lumma | hxxps://yxzs[.]neocities[.]org/deobf/

Analysis

max time kernel
503s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yxzs.neocities.org/deobf/

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://h011daycrafter.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NewInst V1.0.91.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	NewInst V1.0.91.exe

Executes dropped EXE 5 IoCs

Processes:

NewInst V1.0.91.exeLibrary.comPlayBoost.exeNeoblox.exeNeoblox.exe

pid process

3812 NewInst V1.0.91.exe
3984 Library.com
5528 PlayBoost.exe
4996 Neoblox.exe
5312 Neoblox.exe

pid	process
3812	NewInst V1.0.91.exe
3984	Library.com
5528	PlayBoost.exe
4996	Neoblox.exe
5312	Neoblox.exe

Loads dropped DLL 16 IoCs

Processes:

Neoblox.exeNeoblox.exe

pid	process
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
4996	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs
discovery

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

2212 tasklist.exe
5464 tasklist.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

PlayBoost.exe

description pid process target process

PID 5528 set thread context of 1756 5528 PlayBoost.exe BitLockerToGo.exe

pid	process
2212	tasklist.exe
5464	tasklist.exe

description	pid	process	target process
PID 5528 set thread context of 1756	5528	PlayBoost.exe	BitLockerToGo.exe

Drops file in Windows directory 3 IoCs

Processes:

NewInst V1.0.91.exe

description	ioc	process
File opened for modification	C:\Windows\VacanciesNature	NewInst V1.0.91.exe
File opened for modification	C:\Windows\GaleKorean	NewInst V1.0.91.exe
File opened for modification	C:\Windows\PaperbackEngaging	NewInst V1.0.91.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1480 4996 WerFault.exe Neoblox.exe
5192 5312 WerFault.exe Neoblox.exe

pid	pid_target	process	target process
1480	4996	WerFault.exe	Neoblox.exe
5192	5312	WerFault.exe	Neoblox.exe

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exechoice.exeBitLockerToGo.exeNewInst V1.0.91.exetasklist.execmd.exeLibrary.comcmd.exetasklist.exeneobloxBootstrapper.exeNeoblox.exeNeoblox.exefindstr.exefindstr.exePlayBoost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewInst V1.0.91.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Library.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	neobloxBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Neoblox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Neoblox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlayBoost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

Neoblox.exeNeoblox.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Neoblox.exe = "11001"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\IESettingSync	Neoblox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	Neoblox.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\IESettingSync	Neoblox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Neoblox.exe

Modifies registry class 64 IoCs

Processes:

msedge.exemsedge.exeneobloxBootstrapper.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000000000002000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "6"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\NodeSlot = "9"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	neobloxBootstrapper.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeLibrary.commsedge.exemsedge.exemsedge.exe

pid	process
208	msedge.exe
208	msedge.exe
1280	msedge.exe
1280	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
5648	msedge.exe
5648	msedge.exe
5648	msedge.exe
5648	msedge.exe
4356	msedge.exe
4356	msedge.exe
3624	msedge.exe
3624	msedge.exe
2700	msedge.exe
2700	msedge.exe
3984	Library.com
3984	Library.com
3984	Library.com
3984	Library.com
3984	Library.com
3984	Library.com
2116	msedge.exe
2116	msedge.exe
4112	msedge.exe
4112	msedge.exe
5528	msedge.exe
5528	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

7zFM.exemsedge.exe

pid process

5376 7zFM.exe
5528 msedge.exe

pid	process
5376	7zFM.exe
5528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

msedge.exe

pid	process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

AUDIODG.EXE7zFM.exetasklist.exetasklist.exe7zFM.exePlayBoost.exeneobloxBootstrapper.exe

description	pid	process
Token: 33	2420	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2420	AUDIODG.EXE
Token: SeRestorePrivilege	5324	7zFM.exe
Token: 35	5324	7zFM.exe
Token: SeSecurityPrivilege	5324	7zFM.exe
Token: SeDebugPrivilege	2212	tasklist.exe
Token: SeDebugPrivilege	5464	tasklist.exe
Token: SeRestorePrivilege	5376	7zFM.exe
Token: 35	5376	7zFM.exe
Token: SeSecurityPrivilege	5376	7zFM.exe
Token: SeSecurityPrivilege	5376	7zFM.exe
Token: SeDebugPrivilege	5528	PlayBoost.exe
Token: SeDebugPrivilege	4552	neobloxBootstrapper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exeLibrary.com

pid	process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
3984	Library.com
3984	Library.com
3984	Library.com
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

msedge.exemsedge.exeNeoblox.exeNeoblox.exe

pid	process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
5528	msedge.exe
5528	msedge.exe
5528	msedge.exe
4996	Neoblox.exe
4996	Neoblox.exe
5312	Neoblox.exe
5312	Neoblox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1280 wrote to memory of 2208	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2208	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2276	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 208	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 208	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe
PID 1280 wrote to memory of 2124	1280	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://yxzs.neocities.org/deobf/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb315846f8,0x7ffb31584708,0x7ffb31584718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2124,14997728002827672918,12717785184939465014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7916 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5724

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Вооtstraррer-1.0.91-x64-Released.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5324

C:\Users\Admin\Desktop\nеwm\NewInst V1.0.91.exe
"C:\Users\Admin\Desktop\nеwm\NewInst V1.0.91.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3812
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Addressed Addressed.cmd & Addressed.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5200
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2212
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "wrsa opssvc"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4644
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5464
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1536
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 273724
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3476
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Surveys + ..\Tools + ..\James + ..\Eclipse + ..\Identify + ..\Electronic + ..\Sprint + ..\Official i
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\273724\Library.com
    Library.com i
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:3984
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5180

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PlayBoost.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5376

C:\Users\Admin\Desktop\nеwm\PlayBoost.exe
"C:\Users\Admin\Desktop\nеwm\PlayBoost.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5528
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1756

C:\Users\Admin\Desktop\Neoblox_Bootstrapper\neobloxBootstrapper.exe
"C:\Users\Admin\Desktop\Neoblox_Bootstrapper\neobloxBootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4552

C:\Users\Admin\Desktop\Neoblox_Bootstrapper\Neoblox\Neoblox.exe
"C:\Users\Admin\Desktop\Neoblox_Bootstrapper\Neoblox\Neoblox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 2224
  2⤵
  - Program crash
  PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4996 -ip 4996
1⤵
PID:3876

C:\Users\Admin\Desktop\Neoblox_Bootstrapper\Neoblox\Neoblox.exe
"C:\Users\Admin\Desktop\Neoblox_Bootstrapper\Neoblox\Neoblox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 2220
  2⤵
  - Program crash
  PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5312 -ip 5312
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\733f4bbe-2dd9-4290-bcc2-2b5927804228.tmp

Filesize
10KB

MD5
215eebd79694fad8997679a70c622c3d

SHA1
0a050f58f88296df13259dff275d894cf421f736

SHA256
2570d70a50fd5294ac47c82d415b1653fec3031f244de4c6c1d80a24e57575e5

SHA512
2105ddac5c1181e40a7ea19f08cdcfcf05759ecee669196e759d1bbf73b5f41e5a7bea6625fe7a8db4d1b5a4bd1439194fd7462cb9dfd6bb1e1aefebec176388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
233KB

MD5
e21e1c5d267c7141fd3709f6e68e4f7c

SHA1
63dc49f8a0bc7eda46588972558b118898a11b98

SHA256
5c073779daba3739f20b07242784b76320dd3c5488d6066fc507dc8af2debb18

SHA512
0835289b4f527d9603cc1c1fc549bd87df3e276f3374aecdb16dcaeb39461dbd09e18526e9ae5c5885258589b45ab6c570c018b910d3e2481d981657eedbc449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
48KB

MD5
baa9f9df378773cb28884dedeb3808f6

SHA1
9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

SHA256
515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

SHA512
62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
615KB

MD5
33fc776f10d022a60c1e973c4ee94ba4

SHA1
d9f3cf53e8034db68c989c1901599db9ad73082d

SHA256
1f10496e8925eb655a09223c49aa1a4694f59fa305b33e43d3adac5f20a904e9

SHA512
b56b056918ce0c01aae4637f6384a5f34412b30662e260fe341955fc9b32f1ad40c4260a3f9a00faa12438eae78eeb6a06e093911afc647614080f0f33d45b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
32KB

MD5
90236dff8eaac9d9bfec313eac7eac31

SHA1
7861dc7dfc1f09dda8e28c95184e5a41793424f5

SHA256
6db69024cd05d7b2ce2587fa7b4fb0ad5db3c8803877036572b1a9ac635212bf

SHA512
1c4cc14d35a2fbab09641a54426704fedea34eb651e288c57095cd2a9bac67c6c657a2721b064e895307efbd68a913f841e8dc1ced5ed2a0c1edd81129503cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
33KB

MD5
5e8638a723e148d34934402440556382

SHA1
48306e28d1dae239ecf39cb9b0b8575be87f7fd2

SHA256
9ff010dc2651a20251f065bf172a8e17bcfd04a95219d5a98f022c6187c914fb

SHA512
595ba7461dfb1c673f0897c359be878ff3535d7f73144aa4057a93dede78b00e6ab0b421e7e8a1b387622407702da40ce30575a019b27fd7777f67511a665ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
55KB

MD5
7d3cb34ac2aa60e15ac40f3d1f973667

SHA1
05fbf9318321a37b087f3048e1bdb940513e0b8a

SHA256
f15dbf6e4bb12e50a97d97da23df3938c5aa61bfd794a9936c366eef9907989d

SHA512
5acd5efc80259a9a6055361a1ff402d88b87f1c45b520a7eaec8370fb5ce228a66984727ced430e820bc6f7f8b0d8be132cf1dd68f8f5cdebe4560dc87fda2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
149KB

MD5
11f969d52a3e8a0ded404c69e9094984

SHA1
57c26c9c13b3f58704ebfc6ba4ecfa61e86c2a11

SHA256
b8f3162bb409ef00fdc25e211161fcab10bb02a4be6b38824e4e58fd7c52ea77

SHA512
a90dcad67540ed6e36d999fd1a2657da5289c6335084f875740f2ec1a09a4935db4dbf03da1ec8291065e30f90c9f589a6a2a792944941bf3f727d19ad412834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
148KB

MD5
5f91f55b9cb63e75fa6deac1e05bae03

SHA1
ee3ca98e01084706b6713d48eb2f7064f473a510

SHA256
c8b6a583fed5e64d51e1779c1cdc08d7c29ea94741dba2b69d9fe9f7342f426d

SHA512
4bcc37ed481bd40f013d234f78189746304d33aacae567a128b52c323d1561378d5facecb3bfcfade818a524c0a12e0f26743fb99dffdf426cad830c66e732b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
414666e62547284a040f75e19bec6197

SHA1
4b80e2ba123a0b9073ac0da6bf7e99b12dc85bb7

SHA256
fed37352c9f40b00ade61b776539fdd8d5cc179cc00829651341c91f6f7e00a9

SHA512
57c7c7b2ad89cd2f26a1a815cffd35b3e6aeeaa2db5744955e444e510eb9a23980b0ab7495af46c4ab9b122d266c5f3da985e36e8fd5b682e8b3771a473ab316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
092ccf481089cb8646509ac79c4ce399

SHA1
ccdcbce2c78b14539e73ded20e4b20a82356b159

SHA256
1ff9744d0dee2b8007c0881cde17a93bb030ef7f0f36633930c375f5f6f8db35

SHA512
a979717804307f15c34594b686981a1d21c8a44b6ea71893af9e36698aec4bacbaf19a0cfa84811fd066d249fec6b49d34cb54485b83057f33b2e88d242dbbab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
1927235f14b8b76d44e6ba797051b1e0

SHA1
84cc940cf601b770281d4823eeb7ac16928f4cdc

SHA256
83f46f7f938e53ef184f74f878449e89170a17d5fbc443fa5589287be970385e

SHA512
5d6bf2f7eeb65a7717fb02f507ffcd653816aae2128360d6cd72c0dd28cbfbcfc4e30c439596ba58941720b9678fa2dc53cc616ab9b45b60691b7924af9f3c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ee885b5d5b2694689947ca9e88afe4d1

SHA1
53c6be8c6943ddc225e2aeb6815911165a49edde

SHA256
f361ad66b7f7aeda45018b0e159d3a934f95e288531efa088738a6d75d0872e6

SHA512
943f2fbe680e993a94ce96a0e29289452c4a69f708e5e6062cbce75406c72f80856fe28d6686a78401614f256b99442272945621142ca1d72dddea2ce6480357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
b0a822f44e8c67fe8007921ae4912ef3

SHA1
60d191b8dfb7b8e738c053bcfec6170ee7d4a921

SHA256
c38f7d94087c2dbed994c965636bf79e2de39d34b569cb44dd8500824eca5bf3

SHA512
e071b315e4d2fa93f4d1d7a5bf64d43654edd49762ddf494bdb880d677c750ef7b0e07314d25196f5741dd69aa3a3e1ea88516f8ac488c81436e3635b0c02601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
6b2d8db455b20ce13f1bb7ba50349e79

SHA1
f1c5f9ec05aad005b6b65dddf96c036fb3ec1e34

SHA256
9746840cf2f819a6e4f0e638e669cb2a7ad5cf3094bbe878799a9bbd9014045f

SHA512
baa80ca054ff4d47e89b24d4eb021abe116962417a8651107a95d47a7ad33aa38bb324bb9497c10a4750eb834ad51b9835b38dceb96adc6c1f26fcf7f5b8ed39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
84851e64dfcdff410067029081a53f28

SHA1
1a08bb096e94cda9db1a60e38534a2f1d26e06f6

SHA256
0f1c6d9a20498773615ff1d5d9a22474cdd993aa41061557995ba0c879517b6e

SHA512
4edc0a2b924fd057033f457773490c079551b2debfbeb54b4a11b93333ab3f5419a84b7bec731d9c34b1cb9f11cbe3869bdbb6682612a1e73ce1a6c801c67cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
edb17a4ecd08222178818f53a11e9667

SHA1
225ac9488baa49cc151b04b1f1984978ea125a0d

SHA256
b2f5b7391cf2c4b132cb551f5597721cb3b1d737fbf952e80bd7d7fa0f5ddd57

SHA512
37f19c8284a7e67276ed614a771d7180b24e4d1eb1299240665b4371e07435246df696e0fa0371a15ad79b9b19f586699f2412dd551d7dba5be1a3c151dac97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
efcaf5d1a216cead5dbff883cd2efd85

SHA1
6786767f2898c00e4fc05dcc3aec9f08a3318f10

SHA256
b566ef2954498ecbd562689c377962a4f1e717d573894ea4c78a8bc60e08e073

SHA512
e070b69b86e6cbb95c1ecacbacfca952bd9f76cf57f73fa2624ca94a4e4eaf7b05aee1f4656d541d565c82c356a186635e2454116d0ac8f16f55447da8da5db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3548e4f7f8501e68cd0c28bc7b09b69f

SHA1
f8dcd8c1179ddec290985b849b46e0a52fd975ef

SHA256
71ae2adfdd930c99bd586d833a051194c87646fb79abecc8885c0f1afb606ae7

SHA512
d1cfd64c1f2c370bb330257469a462934f35d0207e44396e95e98fb08bd1502075178dc8f48b58b9270ada7bd103cbd8b6cc64ca3d3fcfaad3e0d651bbbf3fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4e2431587938ca2ba4ba298bfc7cc9c3

SHA1
50c3ef0ebafc461e67439e294bfb74e8b05bd522

SHA256
5bca591e5bdc4a9f7b931564d46f051dc519ae1a849635114151c392c9f8bf0e

SHA512
739254b9568d232b059e223fe7bd611fe91b3065372f3704c5f1124b27b27c92b6f759acd547bbfd45e199d7df81557e2e907ab4aa47ca68cc3c52637b7d0578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f2459e08373f473eca0c720d0b70fef1

SHA1
ff5e8a07925820bacbda036afc78f644b684c986

SHA256
4e8f5805ceae8a60cf6761563a9ed41a35573605a1131d0012cabec0882edb40

SHA512
905b5712c8a999dd89011d6d1d6115de4c963932e31526a352c7f8db5841509f64b5a0830aa5277026cb1e3c03b78726a68a4a37f4cbfef6452a29059a2569af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5b7a3519d1dd9b9c7b77be4c40c7e11c

SHA1
a7ee63b54f7105fb75dca6aadb4efd2a5bb0a5e7

SHA256
6b4a0b7b9b056aea3fab01f795115ee37bd0df76b81fa1668f1df8b07aace3fc

SHA512
1250c9a1019151854f377e836ac9215fde2f78cb4b6981ab70eb66c11ada00f80f440d7efa7eb62582bc02863eb92748a64ca18ceaa3ae8484238ee0623f12ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
481b9158cd3dd3f506863b79425be5a7

SHA1
154e8b613b98c41d31bce707f03f6a27caf66fd9

SHA256
7079279fb24870f3d2c334adb0ab6a88ab860258614a9e35685963b727be0537

SHA512
02cb9ac68dc2713264c8befec83c3f520effe77eeaffe64eb645ef7345ad3430fc7e3308dae2c8d84555603212c13c517351f4159f64de86563607c4ec569019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb829b6de547b542b4167f766fb343a1

SHA1
c9271fcf0abaafa60c478606304be78869ea038f

SHA256
27dd1673a2f7aab6f27aae3cf263cc7a93053b21eee5fc41f1103851338d384f

SHA512
1db7939eb33da614783678e699f3c16001abb48c366d8f3f1ec66f8bd7051caf7bf2bcf0a2fbd7f2627aea06153b45e32329e30ece8a6e714823e7a788929682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e1e1778d501467b7cb544f3f4ed33f4

SHA1
65503dc150b6f073862de57fef24126dc9b247f6

SHA256
9622d83da2e235937a6355e0fdc3bc474f92852bbab31502dbccaa52ff8e8f39

SHA512
31023643882d5cca1cb3573a59e2d5daff88971faf2b46fbfae308aeac499a29f449ebb394e3d3eb2ec2c9f4b988b46673b833ed3a4bfca80e181e08b2ae774f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a1e1809d10e0ecebd3459c057412b5c4

SHA1
a71c5b8a045a5bade09133a641d433bf7894ab08

SHA256
647bd6ba494f0e4124b690576641335076a281fdeb300592d38832ab6e11829a

SHA512
55373b12c1b7bde0b5fb77aec5d56933e73f24dbf799e5a62b0ef7a592718db869a25e3312d4d4b11550bd2dd9bcec7b8c4fa4c2a200f6ef8d0f3fa08e0f49bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be0699b44b7e5076bdace40cdde9670d

SHA1
fb22fc6996ab0682f77423921916e582b1dd2fc6

SHA256
8652c4f7de339421518bc79a32b8fe973234c1ed1b095681673a8707bbf46b56

SHA512
e771c8304599d64c9a825fbf7507c29676bcb4b23020119105d9a43ef05b4bc7ddd3474ccd7d0cf7356a87bf02755a2efb0319329cab0fff8c481ce429cce69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfdbb5dffb4fdd85f6ebac8c2417ec62

SHA1
0ed8049392c3e5c39054dba2a84e553c1e7af950

SHA256
58b61865fc9316b99b4f4447f86a393d482b82fc44be6f1d73b7049cde0ee9d4

SHA512
34b1a0cad719802c7239b2d7f510812d1139c0d2335a60c1c9bfea68147b87c6e61711e1cf2e3351a06dc9c4af8c8f6444c8c7dd99238c05dd40d048709e2615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5cc1635d014b9c2f137f7589635ea8e2

SHA1
be6792123facbff420abed7697a388abc3870266

SHA256
724c9909626b548859727db9cfb10f2ad666a79db94daf8635b3dfba9ed765de

SHA512
618ee5f4c74aa2d6b9602ca4b94e17b9aefb7d844a5fb078d59e5aa1f680684bc4f7fcc368b8d337938abd9c703ef019e452f07def784c03c4d4692ccf5c1337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d5437f8791a8f081472c5c2ed801c39f

SHA1
5d3901dbb97084367b32b660e6a1e45879d57d5e

SHA256
ec40b1b88f6c959f4a693f596f5af90a3856f8b4a11a09ba5e413e4eeea43929

SHA512
877b8daaa26eb7f9cfea3643a82b8ad387d9526e05d7e9170c4c4776f08720d55f5d047b6df82da1d9e437faed9e4d1e86e1c45317f8272a41d15159b06d3018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9651d080f7860dd252629302057a4a03

SHA1
2f8864efa0f5a436137425f3790dc0af7046e924

SHA256
b13087ff0b3a76ef30dd649e8170b4795f89e4975fe6073abf51daabd01a057a

SHA512
422e5928c53ed7eb556e6dd7e406cc17a1798446d5221ab46e96f33d87fed325ba073591ed36b807211b1f5b7c38b6edc862b185eaa56e002579e44a43258cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
246ca1496043e2cac2cb66eebc595f19

SHA1
2251815b59917e2d9915452734976f5075f7c05f

SHA256
6868848e018ac440dcb89e91295fb23a39ec351a88e3099530575d193df3de8e

SHA512
bac107d9b766fef21596c0d078f688375fe33cd1fe31d5320abd311c31d217f1fcaacf5fc92e2d8efa9b294fab97423a60e471fe015b3dee0d7ddf02f78413fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ce6ec6863f1a8f3825ac884dfbc15d73

SHA1
210f71395d9f5c501b925a1290edf790f245d9c2

SHA256
5b707f0347e42d5c48c1fc66e15d66199ee5e1102619cb2bdf91d24be83b9822

SHA512
7160639df915e66189cc1b1d068353065e5537adf4e97a3b587d06480633e68e0a46c0e4425b40b663c6dea64bc622aa02b7136a8c87a6e19b893355bfb07444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\422551f8-61af-493b-bbac-9996b9b16d0a\index-dir\the-real-index

Filesize
3KB

MD5
00c386c51ccff3fe2229adea8d1e8cdc

SHA1
638126c293b740c46058fca8466f0fc6a3385134

SHA256
42f893a1707a5472494928a25b053826b61396f671eb59e024fbe2bc38e3dde0

SHA512
4de7d5666f42d8d445151dc9ce7f71857acef697e9a9d344e29a9e4a5c3899a760ca5245be976a520459027bc0e252b8263375894570dde351dc6b578816fcdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\422551f8-61af-493b-bbac-9996b9b16d0a\index-dir\the-real-index

Filesize
3KB

MD5
a87703b5f5d262a3da0f4bf3eee7dc4d

SHA1
19b9744239824abbea515d2e4bb914a010ba1538

SHA256
a6b3deb77abcaa61da883d0ad4bd0771ba923d9b0266aa05ffb504a28c5651a6

SHA512
84886aea82f8a47d4ca640295ffd1dd2a45dea75e9729394a4e2b87345e84eebbcf244ed7e4b35d28b3c9f6736c78559c4dff21a8a22868f8404ae093dc58ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\422551f8-61af-493b-bbac-9996b9b16d0a\index-dir\the-real-index

Filesize
2KB

MD5
5196a4cac1d992e2d89049202d2449a9

SHA1
b47d812855ca4f6b0534eaa8e3b29ad327944447

SHA256
07fa506f92d9501a0aa5fc28ba1ea01a00bb8d90f82efe4f55737ff8faf971f5

SHA512
2860ae621b56146123e715c7a1ac277515907d0b60bbd54e2ee178b86042154b6715bfd361f70f9af91a7c5c87cd4c2ef2c03eded1d861d8ce709dc1e825aaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\422551f8-61af-493b-bbac-9996b9b16d0a\index-dir\the-real-index

Filesize
2KB

MD5
01d482ef6b51735d413209d4a15d1196

SHA1
690528acd72925535d5d93813f429c99db4322b1

SHA256
57fcdd9751d8c9c3dd607469121a095cab3d07dbe7836dd9ebb3b9b667493df4

SHA512
8dd3509f6ffe814b92db863a6693a6c06da88fa654d16777e1f2bd96ea4921d761c7444c0e25cb190f7303dd1268a36c6eac0a0be7553f918d1dafa9c06ec34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\422551f8-61af-493b-bbac-9996b9b16d0a\index-dir\the-real-index~RFe57e520.TMP

Filesize
48B

MD5
d8e368bf75227d9a6ce390a437065080

SHA1
409ce72bd9ba13de92760e13134cc6fc6a4912b8

SHA256
b1f089f9d12f0f758608f1040a35381d8d3aaf2e1dbdcbd9248a3b2d3299f728

SHA512
e91b6a7f164736c9b71c3dcc73e41120732ef007b94a499eccffc583ac56846b2d84200c8f0cfe375ce5031d8ac1754e8ba140434c062620a9fed1b68f8023ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6701714f-9268-4771-8472-553ce11b8a5e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7fb6184-a57e-4b5c-bfdf-f3fb02f51ffc\655ef16afe9cd2cd_0

Filesize
2KB

MD5
2c3a6c8e0aab4d9667d9da8670c52d9b

SHA1
bfac233ef9825a833c135c3c7e719bd1c346a2fb

SHA256
99c55d6f6f9c1464ed86bc81832d85f7c8ba4cad74ef1030ea5d158ecb1ed1ba

SHA512
cd57e83887e4e00c3c21b5a5eed981e1ea8af10377321f69fc8b40a3a1c743c9fdfce5d142141279dd43db621f7fd33905885f1e6c71cbc887d17fecb460d441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7fb6184-a57e-4b5c-bfdf-f3fb02f51ffc\index-dir\the-real-index

Filesize
624B

MD5
6e8cd14b4dc5de28596943fb39d5efd3

SHA1
c8773c9640ba00bf445e52893c606137becfa226

SHA256
382a8114deed983e518d32bc25c36f8fbf5de62e9121e159cb66ea64747bcb41

SHA512
1eefa6e6964064662612b4a8202184b2d4935f80cc71f138da9b38013a790ee3ca12dbe37b24050b5d09d9ddccab6fb355d91aadd6d02d3f711eaabfb9739933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7fb6184-a57e-4b5c-bfdf-f3fb02f51ffc\index-dir\the-real-index~RFe583f85.TMP

Filesize
48B

MD5
c0987383e0ff55b0ba2c00309d9ebf07

SHA1
1112465ba1f8e89f2fd459fcb67c682d8ff2e442

SHA256
14d97d51b547f340c3af8d1ad0704b4b3c8ef43c8c3b52275a9c7d742db3b28b

SHA512
d3026b248f2e25bf92dcc1e03d8939e128b4d4c66cfbddd43e24d57d126e84057e75a91c1aa6abf1d84c0930fea997f23f54b98ebe1078b1a6be7d6c5c65877f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1bb25cdca52f2a63cc5a19f553da3ed6

SHA1
9247120ef2a36f2341cf09f155a8c1fc4d2e0aa7

SHA256
2f15221dece63ec32f8928ae3723aa55f0ce588b42344016bfd74aaabb9e15d2

SHA512
29917db727f9cf5fc8bc2d53d2eca24f55f5a9783c7a6a42a81c37408d3bb4c324f55875ca05f32bf63e6732bf55f858d6beec2ea6b1fe68c02a1a60a7db11b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2cffe8e7214a02afe55a951675ad5178

SHA1
b7bfe7f7da4097722aaa3c368e1fffa467784311

SHA256
7f03ace85ee9c114f813738f57994847c77be15a36f71f727a1746dac80ea422

SHA512
53f539d1b1ee251aded182c211b422db3217d5da69faef5f3e1cf8933c53862b319151f31ad7d87eafbe8c1b379a098c75ad7dabca2609be31f7409bcad0b5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
5f7d719330585cc155b4324d05b97ae0

SHA1
6aeba84c58268877dc76ebe98bb4b4b703da5333

SHA256
42c9ae349e39fad1aa01f706a202e9ba6527b32f0b98b4d36f41fdfa37404495

SHA512
969cbf43b0895a1c752ec45345c87af727c6b3f5a166b748a1cc6a9d51adfe2030777a8e092040ad7802116b01317f17a5a4ac38b5d3527f864328cf3385cad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
8ce0113f0475954ef2002c4c152b94eb

SHA1
ee20063360f25b466cc6996b6518d3f5baa96548

SHA256
1474f5a4c70471fd97784c595b304d197a938bd8dc571f1fdc9cb072caa7501a

SHA512
ace27d2e3f8639240e291c4194d1c160f2d1302d00ed9a1cf2653a7fa7f34739f44d2fdc6578bda6c38e2e5eb8e663a30d12148a9929c79eb1a20f977b45c59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
74d02a46907c9184a9d15aef8261f31a

SHA1
2548102d30c766a7de48d4ad645453123a8dc023

SHA256
c418a125bbe37b1360965c992e759b172f136e3bacf8a23064a4633cd5f77496

SHA512
463c7f7af41d1493776ee7a3e237aa4111a57587fa7e4b09ec510085c4f741aed56747062120c8888e9442416b09f03ddf7c0e662201e064be6aa7c3344fd415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
fc75e5b6c52b803560509b9dc450e644

SHA1
b4d5c766971736d51f180a1ff753371fb14acb7e

SHA256
59f3ea9f351a22d2e0e5dc5f9d5f46ae542993695f7d3001c6fdfab517fd6377

SHA512
081c08d2c191e147d5406a9711ebeeb5b89ceb72ab65abe7874ba576330200533e7d00716213a6c09b7fb8e3a9d155449fc5ab4b2633a34965c7152c34310d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
fbea1729f048225a891ecac531c19aa4

SHA1
1750ec3c9de8730a9085f1dd23edd3e49bd6c062

SHA256
c214f9688670fb88c869d752afd17fbdf1d45ced6fab89f01df436050ce5318a

SHA512
74159c2e14d41900a59ba8e13d4963ff6294639c2552c62d66c8717dae839055e99c56c75ec0f705fbed7a2c3f668bc1dbce8129f5acc833a6bdeabbc48770b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
29520f20600d331db7f50fc230a3376f

SHA1
153a23858898d3aa6698f8d1c144c5916c36d5f2

SHA256
04b471b9a5a43b64e0d37d3267cc7b5facfb4722e1c7db7b9411c1023caf75fc

SHA512
66bcf640365f47823aa7946c29b4c5c9f9595dff5a4b528d66c7b5ca85133ebda830318732091d8c91387996ed3121092e4bb02926b2ca23ddbbcd2d42097c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e618011f839e4337c174a20382f1b150

SHA1
fecc2319f41631f23d4050988f33017ca5297d61

SHA256
a6503c749ae377eea1954924158e7e4ca27c1982c27d59d45861fec14d0a5727

SHA512
a19891d35693bc43d52b16d4a37c4d11681b08c7df78a796dcbb2fdeefc67f9cec0baba39569d817c1a783aa8edc901dd6b466652736c0c0f438d06afac90e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
ec36c596da9e2eee767ba4a89e74af13

SHA1
91b7e17017ddd060327e51bebff90af3e68af514

SHA256
016a9344d7eb7914e231407a42ca7ba9c063c8c8d015df2abb0d5c5c0c577d14

SHA512
56f139ed7b59530d32f67ff68b877034f95ab9da4ae5d4937d31daf3facb237992d0af91a80c7cc25ae5a81443463822045111a9f8500347ebebdc2cd5d3853a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
163KB

MD5
a4979cd217c3c98037954cde1726561a

SHA1
8c7baf921459a0be1b91b3feca9557c91d60752e

SHA256
9b0212fed98c3566cf69a3f22fabc16e9cc25c1bda373f579c7db882f42d3a3b

SHA512
8b1b3937258ef9ff18c8b70d6097702a9f978e0bf2fbddb5ed1f6934381660d06bac13384432b9fec747f766042f40938fdeff9a1fd744c7143f8410f1fa1bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
39963485127343b090ab7c55c18cd800

SHA1
2fc74b2360ab843453be74ca59788d8b7e62560b

SHA256
30429fe6958784f4e76f852188716da3f052d07e09b393d6eb00843763216fff

SHA512
b94281f02965d38eec51a983c9f098eb256507da84ce4b286f386064778d38fac86ebb18e03039e83dfafaad32f402aceb3feacb0c37fa774125d54da7044b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58390c.TMP

Filesize
48B

MD5
c1ffc7ae8e1175e6578ea4f572e5c9fb

SHA1
e4959bb4209df4289f44e7ba21a13b4c4b3da966

SHA256
cfb8f2f41c33eaa6950258047be32bf42529704b86c27ea21f3b2450a7838b3a

SHA512
bf1522f74f06c7ea9cf222679ad31a7942114dec6c1563fc6aaf4bf81e2172cc7ad9f19719f79e919bf8fa18ce049d3e5388a88bca0f6249871d97313b237d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84e3027f03518141816a408325f31e30

SHA1
a44d228fca624a74f51248cf64931b56a44ec10d

SHA256
e2541c10b22c7727e0c7905f62ab4169f90e8cb94137d11c147d2f8c7143cf31

SHA512
a9515e58489a535003a583c5e53948334908fbdfe25f8e0b436cfd43628a92964150c07eb78ae8b8c2d9b658c57ab3afe8da5b4dfef12431f912c91866afe0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
f6dce5d25b5806b0abb6341576792162

SHA1
5b836eeff4b4bc81bd20ea8a82e857c133367f81

SHA256
ce1ac93c9aad852408bed62d807dda155fc2c1f3dc197f868ef9bf5453430bb6

SHA512
69abc8abf38b7c6ee9860d7c6f2b839936bbaf2c486ba0143b2ab77be79885e027a17ece478bdfe8531acbee87ca7b3c7109edac293b5162c8ccc7db29a86743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
20d79a3a734edb0a1fe6778e15694526

SHA1
ec3544d31adbd3052a2accc597ddf0a43a3cfad5

SHA256
6f923bad64fc17aeef794aa7805aa56ae24dd513952489927ea7d819eca35dc8

SHA512
5ab03300ce81e4131a99765e5286bd31f24f6b16af04c4bcc99ed43cf2eac7b5eae1811603655e6a66033d76bd3f8a00ce9411cb36c06d79d1357ef35501fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
caa4e251cc01456b1100a22cfdcf3839

SHA1
4692956789f468e902109373ef0ae4eb5f958725

SHA256
70026cef28d9bf2de90406edd2905ca60991307c59464e2fca54637c185adce6

SHA512
82471fbca033e51072d64c535fa12140b4fb336e1e634d6b1a94bd95a03fcf2b1f599a433dcd172cf78fe294247a4903acfa8df80d73284b92f39d56e210a91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1396ba1ea2e69041967e536c0e8961e

SHA1
a8e13787fad3ad56f81fca864e8912f58ab4aef1

SHA256
de650def482108ffb9e3ca74f246dc1161718bb9000a73b38f23d5ec68420eb4

SHA512
777e269ca5b99c024045fd57994e36b652a750165f71c37f3f0a4597f2d87948e072a852037256c0856f184f7aea18772ab5a692f20c83bb2ab2b0e77eae0ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d644071d69bc92074a931c5a932e6bb0

SHA1
be63ee0b03f041544530c32129977db8c306974a

SHA256
23f84156e6d29ca139bdc3470f12925e781b0f3621e75c3bd596b49ef98e9a56

SHA512
258f07991a51c43f59b5ce577d3edb88e58c9a5c4c57ed6d4022c61397b19a859ad9a29b34dbef1fa6850f24609637897deb7db02d54c91a8d965c2b049fa7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8a8.TMP

Filesize
371B

MD5
107e0c01ccf0f776547d7b386a6cd68e

SHA1
2c891ae3606043ff84ceedc569bd45a950dbdb49

SHA256
0c7b227cced4c08c468480fe80cf1d97cab621c6166a1d6d27a55fe42a02a053

SHA512
147ec85a643065c0ae85cbda2941f60e203838ad52be5d82f787a4993a6bd58f7d007b33bdd5fd7fd335998a5ab8745523882f7e25056ddec155a975e6a5d591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37a1d08ece4fc8a140f6cde40b39690e

SHA1
8a16731ed384eb072c042410dca327908bcfeb5c

SHA256
ce3340bd3d46513d3e94cf2871fb2a93380a87ee42371ab2972f59e32923700d

SHA512
02883d6add07f27b0ce8f6c0d4a056a3c7b1c91a4a9a5b6854f6d6c713c8a9b358658f757cce96860084a4f8a765a2ac47b1f9048b6b9c6bb6096b5e533f7ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdeeb996957a0a520e3f4ac3596dc4fa

SHA1
a779a3ca812d3fa938dbebeb1c8b9b74ca346c1a

SHA256
307f1d7fd4f4e52100119563a56fe65eb454bcccf6eb41023c0ab8042543f738

SHA512
792da38d9063855f66bc496b82ce8ad0e3fbbcdedefea8cfd7e01adc3636ab13b3f6a9793443b79b540cfb4c00ff29eeda7dae6de4a2901ed17dbbb975651c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea336aa17b3ad2b1ae6be815dc2910e7

SHA1
b767657580dc7d4ca3642b00638c6d0a810439b8

SHA256
b60302ce36bd03f4b263c9de1b4032aa8726b98867b16e1c0b255847dabf3d41

SHA512
5cd421fbadd93fbf38c4fee05330f68bf1b3152ccc912106b84e11b60d55f2fbec6ef282094fef4c4e0094171dc62993d5fd258e9d479476b6c9bd44ab6620e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ddbabb24c168e9dee06cacdb9fbe5d8

SHA1
111e8b289bdc3ef7bcfdd45ab0d722650103631b

SHA256
6ad48968ee5b791be389d60090dcbb48757aa3ab82d36db09e6060dd4cfac3d6

SHA512
7601dab8fc6ecf21ea5db07e39b5b3623d934a3e448831cda1c2ed6d929d62e82f132dd4dc43da21764a41733bff4c1cf2af955084c97b90a953e57daf22eb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e5762374b1ea2ae68cba986df5abd71

SHA1
a19d53a53cc9d6c1806189fec6408572398ae8b1

SHA256
946fc24b71d29986f0265aec1ef717f13c2adce41b13cf0247ad94feeb0c41d7

SHA512
63d161c50d70301ac40b615d9ad871edf8aa956145b57b5d62a6220a1194cad411a387853856af58f78f9112c3e8e0c8b6bc219260e1c49cc0299dab5c729be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d4b50d92d991e98a56d75a037213c56d

SHA1
6e57750f6e558c596565350200023032237203ca

SHA256
9e0b6963cdc3885109a6f52237a5ac2a6259014bcacdabfd167f3d0bf672756e

SHA512
fe25e02108257733f5fca703d5530b12777cee82e1ccf6425188cfaec16da396e88890002946b4ac18232963a461c0f55e36bd57718b2d6b58ae1e4418422164

Download Submit
C:\Users\Admin\AppData\Local\Temp\273724\i

Filesize
475KB

MD5
a22e4ab82fea2c0f3ef8473daab99a1e

SHA1
392703e2b5fca6516656f527c6375e46054f5830

SHA256
31781e1a178ac1eb4f571bd2efa012da630916d602078aff728b97aeae4ff38b

SHA512
e6b02148a54cb6f5955fd6f6d1f4992da2936ad5197c9ff60b65c158d5a1bcd3fdb2357907357a38e5e34fe053c7acdc6e8c5243720b6278e665792121ea18b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECC488C0A\nеwm\locales\resources\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECC488C0A\nеwm\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Addressed

Filesize
11KB

MD5
9c02f1ff108dae5740cef6771a745a0a

SHA1
9cdba03475cbb020f6a90755b380b185702dce41

SHA256
d0147e5a8e6d6001a31acba8e8301c5532d04c059d1ca44cc56a5a767e8822c8

SHA512
f9f6a787394b3f86c27c385a21a3699e07c7bd4decb8f31a213af3214481aa4e11840d58cc166ab0e71baf932296809a6a5d3050686479dfbd1b137616a93e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Agreements

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eclipse

Filesize
77KB

MD5
bc9967615c29846ceaca67faa3c02851

SHA1
e45aaa75e8046be4784a79933440b842cc4fdaba

SHA256
9f4bc012e3f017377cf6efe6f148a0633d80bad3b08d42f4d840ac1c7939535e

SHA512
94969f9cd238374558014fd4be5b83dca7330d916ddadb56940b297ebc8c5b37c9d0fe22e3d347af7e2b24d833329d2427c77d98b5e2572f21b6daa3bd9729a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Electronic

Filesize
61KB

MD5
59f06e1b37ee6d5a49b59369a29d306c

SHA1
16eb14cf32451e1c7d568d56c36941061ae5ddaa

SHA256
c3bc238e73764f04c2a8149db786c1d26fecd0e428752ad327c85ef09320d19c

SHA512
1fd0e8ac293f09db40b3f79384cac86f62cc92832ca58324871ff754d1960fe2b7645de6e5b802e4de04b84107eeecc307687042df4f1cf238b6223a7e2783d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Identify

Filesize
53KB

MD5
1839f6981fef1ceb0dc2ec3c0a29b4b2

SHA1
3db115faea6b715aeabb905d7fff10361e704c4b

SHA256
3e63a9917b60aa5c167c2bfaa9652412b834a7bb1022ca5760b1ac8115283634

SHA512
569b30cb8bf9740f47b9d95cb7694c5e3323e2d9a4e504b2fa8f185649e6e33bedd0678e3d5fc8dbe1665d4cfa1ecd4b31662e1c146f2a36294c2d61f88d1da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\James

Filesize
71KB

MD5
1ff467640d436e21af32f2b9fd38de15

SHA1
bf87b832917eab0a533a0009f89860e91447ad2b

SHA256
c07d19c7bf0a91cfceaa05d369ea0d40f44e0b45ddf339dd237246f06902c02a

SHA512
4444d8735e0b2a2535cdcc7b9587e9c11eee807318a7de3b875627daa76e38823fd07e54852198dfdbdc18916a560cbaca39c81a9f07d7d4d99577c6a4c46b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Official

Filesize
9KB

MD5
e6f40ef86a2a0722d9091d6a4f879d79

SHA1
0313f80f24f4bc32a41c672673db767c4a046936

SHA256
868fe4ec4ff3a7006b11886c2a9fe638f98515345a8334e187908b9ad57bc04d

SHA512
084790989c3c9f773f5c04166d88a9d21f16150ad279ed0daa90c4758665b1b8c84e063ca5a8962e2e3ec81077eac4d042e492e06835352060cad8d678319d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sprint

Filesize
65KB

MD5
8c2b17e20c19922025830a3b23f6752c

SHA1
f28bb030511147dd331a6ca0cfcc81c3ae9a8b3b

SHA256
0e9ecf2890930af743533af20780fc1915022b7c7e69162f8d30fefe43231558

SHA512
1e600ea1b8171e23e9a792f89b7cb25cebabf8f6a97a5693755cd3d95796fc6c66fe70e0bc067b67dc26910a2a803000760a5aeca1659d382ee7beb6f7f33016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Surveys

Filesize
61KB

MD5
4b8dbd77975a53c443c471b88afbdf24

SHA1
d46ca7316c08e3b18002f678881e5df25e90ef9b

SHA256
072c6d3c1147e3450db14df3020cb057932501e6b47cf606b4b968db2a6256b6

SHA512
e2d3768c601bc9ddccfe3181410a4aef982e5c00cdcc3ed35c0034bb9c806aaedc090e104b3650ed8b01c2299b41db908469d87123e2a4bea6eb07d7d344861e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tools

Filesize
78KB

MD5
0144c5649cea6854322c3410c802ba02

SHA1
0f73f38eb85579471b6c98f3447e161da17272b9

SHA256
00ccd8b201ed2147d619e1ddc233c695f7f3f7f23cdf6e961f779f0b0c3650da

SHA512
e4300568d2b9b85612174ac6ac3c03b1471097e5a5754544fa005884d521e00c0fa55c90c408603b66865680e569302e589a3d11785e24c63b8c92ccf47fd7cc

Download Submit
C:\Users\Admin\Desktop\nеwm\NewInst V1.0.91.exe

Filesize
1.0MB

MD5
a6e8412c490a1a27ad3484787a34458e

SHA1
be52d8fc6c546fc127c391771541ec62b9d9f08c

SHA256
ecff10d8f504954e380d2b0c107dd1f835602ac91e684f0d9376cf9bd6760685

SHA512
70c9424fda56e467c614f7ff76275fb70b0f547fcf5ec04910eff9ca232fe8d846df43d868652ca4c530b002022bc94559567a4374dcb1eb41f8a99afe1ecb47

Download Submit
C:\Users\Admin\Downloads\2ad57c59-f2c0-490a-863a-c22b54ca69a2.tmp

Filesize
516KB

MD5
54ae247d9cc47b659dadbe36b264a366

SHA1
7c4d54cb10a4ef238aec6838f0b689313456a619

SHA256
3e8f4c8e96cb40386ae1cc654d74986c59df33e7df0eecc58a01d20253a78c92

SHA512
6bcfc3e906597c0adb51b0beca5461379d7882b9459147f58c9244cc31ac30f6f9f9b9cd87c2b62e710b9397073f6d1a625b15a846d2f16b7f8a3d3e0203d486

Download Submit
C:\Users\Admin\Downloads\PlayBoost.rar

Filesize
11.4MB

MD5
c713928a51d1f92cca62e34274003b80

SHA1
5638d4b93521aba17db433f3a99f164ad1514dac

SHA256
da012b8e63db6a56830b79def1e8ade4ca125a9053a92eb7813e98c26c36c85c

SHA512
12990b95b5f5dee9c1b07b93f6ed2e0e9a39c2f46e41e3b8cb14342999134f7f15a7f768f6c640c16cecf28a42d1d0965e4137b72ee6cb0011c1fc10f965e48a

Download Submit
\??\pipe\LOCAL\crashpad_1280_ZTCYJANSRBTDBYBB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1756-2434-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1756-2437-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3984-1987-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/3984-1985-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/3984-1986-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/3984-1984-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/3984-1988-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/3984-1989-0x0000000000210000-0x0000000000267000-memory.dmp

Filesize
348KB

Download
memory/4552-2586-0x0000000005A40000-0x0000000005A52000-memory.dmp

Filesize
72KB

Download
memory/4552-2566-0x0000000002A30000-0x0000000002A3A000-memory.dmp

Filesize
40KB

Download
memory/4552-2565-0x0000000000630000-0x0000000000686000-memory.dmp

Filesize
344KB

Download
memory/4996-2683-0x0000000000A50000-0x0000000000B4A000-memory.dmp

Filesize
1000KB

Download
memory/4996-2684-0x0000000005940000-0x0000000005EE4000-memory.dmp

Filesize
5.6MB

Download
memory/4996-2685-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/4996-2686-0x00000000054D0000-0x000000000556E000-memory.dmp

Filesize
632KB

Download
memory/4996-2687-0x0000000006030000-0x000000000616E000-memory.dmp

Filesize
1.2MB

Download
memory/4996-2688-0x0000000005410000-0x0000000005418000-memory.dmp

Filesize
32KB

Download
memory/4996-2689-0x0000000005F00000-0x0000000005F0A000-memory.dmp

Filesize
40KB

Download
memory/4996-2690-0x0000000006330000-0x00000000063F8000-memory.dmp

Filesize
800KB

Download