1b203bfbb22169ad9a61d3202bd4e84733dfbb57a

SHA512
d98e3886346284c6a8134ca22a233fde2aceaedadd53626e991ec46c3e2c84642403a71f69775f78c16674bf57ee99f7cf01095778262294e7062a8df72481a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca2fa64db01fddc17e1ff20daecf34ab

SHA1
883ba681477bf50a597355aba726edfe17ebc9f0

SHA256
0a87378dd3671a03ce2911078535bcc4b9e18541b656a606d45b4976ff4c7074

SHA512
0eabb7b7d540daddbda796462036572c1debf76ffd12003922681f9642000bc422cad92ef0b56da110e8f2868f3b0ee6ef2f747529ce4f63012c841c6143b82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1382abe304a4aea7e8bd67cdc9badd78

SHA1
5f899201c0f0ed8d756e0b74fccd4a2a167d3006

SHA256
30bb533c3e49b5c3e0ed4d0b6320223c45202c39eb6905ca4bdbd0987d9e7ff8

SHA512
e8c8e9b4c14c4da85d495e4cd302216cef7d849dccd64c0b7aa751a342819cffe307f3053bce126e0a2726d736bd0725736aea29a5dec3cda46bdebb5e6de0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2a82438f5c44a9aa0fe313b931695dd

SHA1
65f5d9868b99b9ac9d2c6635b8eaa661294f1347

SHA256
56c915f343cb64c7fb6aa2f1cf6d3d80fb9c3aa882e49d66f1084992faca19c2

SHA512
2d751eeb94cee7c9825a6798cf6cfb0071a2a98ff7e7c58d4784d6b053e69f846a9bd3765264fc284ee60cfd3f1c2df6ff59b82e0f445b79441223f03e059091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
258fe9135bc91edd5d2c08e420b3c2b2

SHA1
76fff801251b1236124395380cfb5e845861abf2

SHA256
0ab248a6126535f0f7b5b74557cc61b816db124aad9987f378be93f9c1d4856a

SHA512
b36cbce669e5bd9ce585a0eb5e3864d2b502f77d0cd327479ee02bbc7c03bd3c1c27e706526cacf320d44cdb6392c21cd3ce84518c06fc1c0bd52153600c5279

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2061bcb19c32e1cd07a54dff3750d0a5

SHA1
b2400487835187a8c39e7e8f24416e0b862370a1

SHA256
fe8e1eaf978c4c1d74a4b6521ccb0f2caede20337d0bfb984e69c109000a9e9f

SHA512
e24c26c553db60c7cf5cf4c3e08e37ea0b874f9f85ea2c600241f6a813c987a0d064144180b84b47eb95615c35107a05b738342b39d8e75f72ec010edce811aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
18a745423ae8d6fd34cf87a36f0a656b

SHA1
cef6713c6ea03c4ad4b889facda6de9abb6e1e37

SHA256
8ddc94025ad155751a7e1624dd17cdcd3e4311638b8d270cba9325eeb6bc14fc

SHA512
c133d4837f3085e53b47168e7f54124cf98d659fb3c677e82d8ad9d734d548453c1eb15589aaf360aa72b9026edfad6deb29f3af54a50efcc677d71c0b6ac63d

Download Submit