hxxp://Google[.]com

Analysis

max time kernel
1050s
max time network
1046s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

7^/10

defense_evasion discovery execution motw persistence phishing spyware stealer

Malware Config

Signatures

Executes dropped EXE 32 IoCs

Processes:

Setup.exensf17BD.tmpPcAppStore.exeWatchdog.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeSetupEngine.exeNW_store.exeNW_store.exeSetupEngine.exediskspd.exeFastSRV.exefast!.exeFast!.exenw.exenw.exenw.exenw.exenw.exenw.exenw.exenw.exenw.exenw.exeNW_store.exenw.exe

pid	process
5780	Setup.exe
5436	nsf17BD.tmp
1856	PcAppStore.exe
4920	Watchdog.exe
4508	NW_store.exe
872	NW_store.exe
1708	NW_store.exe
1596	NW_store.exe
1240	NW_store.exe
2576	NW_store.exe
4936	NW_store.exe
6280	NW_store.exe
6644	SetupEngine.exe
2608	NW_store.exe
4860	NW_store.exe
6340	SetupEngine.exe
6208	diskspd.exe
2044	FastSRV.exe
1156	fast!.exe
4072	Fast!.exe
6500	nw.exe
6968	nw.exe
2832	nw.exe
6964	nw.exe
6808	nw.exe
7172	nw.exe
7760	nw.exe
7404	nw.exe
7508	nw.exe
7692	nw.exe
7728	NW_store.exe
6304	nw.exe

Loads dropped DLL 64 IoCs

Processes:

Setup.exensf17BD.tmpNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeSetupEngine.exeNW_store.exeNW_store.exe

pid	process
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
872	NW_store.exe
1708	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1596	NW_store.exe
1240	NW_store.exe
1240	NW_store.exe
1240	NW_store.exe
2576	NW_store.exe
2576	NW_store.exe
4936	NW_store.exe
2576	NW_store.exe
4936	NW_store.exe
4936	NW_store.exe
4936	NW_store.exe
6280	NW_store.exe
6280	NW_store.exe
6280	NW_store.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
6644	SetupEngine.exe
2608	NW_store.exe
4860	NW_store.exe
4860	NW_store.exe
2608	NW_store.exe
2608	NW_store.exe
4860	NW_store.exe
6644	SetupEngine.exe
6644	SetupEngine.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

nsf17BD.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX /rid=20241121173629.239240882484 /ver=fa.1092c"	nsf17BD.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsf17BD.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsf17BD.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

1208 powershell.exe

pid	process
1208	powershell.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

fast!.exePcAppStore.exe

description	ioc	process
File opened (read-only)	\??\Q:	fast!.exe
File opened (read-only)	\??\N:	fast!.exe
File opened (read-only)	\??\U:	fast!.exe
File opened (read-only)	\??\V:	fast!.exe
File opened (read-only)	\??\X:	fast!.exe
File opened (read-only)	\??\Z:	fast!.exe
File opened (read-only)	\??\I:	fast!.exe
File opened (read-only)	\??\K:	fast!.exe
File opened (read-only)	\??\M:	fast!.exe
File opened (read-only)	\??\H:	fast!.exe
File opened (read-only)	\??\J:	fast!.exe
File opened (read-only)	\??\L:	fast!.exe
File opened (read-only)	\??\S:	fast!.exe
File opened (read-only)	\??\T:	fast!.exe
File opened (read-only)	\??\F:	PcAppStore.exe
File opened (read-only)	\??\A:	fast!.exe
File opened (read-only)	\??\E:	fast!.exe
File opened (read-only)	\??\Y:	fast!.exe
File opened (read-only)	\??\P:	fast!.exe
File opened (read-only)	\??\R:	fast!.exe
File opened (read-only)	\??\W:	fast!.exe
File opened (read-only)	\??\B:	fast!.exe
File opened (read-only)	\??\G:	fast!.exe
File opened (read-only)	\??\O:	fast!.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

200 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

flow	ioc
200	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

nw.exeNW_store.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	nw.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	nw.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe

Drops file in Program Files directory 64 IoCs

Processes:

SetupEngine.exe

description	ioc	process
File created	C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\th.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\de.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\nw.dll	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\af.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\js\notify.js	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\app-background.png	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\icons\icon-close.svg	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\general-settings-bg.png	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\package.json	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\all-circles-bg-mask.png	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\contacts-bg.png	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\da.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\de.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\am.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\index.html	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\gauges-color-active.png	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\he.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\it.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak.info	SetupEngine.exe
File created	C:\Program Files (x86)\Fast!\ui\images\network-error-popup-bg.png	SetupEngine.exe

Drops file in Windows directory 6 IoCs

Processes:

chrome.exesetup.exesetup.exeNW_store.exenw.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	NW_store.exe
File opened for modification	C:\Windows\SystemTemp	nw.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	msedge.exe

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SetupEngine.exeDllHost.exeSetupEngine.exepowershell.execmd.exediskspd.exeSetup.exensf17BD.tmpFast!.exeDllHost.exeFastSRV.exefast!.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupEngine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupEngine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	diskspd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nsf17BD.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fast!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FastSRV.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fast!.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeNW_store.exemsedge.exemsedge.exenw.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	nw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	nw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	nw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exeNW_store.exenw.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766839546273809"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	nw.exe

Modifies registry class 6 IoCs

Processes:

msedge.exeBackgroundTransferHost.exefast!.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1537126222-899333903-2037027349-1000\{B8CD2E5D-9C1A-46C5-835D-A1A14AAC4853}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX}	fast!.exe

NTFS ADS 3 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 58177.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\com.noahcdesign.fnquiz.apk:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeSetup.exemsedge.exensf17BD.tmpWatchdog.exePcAppStore.exeNW_store.exeNW_store.exe

pid	process
688	msedge.exe
688	msedge.exe
3780	msedge.exe
3780	msedge.exe
4964	msedge.exe
4964	msedge.exe
1852	identity_helper.exe
1852	identity_helper.exe
848	chrome.exe
848	chrome.exe
992	msedge.exe
992	msedge.exe
4900	msedge.exe
4900	msedge.exe
4792	msedge.exe
4792	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
1252	msedge.exe
1252	msedge.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
1064	msedge.exe
1064	msedge.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5780	Setup.exe
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
5436	nsf17BD.tmp
4920	Watchdog.exe
4920	Watchdog.exe
4920	Watchdog.exe
1856	PcAppStore.exe
4920	Watchdog.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
872	NW_store.exe
872	NW_store.exe
872	NW_store.exe
872	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

PcAppStore.exefast!.exe

pid process

1856 PcAppStore.exe
1156 fast!.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeNW_store.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeSecurityPrivilege	6244	msiexec.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe
Token: SeCreatePagefilePrivilege	4508	NW_store.exe
Token: SeShutdownPrivilege	4508	NW_store.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exemsedge.exePcAppStore.exenw.exe

pid	process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
992	msedge.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
6500	nw.exe
6500	nw.exe
6500	nw.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

PcAppStore.exemsedge.exeNW_store.exe

pid	process
1856	PcAppStore.exe
992	msedge.exe
992	msedge.exe
1856	PcAppStore.exe
1856	PcAppStore.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
1856	PcAppStore.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
1856	PcAppStore.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
1856	PcAppStore.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
1856	PcAppStore.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
4508	NW_store.exe
1856	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3780 wrote to memory of 4696	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 4696	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 1352	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 688	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 688	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe
PID 3780 wrote to memory of 3920	3780	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a0c13cb8,0x7ff8a0c13cc8,0x7ff8a0c13cd8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2117855308022800361,15515429665238868480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a12acc40,0x7ff8a12acc4c,0x7ff8a12acc58
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1676,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2004,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1376
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6b7024698,0x7ff6b70246a4,0x7ff6b70246b0
    3⤵
    - Drops file in Windows directory
    PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,1976395497061845291,6441056130237428661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a0c13cb8,0x7ff8a0c13cc8,0x7ff8a0c13cd8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10192 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9892 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7236 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:6120
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX&winver=22000&version=fa.1092c&nocache=20241121173557.254&_fcid=1732210479406175
    3⤵
    PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8a0c13cb8,0x7ff8a0c13cc8,0x7ff8a0c13cd8
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\nsf17BD.tmp
    "C:\Users\Admin\AppData\Local\Temp\nsf17BD.tmp" /internal 1732210479406175 /force
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5436
  - - C:\Users\Admin\PCAppStore\PcAppStore.exe
      "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4508
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ff8a0d3a960,0x7ff8a0d3a970,0x7ff8a0d3a980
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:872
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ff6d4158a60,0x7ff6d4158a70,0x7ff6d4158a80
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1708
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2044 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1596
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2364 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:3
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1240
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2400 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2576
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4936
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6280
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4844 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2608
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4860 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4860
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4832 --field-trial-handle=2052,i,11504353025156158217,4816456460405175198,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:7728
    - - C:\Users\Admin\PCAppStore\download\SetupEngine.exe
        
        "C:\Users\Admin\PCAppStore\download\SetupEngine.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6644
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX&_fcid=
        6⤵
        
        PID:7160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ff8a0c13cb8,0x7ff8a0c13cc8,0x7ff8a0c13cd8
        7⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe
        
        "C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:6340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Register-ScheduledTask fast_task -InputObject (New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files (x86)\Fast!\fast!.exe') -Principal (New-ScheduledTaskPrincipal -UserId ($Env:UserDomain + '\' + $Env:UserName) -RunLevel Highest) -Trigger (New-ScheduledTaskTrigger -AtLogon) -Settings (New-ScheduledTaskSettingsSet -MultipleInstances Queue -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)) -Force"
        7⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe
        
        C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX&_fcid=
        7⤵
        
        PID:2220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8a0c13cb8,0x7ff8a0c13cc8,0x7ff8a0c13cd8
        8⤵
        
        PID:1136
        
        C:\Program Files (x86)\Fast!\Fast!.exe
        
        "C:\Program Files (x86)\Fast!\Fast!.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4072
  - - C:\Users\Admin\PCAppStore\Watchdog.exe
      "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=FF8B2A23-C0AF-4E68-88D4-3A41EE2FD6FBX /rid=20241121173629.239240882484 /ver=fa.1092c
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,985615873323293096,15587219049926384340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:6716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6656

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
PID:6964

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:6548

C:\Program Files (x86)\Fast!\FastSRV.exe
"C:\Program Files (x86)\Fast!\FastSRV.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2044
- C:\Program Files (x86)\Fast!\fast!.exe
  "C:\Program Files (x86)\Fast!\fast!.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1156
- - C:\Program Files (x86)\Fast!\nwjs\nw.exe
    "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
    3⤵
    - Executes dropped EXE
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious use of SendNotifyMessage
    PID:6500
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x260,0x264,0x268,0x25c,0x26c,0x7ff88a63a970,0x7ff88a63a980,0x7ff88a63a990
      4⤵
      Executes dropped EXE
      PID:6968
    - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x158,0x15c,0x160,0x134,0x164,0x7ff73a67ca30,0x7ff73a67ca40,0x7ff73a67ca50
        5⤵
        Executes dropped EXE
        
        PID:2832
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2168 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:2
      4⤵
      Executes dropped EXE
      PID:6964
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2308 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6808
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2396 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7172
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7760
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7404
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3960 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7508
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=4168 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7692
  - - C:\Program Files (x86)\Fast!\nwjs\nw.exe
      "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=624 --field-trial-handle=2172,i,2206546728311432172,9946679057864177552,262144 /prefetch:2
      4⤵
      Executes dropped EXE
      PID:6304

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Fast!\BigTestFile

Filesize
985KB

MD5
3727a3631674658f9cb9fa1b872d3c4e

SHA1
d6efbcb40ebd3a223a40004e5a78168a87783f6b

SHA256
1b9251c7bf9e2e779df6c2b383c388e3471b2855e83714e11f11edd56d2f33b7

SHA512
57fdaeb8bcf45dcdb06157f6d1169fc7ac27610170758eedbecdb7f6b624a9fd39347ba36b2d42b81e88f3141cec40c38025b3cb4618f2873c3b36fc6644def6

Download Submit
C:\Program Files (x86)\Fast!\BigTestFile

Filesize
985KB

MD5
869245b1d22b1a80de306a5dc45dfecc

SHA1
9181c458ee638acf98d91233c7436aaf912b2944

SHA256
b817c3d6224f001b42ae36cf7d0686fc991029e254e7404a81e696ac0aa3cfda

SHA512
cb2cbd32f3a6fc0947324cf464905bfb9cafebc2e48e545f475faf014b5e1e8244d7d981b6256aa9e1da62d2587305304a4f361dff0e63fe31dad2e061547d63

Download Submit
C:\Program Files (x86)\Fast!\BigTestFile

Filesize
1.5MB

MD5
cc841b6b13536e1aba25025636a23eab

SHA1
4381d8665ab8b4414eb78781d8d4eac8600d1cf9

SHA256
3d222d91309419ff244f79c3e843991a355c8633a6a925427f934e0cd46f474c

SHA512
71a18b04036e57663daa5f9c680a54be1eecfbe3dd8f5b28eb65f560a3bf1051692621d6798a4010f73e39c4068f21584d52d57cd928bb3d5e266b9fdcb14806

Download Submit
C:\Program Files (x86)\Fast!\BigTestFile

Filesize
1.5MB

MD5
f3fffa1dabd969c0bc47dfd7043a0881

SHA1
1ce0dd6b29e33de71a9bd1bf8746714f667b740f

SHA256
a5997290255a3a65f8edf1728c3165680cd940ca27d202f65967276d1268cfc0

SHA512
6f6278d69f7f2dd3cae066fee5283ff486887cfb2ad6155aeedf60d8a7c780050c91b470aaac57b33fba831f8ff4489bf03fa765ab253ce33d795b302732504d

Download Submit
C:\Program Files (x86)\Fast!\BigTestFile

Filesize
985KB

MD5
e87411588436fbb31d1d86212c67b786

SHA1
f16b9d23595a7329a36aa002e90a0ae847b3e4de

SHA256
6e0d18c182fdbb8ec350aef133fd337396cfd7ce825eed6556a501f98d2926f9

SHA512
67b2b5feda95518776486d6744af472ff6077060187882303cf71f9e9b2ad0233f4719ca9c1475cb95ff06f5bb2d9bcb9589d2131705a407a69eae90bca9a2c5

Download Submit
C:\Program Files (x86)\Fast!\uninstaller.exe

Filesize
467KB

MD5
7b84320c38dec82dd5dd432f2bd40b93

SHA1
9d0050434cf6f3b71bd404eafc77fa9a3e3e1924

SHA256
301d71a9350673254bb2c7e0f2954217b46b876d9af393029bbbfe5f852a41e7

SHA512
8569263ea8e405f11bd0d2d99949ec5f84f593d8a2210c2a82aabad5b98969dd79414f0072cf3b79d6ffd0703dcb73fbf72a2c56a75315fa4d89b50c024fdc28

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\79488f6db1539bc7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
22bb0cda265bbf84589eb98d5e4c4823

SHA1
578c5b9b858da4b947e621f7ac1f2590e8dfcc6e

SHA256
c226cb68eb7d68baafce089f44ffa8e42437423dfe4a08f7f62245b79d7ce8a8

SHA512
1adae921ab13846d202fe79dd4b7b08c643aeeec7bf18b96d5bd54ad3b9282a6a2c7bbe613eb1e18485f50b72e6156ea57009bbaaf6d4d3b1c3e983a33b4c42a

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\79488f6db1539bc7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
976B

MD5
f9bf36470582452b98c31dc407614b50

SHA1
6a037bdf0d0b2855f800623a51218e9273693c0c

SHA256
f804f7d750b142454c88bf0c041ddc7f676d2fd9a871dad40884022a86ac2a18

SHA512
d74d281c537efba9a53cbdc472b2a4ae45632d576db52aea62424ea12bfc1abf71746b90c104a01b72524471c07ad7118eaf818dd4daa2253cd45c6649c9398c

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
7119cee8c52ce1ca22890ca45bebba27

SHA1
a8292fd51a05a8d6697db3dbb5a15a743019a019

SHA256
53178bac0a9f65e4f9a5c5a29dec03d0d34a048aaed4fa8625b68004725bcdeb

SHA512
197fd9a7cff0127cdbf3769bd1ec3c0f97f28782e6569f71484d0d459d313c057472b38a94f79b96ca6e5a4ca698c59ad25a929912a641e758f3561480600fcf

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
976B

MD5
5da7aad8df6342db4528ce16b4f4e467

SHA1
08917ed58cc5bfdfdf2a34de4275356affdf2d2c

SHA256
690c594920f91b28ca311b79af9888c924db3b4fd31f3eb7e480045749b65307

SHA512
043c94c4695499e7a2047a9ae670942edf21822ff1a0a4c087fa008c64aa983eb2b34ddf27add6cdef091dac2bd7e5e282cb517128f983d51bf47e3391130880

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad\metadata

Filesize
114B

MD5
0075a2657be7fa7e6526c3d6b242cd20

SHA1
afd7090e0a27cc78e30b58aacde530a0312450a5

SHA256
be7925bf5bb0ec31fa442abe8fdc4fca3e1d27981090a089e52ecbec291d81dc

SHA512
73ecd70c18199891ec140e01d030cf36584c08cf4776efa888a68427c128e59fc20a0c88c11e52359bb73a254c0450228828234ac0d0806a5f683491a11c74b0

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad\reports\a9716a3f-df0c-418a-b216-9e16cc3b6c18.dmp

Filesize
1.8MB

MD5
8cee37f3ac84c99e49f5ea4230437fb2

SHA1
a359c8ad4e5403d43baa432bcf07e9683c39b338

SHA256
4555f61707eb216a8d67b2cbbe81bd18dae3bbb9fe1b7ada41420b05299c1584

SHA512
428bc61ce8840cff13e37a3a3bb983e7337427b72362b997b4a4a7c06291329e8011298af8d5fc8f9abd3b1679220628b912bd6ac02ebc1e0f33a400cbef45d5

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5843b21c9b3ff2ad0b73938b88220342

SHA1
b12c84a202e2ddb8d269729682fe3d64313f3499

SHA256
9361dc386bc5380bc27fa90dbf647be406d98946e7811330cc86e3cfc0d4ceec

SHA512
78c1129266d750a6e3ff3f739947973e249bc21595000e9fc788770177dc6dba27122c58b1888f617a629fb84ff4202a2f71cd7288250d639081b24a298a6ce7

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e8f76f23faef7c80194f0d99c13db9c3

SHA1
d13cc830dcd744fb996a3d1a86d7565c7fcc7468

SHA256
2857c1e0138eff336db877296700bb312d412d2e94731976b4036a3b1e4fad8e

SHA512
20b7b14e71ab38e49d6cb9a72a15184d57fa31566e0045f6978b707c74c58a459a8da36320777980401afdbc81c52e37c5e9c7c5ff87c6c99c22dc44112cd70b

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d55f1c96f7746998a5910abdd0362c81

SHA1
5d8c567c658478403248809a76db260228a4f478

SHA256
6eb16c85100b5137eea780414a8f8b82c27553f43bf3086c1f61f3d5ba25021a

SHA512
4ab5d6feab09493c139c729d4df3747ed33d7c71676ae60811fccba7af0545d5ab48fc5cf56f8dec016aa3a50b7975c1f99c1082193ed4241ab1d7bedcc1b0ec

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e76dcd50e609ee2789172e59df8b3d5d

SHA1
4437e7f7ff32df04ee9858aed6b7d1f0f40585bf

SHA256
35326d09079af9ca4682e36dcea3c56ca33d252dcf5ce51cff6c07a467d4fc49

SHA512
d8942aa0054b04a334393c928c9922b9503b9f12e698193b38e745bebfe9fde774c567f5c0f46f97a506f141a0c37dd198ab8566a888b007226c0e201400a264

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3973fad0700870c76182af477f0fc9b

SHA1
6cb8ae0bb8b9741093f7099bea6605f31d63b41b

SHA256
98442e845c836d8cd913cc225a107e7ef314bc7e58cfb0242e1d59df45dd4ea9

SHA512
f22eab5eece7c395f355be508f666195e036cb7f0984abe1eb37608044d4788932630f594f6f3348a02df1dd6a36d131e66f5012dd38953a1bf059e316a1df4b

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2b7093ffe1c221dc07dfdcf4d358ad3f

SHA1
414fcad3a551a9d3713af6bfb477bdcb22a4f931

SHA256
d539c05288b234eb3e00b732396a8489e695273a468f434bfa9f3111e34535df

SHA512
945ec9bf9fbb7624691d0cf43bf3820cde9e34083fe13e4f064d294f593e7f97e96b58c44b72f6a63404e3e1f6b8986e47e83ccc85684e4040a7d828c1e420ef

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0188be91e7aa25cf4dbdd1fcbc24e1b6

SHA1
4720efebf3513ec406a918c71a0f1cfcbe6a7bc5

SHA256
ef965b6d9354a67bc814d3540ba0c6d10022bf72b30b65cdd1971926e4822857

SHA512
df9bb99ce7799de2d84a95511c9840f1e0b5f843170abd9fcd3d3ef58c2c37a6f84b324630dae7dd9f957f1dac2ee3fc3f30f29a8c116083cb21ff576ae572b7

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
3949ff248dffea0f3bce48fbefc2017a

SHA1
119f4a469e74a9d3ea1210c308082044ab14d9d9

SHA256
954298f7dd402dfdd571ab90c37d2581bb9ba8dcac8a2e18f2f4dac765494e31

SHA512
36746fa5c4ee3be8d33e3304505baaf1ce14d601d576ec74d690d816bf49f913fa21448196cccda298b7601541e14bc6c2b3dd7688d3c82d0ff0cb825c5f2aa9

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
13ad64df75c5e08658529630c80027e2

SHA1
b9c2b42b3b8673543d2ad6b78e2cf16750c36e59

SHA256
7d3060e2c798671acff921b67a9a6244e85c5bfee6091399f858253733726fa5

SHA512
c3941f8dacf3449a0877fe4e3cb2c377b51dfd14ac2980a4187c6d368e02c99ffb94b2df263233e1a72f3e30c6df71bf78fd13d1ab8a91e7f135f31a9dbd2459

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b1ad07167495d0eb620018db410644ec

SHA1
c1376cb7bc32f248ac80de5c4e68a0cd6010d895

SHA256
3eb5358ff60f0b9e4d93416c3ed3917f532058cfbb9195f0012346428bce5328

SHA512
2db92ea2f3b3406ba696af6c110c4de5e73272fdef31789885f4cac07551c80710696678f8a9f7309f53e6b2670b24adfaf57c7bc0d4f9f567045bfec1441970

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
46201dd40f5bd270a24c2ba0e1470051

SHA1
4b8d038d00348476affc0a727d79e2ab92aa4f82

SHA256
fad9df94a6a6a3bb77e8e633e30617bea9dca14035e215392ed5dd719f87c167

SHA512
649d7998be4d03f2d268704344a25e9cb584074051a66501ed0b3d376a3c53056d9306dab3a8bf5277c3d469111011edacafdfce7c7d72f2d78aa0770dd47169

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
65146cdceab899e397a9a915c632eaf4

SHA1
54f66ced49eb81179fa9c2519d65d9d7415ba287

SHA256
164c3311c9d11954de672f0fbd5570c4f3d1c792caad4a604f0fc4c9a448cbf8

SHA512
7e9966d883bb56591f443b63f90916454ce4b286f51c5d2a6d17f6d6437d7a4b2505cb10742de2bef0d372efb185bd967bb84c6995b179cd415354f7e23b9bed

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2e7d9ae380a9d094bad57dd76e5ad239

SHA1
0ac589d790ed34525d0be9a87c47dcf92085b4f2

SHA256
1612f066251ae9fec33e500d605a810b90b51f0c2e9c0aa3fd3b1c80577e937e

SHA512
2a3bf47677f3676b9810828f409d7514125a9024db19100d263b79ce73ae6bbe38dd993b3b3d384722d859b53f71628a3d697c5440d8ba32a01bd0d18843c1ca

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity~RFe5d57b8.TMP

Filesize
523B

MD5
e42d54ad8183b2c0d2c6faa88d4371f4

SHA1
7a4efd4f3350adcba1561a78d87d297a7607155c

SHA256
956078323ad9bc61e4dd1e23aafd6567428c3958b417a5458bad3ba3857bcb34

SHA512
3a267ef8938cf61214e3bc4a548a30a5af3b6d65692310f489e30a306a91847ba92e26207b4d3cffd7a68779c5c12588cc3945bc3528b3546a22e7795bd50c57

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

Filesize
4KB

MD5
9d6ea149c88a43b14a596f1d61cefc46

SHA1
2bda4e0630318bcc7d63a72040ddba8ba85de139

SHA256
0e7b833ff2be2254d22f9aee0aff96444694bf22bc44ea0077dcec7461d74b53

SHA512
901973e3de91e790b9a7d6a4508ea9bc19677004ed9a6eabf15d5428a71bad46f09cf3ef66b8054fbe4c4ff67bcf74d67bc5baa0ac8a796bbc7e579b7339ddb0

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

Filesize
5KB

MD5
4cd54b5f7f97db81b8c85c9c88dda99b

SHA1
f5cdc3c886308dce06eed50511098e341fde3370

SHA256
afb1e1297e17c28fc9d267312ddb659fd25c96d3c0cd94f544b5afc922bb4622

SHA512
2a5cc50d0e300995542b6a93a46622b20dc467acfe80546c6f48f8965c63c828f3f462ac91f6ddb5e2cdd2dea106f399db3720737bdb687ee65bae6c59b67556

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences~RFe5d9194.TMP

Filesize
4KB

MD5
b728eff35dfd964428f2f7e676dd52cf

SHA1
f4868e8bd480286e03b34d9be786ebcbfea8560d

SHA256
d338e746a21d1cb0a1dc13c824fc7ef0d3514e5a00f552dab640939561ca525d

SHA512
e85e9c79323f4099ca2c616b18f716ced6d3e5645789e0cbb9807bfd1bbcb20dcd17149bd6f31cf7f94e909537cab35782100adac4c47912dea572e97ee26f66

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

Filesize
2KB

MD5
aecd14ef999549c88123d51a9ac766f1

SHA1
0e70b01edd9a5aa5867c6b1f0f53554c89aa3bf7

SHA256
d63e2d0edc75d1058d8a32b6577bdfabe3fff2bc91d99949f8301553070b5cb8

SHA512
697ef7ecb68ce7c0bf7cb94a33d8838e3a613f2b43c756a3ec5d5154835c836a6ac787b85abd8271ba5ada34c87a9ecbe2ea86bcea7a61eb70e98e8c5a5bb218

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

Filesize
2KB

MD5
13c6cff68fff2b1ceb7fc7ab859e062e

SHA1
686711691db0954e598a7e4f435a07061240d9ad

SHA256
d25a712ee8f8a683f7e44a093952ccf9d94669ea5f24819b4c996da19bee951f

SHA512
4902541e24d516302da8381569cc0d72be8bb7ce805615c8837df62bc913aa6c709a370b7fab823d188ba36dbb6ac80ecf3fc18bc02ddef86e44d13aa66fd3ca

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Local State~RFe5d1c45.TMP

Filesize
868B

MD5
53a5f0d856231daac11e836bbe88b463

SHA1
ba72b77d4304bdcd4904adbc1000fd810f33331a

SHA256
ddea45f5ac8a13eceab1cbbdf95a63f6ec9f40ea38610685138266328c17ff15

SHA512
0cf946a6f84178d045f1a3b59a49df8d24fb076506ede7df090fce9619c53b7055c17e53420a57e5497be12bb7b96521930a5b01a31116ca520afbe5d19b4b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
de5dadd93eded7193e71d417b2b2978f

SHA1
73d55d1cb375eb3325b19df8edf06c9594fdcce3

SHA256
e82d98fc3aaf2ceb2332a754e8b3e8f96afe221b264e22d83f722180e3f0e0ee

SHA512
5893dc1be2d2ba6cd150caf800f8bf071c0d4619d2ce06c41e7a8ddcf8fc3459d87184084bce26347924f16ca72509180537f0c5116712694565d103a68b2eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e82d484c2ab3c5ef60eb3fe7a081fed1

SHA1
fe43df88c5420c9eedd50d3325764bdcbbdadf17

SHA256
7d6d1b3e92f815e0ae4094980d0d8381d106bb05361fddc6073ef30c6f6e0f32

SHA512
78044498a91b186ce89ddd8c90205b88b388f7577e93c868aa55fc70dc817bdcd7639a02c429de34432be61f8f8fc19808f030b5ca0b16161bb7995d26d9f924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
769abb2b2bfc432ea5766057caadddd1

SHA1
b5ad87beddc65d37a02ba7b8c50b66e60d4a5f05

SHA256
c16cfb3bfea02849885cb2a5b49f7635917b60deac5b55fae5dcb95181b974af

SHA512
cdb0ac90a9e03aa129247c0e505b7c5737a185d5119a76b4325b695a7688d379842e391b05b962a7278c173565e4dafdad07d8d669e67f927edb7f7720df2898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b7693e80-1a6e-48f2-8912-142aa63b0478.tmp

Filesize
2KB

MD5
768a777722645b2d25bf31177a8b0fc0

SHA1
92c1f4700c83c55a78be63de53fd5945961eb321

SHA256
9e65de14a0ef26842eac13ced2a16d9fc8d0c5685ba4cb3ba9ec4e9057e7869f

SHA512
fd37b19e451a561e1cc7fce9c1bad1e7a40b32f1132ce05157a5d1c7f0f2300b69e8633135d418c2114dc61c0d031081ab204af95f08ac0297f9b890ee0a5c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6497351bcb38ae15d05caffb80171af2

SHA1
338d0680d3b9273dfe287e758630aaec3395c418

SHA256
7d7b1fa0eefda2efe66b665d1f49f3259e71e56cc8cfa88b46b4b0b65712cf38

SHA512
1e279b74a06926f984d792e50eb6f2e19d27dd4bbf87cce65499b766c0675436a48f01a8477a8c5c70386a7608c1cfcdef464c785f0d23b80b722c36d70e7a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89ac5b9190d405badc0aca98d4dcbb06

SHA1
f5c2699b7cfa037e0f05ca93ce9b7bb6d4955279

SHA256
6f6bb9e5d4d96cb0c3022b93b650d31d0ad06248384e5dcdd715d0fa4baa5d1a

SHA512
f26747f459d7ba4f40857b9460e261231decd6ca2478da9e978e1adb8546bd15214b3b6b4b933f2f8de2b0156128f99796a5242f572666330586118ad043ac92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
68c2d91005edaf252a516bb50b05a95a

SHA1
678e2c5cf1d868995f5b3a7bf94d440114693613

SHA256
5916feae0a1eb0012fc3bf91e876e032c416faa641500c454583da4e70cb569a

SHA512
71036b011df40d6e7835b953aeaf81c0dad0a069669a8e714164efd234daa7e49e452c00105556e92ae9b1c97214919b37f59a51cb9a75f2fea6550a85fbdd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f13b7d84a6a11e9526cd44e1b52199c2

SHA1
990aecb40e165b81d1eb689b2080ceb11ec51508

SHA256
5bb44b8913bf81912b137903628a49d05a6be063c29bbac0442af3b64deb6813

SHA512
82b212a371da4dd5c3af56161392ac22508fa98be139cece3d4a3f8bed7da972b83f848f21dcd0d4370d8fb7048525d067a7d0776573fb1bc920f2d591bda956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
6732a6d06e44009c235b283686da88b2

SHA1
7a684143fb359f5bec4f91fa2a790548003af74d

SHA256
4e4e008db600ba04f5197fe83b41e1a697c7c0c0f92201b436a99e29bb9deb91

SHA512
6767a71a07db1babce7996af6d684539fb155e23c72579774d95153869993e44e40467e33a185621524181f39e8088088568b275b2a645686d3cda7c9b6a5370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
384fd5eea7b0eb3892e6649d6d16446f

SHA1
c5d1dc7f15a18784d0d671906f9745b18911e852

SHA256
30610f2785eeff0aaa4eb3daf173324ae18e75da3d7fa18a4b9c706df0b48049

SHA512
ec6f330ab43b8fe2d3820c3370b4c9cd6799fa9e04a7e254d4bb4c490c539525a3fe59975175e6ff9aed81f0f7f6b65120aca630ba8ac0fa6ac5f76e8249511b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6136c8743c26c0539e20768df4ba4753

SHA1
7d887143c1f1790da7e07ec5abbcf357697bda1f

SHA256
a0ee2a65bf7a72918af2954cd72f034d2933403337d460646967f648fcb0b026

SHA512
fdfcf7fca06541c2d26e438321aba800c5afd4897dcafa4bb6d83cb52fa3b000969db547580492f4bb89d1f848ae8c5b32cd9b88de32e408c4001255f9454137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2445018a-14e8-4923-bb52-c7b47eb3ea36.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
16c59ee661d6e2382abb88cd01c660bf

SHA1
565d864dc210d66ed7c2f28cbfc0863de72f2ee3

SHA256
4d1011f158dc73c09e90fa056d7d4075cfedbb67eee5fa0c6391410cbdb7fa7e

SHA512
8b2eda66a2f25db0051050af9a36f2ac9b7ebde70d9cd4521f86e8d89301260b39305a2c5058c883e32c633ab760490b34af92dc2856075d26b854837d99ec66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f01589b47a326da188d5df5e323f645a

SHA1
5433f74aa00b7ff83cef283745de3c9fcdb0b9ba

SHA256
a2f32f56cd43868ab4d20091cf5faf5d512d9f6cef56bb1634e6ab832c15cf6e

SHA512
e59d437a442e789c40c5a1f32b4ae36813e513446fdfb017039677883917b1bbfffb9321d8a9dfb93c2b7cc2fdbf735277d1ab0e104ed0ae0e342d425549a188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a1ea5d64e8c39d5be5192f551e8a19f3

SHA1
7caf0de598c3a43f16cf3942dba0a418f25bd1ee

SHA256
a92f6644883c9997e30accaf137e05e6436279675046291e7b13a1f322bb49cd

SHA512
08d1dfecc88531e7343897882f586f312508e9c12b2d2d45465449382e46f0a6cdbf9c8b59ecb84ad7e3b7b1f4d0c69919b092940c9b33b9ef29d59d52ab0620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
43e938feba1c5d3f13b480e5939831aa

SHA1
41300f992edc0cbcb20669b33253290f9e969aec

SHA256
998e2a9c21058b6d6bf46bc02e77d9261d8c57de10a039d38ea58c9fa00494f3

SHA512
c2760b3b53e783e038749523fe8c2454a50016a74d46856bd2f0fda03051d7668c7b03b58d5d566591eb0433fb5efd1486a32e3b6c19749c84443d80edec5f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
17KB

MD5
9f2385157e4637a0426a9bf25312627a

SHA1
395b7c1428ee59ebd152d6917494ae39edc460ad

SHA256
6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b

SHA512
e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
32KB

MD5
04227119a51b14bd788b77b87806db38

SHA1
528188ee746767f8e70ff6e8b05c30a6bcde1c1d

SHA256
dbb331b370e08c1ae365508753ec4de3ccfdeb182b89b4dc8fc11a00f01aacfd

SHA512
f324c7c3c7dba720928fdd23241092b817cc85cb29262f1243c93fccc485cb7320fae09c316735aac21871957ff26fc3fc8e30112c8aeecad3bb187b28a8c623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
141KB

MD5
0effc7cd2b0b33141b60aebebb9682b0

SHA1
c0380d4142d0247d8676c710378a5f5a9e29dbb1

SHA256
4646fcfdf7f69b21ea091aec2879c6e4955b0715e484fed4d5c3e5472df7ebe1

SHA512
1d7ceaa720c996ee0e1cf3c1f9f580bd7d672bc74292f8937969ad3c79693e07840e05b0d9ca23b8f069426aa82e9b8b013d45651e631adb46b3cdf2180808e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
fa2641c90742f02e5d1950d8e663fd3a

SHA1
80f1ae038a5d070eaf2c14259dda220d140e6e4b

SHA256
5e5d272fae9826a114c09c43c912b28dcd088a453ff568b627630d0cc76f2a12

SHA512
5c82f847f81835c4759be6f53351445a065c6b88c62490902ff4b7c1dc83051142ac283632ba867846ef7c1ebf4cbcdd0248a5389e2d313ea70dd6d3237c9e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
25KB

MD5
b754c94e937c9aa68236dcd9cdeea427

SHA1
a46eab1f201c73b7b190f0b21dda1217cc0f480f

SHA256
bfd14fbc381547ead6449311de10469f964f52f6fbc4bfd4eafba3b891764572

SHA512
5b0f7d4b2ff663039cf569ee1d6632beac04f0ff748f102efae54c286c07b19c2e7d12d18b1072b36ffb61ff8b6b0a1ed6a1cab6c6ecd2395262400056f18aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
47KB

MD5
bf7b0e4b4f1fd69783e29873eb9d79fc

SHA1
ea110168460d1ab7bc2f4f0d52776764ae32e1ca

SHA256
a16ef833fe57360c12bbe7e2763b106f235871e5cecb68faa57a8a5a0163d76e

SHA512
ce48c9a7a9e852bdc10d78a49ea3b542bfb60ea62a1e0b7da7920e0fd7f0fe0d39f66977d8efe8d1d4f53945617f1d80a757a142cef6863815c768a95cf73801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
53KB

MD5
2db7c830b0f72bc98987eea305008a87

SHA1
56845898bdcd579850bd70ed7a6fad1460ed9a28

SHA256
e9172f5d1667828537504a5b900ba81f304215b41c2073a6e68841cf47877547

SHA512
0df7e336c0b210ba0c878820f1b8a2b1944c829bd6b7d71b957d73ba6af86011707f0ac9c5e0788dc7e6c8a5b058376ee3634bab1908ac05f9f797cab4216840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
32KB

MD5
b5e993513f524d984e3238a7cd96924c

SHA1
c04754ebecd9e30efe7877793ee0491697264197

SHA256
1ec50a643b98d86d2e04f1b352cb8151147f0657bfd3579911bf1635e84a374b

SHA512
2796f06db381394299f463e608a9b9f4590715d92b958e9f7dc73e2f36c97a0606a5b2cd7797f0f0adce446c758732ada05b0560918328cf44ef1212cb6f90a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
105KB

MD5
f4fbf99e88c039eb1b8afade4d262569

SHA1
e3de43f0a40af53f86ddd11badebed340cb97981

SHA256
4c9772de2100ec6f55f18e8303b1d222730d508ef20feb8656275b39fcd3c066

SHA512
c464f9f6d5d6171270a8956ad30899249ec1099f31685d23ba3372aeb6ff9f47f6eb818ec62026464dea1aa626e326a3dd937b6bd365ba4f1e7c594a08423930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
133KB

MD5
cde701d0f38552b374c3b44e9532f813

SHA1
93b1cb18845b6a85fa6c59804c1ed9be3887b43a

SHA256
21bb79d59d6e867322ca6ce2c1b07d50fc36879ce5b7267b01172d3d73796a9c

SHA512
6ff9b8143948630c61e204717652073df10be9e0835389befd5516a9a14ffa88721fb39d9c7580d3ecbedafb6c25f0c270849ff6a726737241b2ad9799267b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
27KB

MD5
1f5fac7a31896bd03f4ad53634d55b59

SHA1
51f4a59eb14fdf6836b80d45450637f97d1a2af7

SHA256
df1b7c43757eaaf97acabed419e725cc0d7e4b13bdfddfc2e4cffbf8412100b4

SHA512
94e7c4bc32ab6de0779ef03a619aa1b1d3bd742885475260429087f2312a14bad383fe08c46e554b66b15424ea4afef97e80bed96d76fb06cf63a1d79ce5bd49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
23KB

MD5
d6deeef4a74d2fda85ac25f0f5f86885

SHA1
8ed9b9c7e1da06973b91310486fc1ae8cfac7896

SHA256
48a3003485c3182330675ecadc2d7f06b279a3e418c3966546a3043015c97204

SHA512
550e9da357c54cdc5623081963dffd57b320e98fb8463e41adeb37d523111359a18c442867aac75f14403e87ae61c0b4d215a3b92095de72e1ef4a95c2ee4204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
84KB

MD5
50ffffa3bfbfaef316c1ae417ae20620

SHA1
57cf30a60197c8742c46474ea89148d3e8f46c79

SHA256
459d5c2d4795830f4b7e2b0455b78bbbb388647d91580edf777bd4e3de43ae2d

SHA512
f1b193e4b9527dc9d0c8cfc6daaa74659003ae7013bd8bae34df176483ae2f9d2d5d19fefce6756b3f7fbece854200d199d44f472659f67da0c7a1a076fef58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
33KB

MD5
caf26081684c714ce7d8363a8cca1b01

SHA1
78e6c34fa152f38cb6572b1bb451cb1d450ea984

SHA256
34cf63d13b70bd46dc537855493497fc26c119cbbea6c8a7cf1c7383e2135dd7

SHA512
8a763cc7e33376bc34d02f8c8ea903db031ab7f1a5f2466e5f57d14801e2bf3795491bde6ef6c3f056128100b58d61f5a72bcb06b9b9627770d4a9775b6fc1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
95KB

MD5
3e273b03e58cfad63c946d1c96b061a4

SHA1
4a409b47a3cc39fb89a6fc8e6e123f35d20136ca

SHA256
604fb6a536c940ba90d078922a7561fde7fc664e235d211c30a61b812d9e4dc8

SHA512
335ddcf196d38ebbcedd7fab8dafd8c4efc05e59f84d7dbf1a735f98a1436384c25426fda2b594e9f89d9810b0de7ed70b8f0b1a5b0de9290523e94262f16c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
38KB

MD5
89376e7623d3ead21804c0411519c730

SHA1
34368ff69e27cc347db4a49a4152c3dbb5caa780

SHA256
5c8f25c7334b6890235829f2aac447e72122d4461e4a6a2cb4bb9303030cc329

SHA512
ac44905e29c4f419127a067a3ff7dd8bd829cf10a975b9e42afae2fecc27d45656e33dddfe0e581f3d6b588fd950092a996c4f1f8ba32fce2e9ebeb0e2f6a73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
62KB

MD5
fdd3922edde39c73dc37b568650e47d2

SHA1
1566ef03ec365d9d7e4ac9fc9cbb4e5609b9b976

SHA256
d464beb2c15b29d24af42a7cf74db9539652dba74de861feb169145b5589a3ad

SHA512
b3c7e48d1bdf62d8436ff428af14155a5c2e834ffec8003e9457fc1458cd77b7474210edbb5f57eb838723844f6139b3c523d3a9d1d4f525aa067bbccb9e146a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
31KB

MD5
a4da976dde535a4f11ff4c9d57a8a56c

SHA1
fc4c29049db6d81135507dc3736cb638340f55aa

SHA256
6b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9

SHA512
e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
20KB

MD5
e92faff58b6be9dba9bc283c4f4c8513

SHA1
49588273a413dffd248cd35dd191189ed2c2343c

SHA256
8c6c6736f4650f9bf7af6fe14128a3d173816f3dee2e02c5552240c04852b691

SHA512
52ddb77b600f519eed2343d528b9c9bc03585c82edaa91c63e8850d19be23c2f645bc8faea19c3d75ccffb30e4e69a3605883106fb1783346a8883465051643e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
133KB

MD5
c4a482d52d22479847e180c23fe421ee

SHA1
42737389e56d4d533bb7b26425bfcd73f4ba9679

SHA256
d0a505fa832f8b841e9e6c46023ae3878b580a400843dae807e9089f360416ae

SHA512
dbad5fcf3d295a69641870dabce05cff29cc321dd0ae2ff5c9b10ae9f4a5259bb2465c01dc50d9f9800a4de5a01fd3b7694873ca9118104b7e1cfeb32353329e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
908be69d9eb08d39c48a451af5a52ffe

SHA1
3266842eb9cc66423e86db0fd0ebc7cd6df37796

SHA256
fbee7711794ab71e22ab69fdc7e9c1364df50a506e02f1ef31048b9e21a04b48

SHA512
593eecf0f8fa458f96c39eba7a77a004a9c8308ba2e61a84b6802cb31d8f7c4caeb4eea25d98fb7510576dc83959ddbb03ea4f492ba9bc390401d80b5bec1be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ff09aa3b15a3a95f3e8a690785890d8b

SHA1
137c740435defcf3373445ccc70c9720ddebc904

SHA256
878a8610c6d44cc07b7e825942fab588f74660556462150e26be00d929a42d4c

SHA512
d1ca2034b0055efac0cf70e7f500392c3c796a6e27c72b75975227cf4191ae1caa469eb7dbf566d5aafee80947ddb0867ab7e32aa305194391f59a27aa9fadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6f5dfea0d09331b1365b55b2b3047781

SHA1
1a18b6d43aea33af8970cbe81e27b0d814af59ad

SHA256
47ad5450ba3e30c4900d7189d95191000c370ac40226672399a1b449886023ba

SHA512
77a68a709cee17761246bddeec651d06f5530a4be6cb346e1d24ef6e6dbc3922c2c475eb9b21ccfc9ea49cfabfffbf748fd545f4decfc2f7af621c6d9782fbcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d464b1a7a79692365f9ea350c6c1c934

SHA1
c42127669851ffebcc51c474230164a7365d30ca

SHA256
4dae775fe81b94e9a43679994a818f5345dd84f07407c3a9bcf613ca033a4a60

SHA512
e24f614713db94624d7b3987875409c8465ca78a1465d4b18aeb4116d43aac22d6d843095c42245227155686e41d2b9932795985c86f452e8dad0f088a345975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cbee07fb36ace95424227a0c11043901

SHA1
f275db2efdcc6f2e287232fb4c9ec03e4371f9e1

SHA256
b69f6f2872928e3406269ec7d0239adbdd7355132493c8433c13d7ed0aacdbab

SHA512
79827fc786e55183e28e27aaf2d262f3d6fb7bec9911d1ea051757284b51a34dd248da860e0ff837b05b3103ff6ec8f86c4383436ae419459a02832b8090cf99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2953c1f97d0b92fa4c35ff71f8834ab8

SHA1
734463be6413c641cd4cd79e0429b90f46719d7c

SHA256
4dcbd041602d1cbb4f68151db643d212ef0f52afdb6e949e33126e965c026f96

SHA512
1b30c3db0f56976697d644ae17e69297b4fd23173d4d483426a29b0d7fce620b30fa56204e904e93fda58140551db6dd16479b9edf151adb64600520f670f013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
77a8b3af6107dbab0143b6146ba0d333

SHA1
821406a89dcdaa84424069e28dc6f890f33eb6a9

SHA256
ec1c0e0cdff6b8d55a78bbcac1ec59989469dac9f79dc885c7fa82e50d6cff61

SHA512
8c12eec27a3d516884129fb9ae53cea28cd2ddf62e8c77eb5d44c6cb55beda18bc23cdf2668af58b58fb1649a85a3b615f1d9c3e2af98fe6a3d8878051bfc77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
49a43ec7bf1c715253251f9182c745de

SHA1
45d1e43839b3995b3efff579a88d1f86a75bfdab

SHA256
12ef17bce91621900bc7c719d83c33bdda504151723d522118bb3de06eebbc4b

SHA512
1ede21aeac9c4e2961d25c00c706b34ae832d6dc8aac1598131fd90ae50e0ab3b169ebda6996b69d83fce5df2c980888faa277dff32e0741318cff8a04e94faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7bb03cd8cf1506c335cde5d9661f3a82

SHA1
64b1cf1e67c30c97dd52233927e36aac46e4a16b

SHA256
17b4880f320edb85f27a5fded3de7a60d653c4687522668fc0a3f9d1ca449ee5

SHA512
621eb8554e12d7edb0d0778549c896cf0c8509c21ecedc73fca7aa4206ad1fcf4d968b633c9de1181699bd3f650075ee0a39d0a523effa485e42bdbabf6dfc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
d873a3d55956ef41d6848d0927217e57

SHA1
3605ddb22ae0b5fc1ad183ac8b1453c998cf477c

SHA256
3d11967d6ae8070e76489058dcc51c8e76fd4b9ef78ceb107bd716991874d10f

SHA512
5271066cf0dbcccb68e3e0c5772bd8befd2584004280b94e2c67f0eae76a213fb6445b724d6e768f2ce1335707fad02f69564c8c79cef879f120387f24978cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
eb435cdfa8fa25bf35de3c770a2a5749

SHA1
b767c355ab21fb05645b0dc0819820d63678b351

SHA256
4233772e3880e322f32377ba62ba6af7c5ec88fc3ffd49fb2315ab9e3f468b5f

SHA512
e4f6cac2b4dff57c0b4ad4cfd92ef0ef3a46fcc6a0e34b27cc92cd9d03cb151823c83e14fe2e422f44b2245d3f2e914330ecb60372d4ea243cba7d7e8c9f3e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
37cd3cfd9524f02fdc36f9d8716db895

SHA1
140caced91b89b35f3dcde47ca3b3dfd74e4ec31

SHA256
3a126699cb14e074a0fbb848e6504401350d073421d7d57f1489dff994d776ff

SHA512
7cc78d3ee632a8a08b4f59d7cd2be35997153075d51bd92256961736dda4a1b2d66d714ca107bde4f6e5afa26c903ff68127951f58312ba0379fc34e055f7944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7d9196c3580f774270313cace64d787d

SHA1
9d20c276fa74af2bfb0069fff261febbf9405b38

SHA256
cce5ac94f9d45d1aaf680dd4fddaa9c11fa8fd9fde877443158be9a5d39bfc9b

SHA512
b35924cd402d246b8430691ff381ca1da7241cf2ee0e30e4ba0ebd924ad021fafe252245f35dfa28dc8ce76e25bb955a3c8959857a9fd635e65841726704159d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
8a41bd0a64437ab8687c6bac24645c66

SHA1
22c63c14743e84908afdfb9b28914bcdf397adeb

SHA256
8e1b595f0ac14312cc83903786b79c5800915b756f00d7e2d54811546540f0ab

SHA512
fe43add549948731786db814d6ba30331537f9879ccdbea62c85484941f6c6641879057a884d049ceca16d621e4f2f8dabfdc5f8b830699538a3119756508fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
988c626aa48fca5a02db49d3fe430452

SHA1
414088d3f7a60ce472ab6b91e4d8fb1624d3d18b

SHA256
f13a12aee65795e4e4044dff9343dea43421a3553aad0f1c463dba716102f575

SHA512
e37fbe9127d8aecab6c1ae0f3df386859c92fb8c2e78a0c676ba13fd8dc2699ec6c3b96ec082cc19b10bcd8f7e6e5c23378474fe0afa498df3c94cb5ec4d3884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
eb7a389fd5d3cf2cf75f7a1c6ad9e2be

SHA1
da9ba1fb41385661291f50afae74f66696014b78

SHA256
5d6d7f9c3d24d8bb9aead180a435f85e25de72553f2a51decb8a7a9e49d38135

SHA512
6911bfe27843ad4879ab281356065346024972880f0b17b9fe1006e0d9bc4b8d5249b11e0e94677dd89053ab58fb083ff4bf64e07913f96e8fae0aced8f03e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
d88912e60f83218777ac2acdba4fba70

SHA1
ea68e58da0b2871ca61352bfb1689ea85c27e620

SHA256
934ed493694e2a3fdc612a1758b66592389cd37e3d35e58d181292b85fc0922f

SHA512
6caed86e291c5bdb6a08955f3ad9610ac3c8bc69ca20955bd38d1b4b4adfff02ee10d563cb898af3e026d8b7d8ddffeb72b4b00cb1e7962ea9a0c58e2768a3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0669b4e5d66cf29d56145175c4c8aa9e

SHA1
ff018b67a58fdd3b56ef273b35d0b1a8739eb9af

SHA256
9a8e0bfd625dbe74b12c08d8d36c32640bce7e84978e85acfcad41aa25af648e

SHA512
c5a9a721778081703753abb0035b3e965cb7912c114e963f522690b5649ca4b07a96afb18ff847b10a736509466df51651c13a11219eb51db741904aa5ba233a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e1d28f33aebbaf74180612f03cc7c00b

SHA1
4725903f28ce78694bff54120dc57e77ef97f5df

SHA256
c646329d2a78084fdd4007793f69e28977146bbb1a9b1f953464fa917a153c68

SHA512
4206e967f20a09e914c0938f13906f14298f699c2fefeee13fdaf2a17175e6654ab9e7cfe12464f18070456d7e9673d2bda8d78c94c43df8098f7639315532e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe6e12d0621a9ba4b092a0602e09936

SHA1
a092ca86c893fa7e5d02fd758366208efcbe76b4

SHA256
e8f593d31029211d70181a111848b8199ff6b111541c9a332b54dac7ceb92fe9

SHA512
145ef669e1b3bc769db4302d9ace2413ca6a7dd3d2307d1563b8445228b3418b7ec0d32140490b136d072b6eb6487faa7ab98f88f125b580a671551047d5da11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34e2be223753967fcb47f70f671f62e6

SHA1
8935c63135ae4e03f1c4c65dbe932361458b6b66

SHA256
4882c15f4a30d873d88cdf220abf1c39bd74150fb6f2663e5d891e344dbe1388

SHA512
0a8fbd815887fdde158049027f10551218ffec92321c2cecfa6c49db71e703ea38421412e09ac7c8f321c2849d5b2b221b4319b70f0f611897856e72122310e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f069911694f2df1df35c01477ff4b5a4

SHA1
7817633f4292fc78d92ef6e5a3faf046df805a53

SHA256
bd7d0087c9c91c82c518fcf1cf9dbf715f2dee10fb0912f0d38cfbafb5492871

SHA512
196801efb18f6a825e3b9f938fa0a383481fbbe2716f176b3150c319d8797f51a6bf1449d3ba12d3f3f9a7a4beafa02fb20bad4afcc86c46f3e3e03a3e2bb1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c12441816e6bf82075bcbdb3b1dbedad

SHA1
6ca37981b92ed867c737d7baf45ee22b256bdb3f

SHA256
0da5179bc7de989962540d95a76e7fb4e558ab188f8da2615da48f62f953ba51

SHA512
c3bf9e7935107c9ce0bd3128ff8e0c769b13367a05d8b5d79c1fe720f317ea147f4ad8c68d42b0d9a7c1d9294bd8e462679b251d3cb00cde1e71ff92631ee751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4cd4b66cf13d402ad234acc2aa165f1d

SHA1
b03686a4669c29d5b17d55c45f0ff39b2800bd15

SHA256
d660336b4edc0cd31216751958a02d47b49b0ba7e823c9dd7f9c41b695690fec

SHA512
8c9ebd841c962ffb00c84e8ab359102bb968d634b7c71a91663308ec34af5fff7e2275abdecf7b9265f38df8fcd099feaee9c1bf45ba230222a9958a2789898c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
845348f636af43ae763b9dc8030d7cd9

SHA1
44ca6928657a6574d5d297c64a64e7af852f4bb6

SHA256
e9425d37cf96d71477dfb655cfed98dbbde0bfd67c4a0308964da34bdccdbe91

SHA512
577288eafd9d159af7f458a7754faa6416bcb2ef4264af6418b3d5348f442bec6fb874ec06eb77049ebb85dca7a2ea6478541c1b87032a74948b1d116881a355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7e2758c087535fe5e3c045f937995b21

SHA1
e735446582dabed1193b28e28629ee69fd298381

SHA256
1b3d9f30199d124e7523cff40a82205ea6801ee59a284540137287644d750737

SHA512
7266eea26046984948ec52bda0be930edfb53839726b1d2f4fe7c2c4faada3473b57520bbbdad29dedfd46988b882ba9d9b74349f574e21d33eb8e7caa777c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
967fe2655b85cac8026cbb63f595734c

SHA1
0bc427f62b2150b679709e8fba9153a53be3df8e

SHA256
c141a1c5ba81673709ef299787a1d8f580cbdf1f1bb05a9c81d6432f46d8631d

SHA512
b27718fa219497a98ee93fb8f87f1533c9eccbd1d250e2c491755eea1ccc3d022f2830722af85a3dda588399943cbadb75f0ab487fe6b6a142fbb5c1ee6d1a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
317378618f7b0a3a2f9e4e22fa9aeb5c

SHA1
261e518a38cf4bb3d16440b8c454b9b327e93b5c

SHA256
cde72f8068229d6910aba6033d5c4bc60bc9ab418674e59eb856804920004e5b

SHA512
4e4346b80f72ea71c09ad2478669ce4d216e3171448a35caa619a075957ee50393fda90396c384003870dd8d831bd15b29ae594193b6fef416313e377a7a48d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
788404dc02a92bf12ed1bef22c8110cd

SHA1
c3da03a50af6c35f55f9af429d1d58355cc26ea8

SHA256
d888401d9017d72b987686d8413b02336f6ae9f231b9055d80b999a67f7c2cd4

SHA512
c28a199b80dbffc0e2e8f542e48c4f3f73dff705100d1da4a35095388b4b852c9419d812cb9530d628e8fc2e652ffd3ecbd4e55266d74f9ad6fe1cb758dae873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e3669c44295d66bf39c2d0a0a6043a1

SHA1
3f5689282332f50122cb4a4f3af609dbadb24765

SHA256
70ef2cd8feec9a1dc6cff672dbc57104e9ea6ad13438754662f9501764cf9b8d

SHA512
b8cd4165a798e7d83d9574d24a2a14dfd9190fe4295ef12e7cfe817f917d0d1c375fd791a6ec1318e0a8f2505b41bde4e711b8e68252d2dcf84ff1fefe60fd03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
d700f1fb6ad03452e4b9013e37d6fd1d

SHA1
103100a9e0f2b52966d13d514807ae8d63cf5943

SHA256
328d9101df045bfd68fb7ec7c7581e884eb582d36a150125d4b4873b685d174e

SHA512
c3297d248c335eb282a09bd0ed67308f6301a36b203a90a7d93fa99edf8a8dc65b50e27fce19726ef3071ce43e17ffcde8f1ab8cc3949a3689f6fb96fcb61e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
25KB

MD5
dd06eef4deb1c79d39818970f2373cc3

SHA1
3e274116f86f01c4096d91a40fc159f36bef230b

SHA256
4129f2c0125e48c5c298f9fd16c11d7a8751a3bdc25e272d82ad320ec6801c6b

SHA512
9aa4355f997f83f96d377ebb886404239c44242659689271b3d4b83b08328fb19f02aab3859d8a13b6c6a204ea0c4f08e8983873f8ac930d683424ba2e5be682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
6ea066924e146823c3992d54dfcd0473

SHA1
35e6042b2f6cb694bce6c40e7eb1f1c27214edea

SHA256
dd507e320d6fe93b6db69e6ebc9d2787ed923b26f9a616fa28f62705d9394083

SHA512
d694ef06cd4c1bd50c33cd5d735e724264216b5463af16d8957d9441c2517d9b9e6e3b39dd4826cd5c8f36d1d5505ff28f71a1e78f80b2999ce02cdaf7adb073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
ed084c7ae8fd5fe9bfcd59cff9e11460

SHA1
5fdc1d282a5fa65dc0d5b1a7836a2d5ceece0928

SHA256
f592501f24d983afc0e85040b073c3ff2076473ec5c77f51ddb4ab1803f8b1df

SHA512
46ad55258273017b7bf89808d4e464b3c8542bbe510269790093e42f2c4a6ba576aac19ab387ba1399a9f5caea00a8719d5cefa651cbd9230ca53ead22298911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597778.TMP

Filesize
48B

MD5
986a77eba23c4d19bf06bf55d821ea2c

SHA1
42f2f3ad484d10aed309086eab0e7f1541aa5d3e

SHA256
651d5f78687147dd5fea5833669f70fd78d803b0263e24d76fc52677d4c72d3c

SHA512
76cc8abdffd380080a38c3d1ec37cbce4ba83bf81ac8e52ebfe63896e0ed36ce33e17d7c356b7e27049b976a229a567212dc14bcf456f592f10d140f59a43c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
728B

MD5
7114de96519adfa7ee2a3550fc296fcd

SHA1
737d29fca76efb46440698f34ea10232e83ff8ce

SHA256
6f7a2e623e70df6824544858323f62dccfdbc1950822f4522353715006d6228d

SHA512
04ac27a68094ea1f1e51abb9aead97985cb249c3db936aabe5ff4a8a151c43fb3e8942bf42184ceb5346b147c8466d93bab37661f6639e02b94c1b4d6cf4c5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
62b4085af235b86799e3d7aedae213ab

SHA1
6ebc856a8d12b3822daa645fda3d17a22d649a04

SHA256
047b6ffb7f9005679ad9c7979dec22285def0d4a07acb5adeb960c6687500137

SHA512
82ad581a6c8e3f5015e3a471af239b9a58db96387b8d82343cc7c3912d1de8f63eb8ae314060ebf90627753ab6ac7657198376a8b2463793e44d03d34ba9be51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376683938049482

Filesize
7KB

MD5
e2f2bac13aea07f76e16a520a2e40960

SHA1
01106efeef3f31ca414989a954c03ddb345d1942

SHA256
be91c3fa9cb226329e8738ec63d0453522195ba2667146839f60308b404fc6de

SHA512
6f59dd86718ac05942b118fb975c247ad043da156dc9b31dcbbb92bd1d58747237fc3e9d50f15500acf41cb9cfbaac9482f9d77c499fe20618fef96ac3b49b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376683938288482

Filesize
1KB

MD5
31885583edc289a00ab6b8a3e774e977

SHA1
36a3db80c19cbe4db74f64c37f39a3cd52b52bd4

SHA256
d6e4d3575292099709aeb02f0bf2f109412f270ea0fd42f89b5f8356a08d04e1

SHA512
ba8c48a885b12b9d42ad5ab37360b03e843e951a4db7d7d0e528ddb128fad22e1f73a391bfcd4117bcfecf3e47d466c0b0858697ea58edd0cc0d9d4281a6926c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0c6a42d84e2dc952db867cccbb3f8805

SHA1
c2456e3ce7f75828d9fefbfc48d49357d9dabda3

SHA256
371f7d58be0bd8e8913012b9af6786bffa156a3dd0e77f9c152430d3a7a9f580

SHA512
47b6dd4a1719bb599c022c7bb5f65e56abbd83575b5aef11c9700b1cbcdac515b2a45b5dd8fed1cd1d37a29c891469e20093e187979a4e4b2ebd1868eb5501d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d31e9d4a3b8a1c26933961e6fcf6467b

SHA1
fef25a8b1c4c4d65be76d4e423f91d278eb07083

SHA256
03d3f7b38a1a202d2f1e4b6d26d3d436565cc82265a0a35b344c5fe9fdf5c7ac

SHA512
92945b993204b22237acd800f6e01821aad65c9ca351ac78d97e6d801ebe20077e7c40ed0eb321638ce4255e6b55382dfea0553571e88b22f82276da4ada60ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
249015205913f9263e8c3ff87518eb09

SHA1
746d4adc15b20dd0030d4bee3b23d00457cb5a59

SHA256
b6213d48112dba81cbe8a4fcc7b5de56d5a61bbca5f29fb2b7cf514867e0102c

SHA512
aa9212251bd8bf7ca1a7639e0b78dfcf804aba6f4b7af6b41c288608c70253a0972f5db3a4439d7ffc04eda321444318c49707067d4cf3f917a3aad5f8402ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ee806fc81ac6e24f925f5e3c433401fa

SHA1
359680790148ecaf5442e6dcefe0cff7934f4c71

SHA256
a36da5415156e0db87fd2288dd0702544a1baeafb8e67d67dc8ac70e14c69d71

SHA512
41082177a9ac5cbefa3876a52ce8022953221b35c327d324516aa4c6c9121cf6c42ade3e926c07da38c1cdf16049c69eec9b0414feb63cae6cfbd15cd97468f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0c07fabd3d20f7dca6f8635557cbd853

SHA1
c65c7fb413da64858d1f01c67db10ac26edce4de

SHA256
cdf0fc0adb3bc28f4d3efd420f04c578f2d65a54d9e10937d2d980c7d2496a75

SHA512
2aac0d0288ffddbb826d21fb0006d6c2498b5a79d42064ed67db352bc1aa52c39307a7c302a514a97e37cbe257b489cc6224f23e4c7d5fefc77a921b70aad178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5b400127b9f21303c459454b21617539

SHA1
0965ed4b1da539bb7a32eb970d3d034bd77b3603

SHA256
e3c884037d497438115f99995f579096172e15426712f3c2aeec464b195d466d

SHA512
b2d76679dc4b4fc03874308e75ffed88bea744511619803d2fd37c9611ab0c15c140193baf54592043cc3a855835d222216fe8b6ea50a36fd4caaca1d02e21b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
69ebe462dac3ef2733f6958d851d624b

SHA1
40c58ade3ede2daa4ae7776b95c0634ae184f2cb

SHA256
1f193d5e66106fc66c13b395d76a87b41c7867bb3682c92f2d999ba80a647655

SHA512
1c968514c54f5395e9c417f68e2d9057646d39c159c425ca74b19279579c1e50e8a88f65c5fc458b055679db724ea097b52d90aa2b68a30a1eeccd7c40d4ef9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
791658b1029bf71f432d86d74fb516df

SHA1
4c7ee23bd4a5dbc448c8303695e7be628760ff8f

SHA256
09554804d4b0d1322e17e528b3451201856be57fe48d799b000bdc922e9a1b6c

SHA512
1dff4479ccace4ec7bdb559e6a53f9023b3464d8127a2af0dc5ccd9971bee38d0c37380834f8aff4f0f2024b7022c8494737b62b9b5083e99f8d65f84a59e9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e345eddf48434517e26c129449f0dbac

SHA1
0c7608d489bff8eeae1cc9c4d04f9328fcb86348

SHA256
753b279c4e305530ee01a30b19a2cb61784f731db9b0d76b4d5b1448d897641c

SHA512
c261609a612e6aec87f2d8709e9682122f4fc5b2baf56f44f198c49601e609dbedcf212822fc85389ff525196dc83c39ed18693aab5cff5038c4155024e8d6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9e47765a4f59698cc6e799b53990d2ad

SHA1
72b6f19bc47f4fd2bc8378e63ba5089c1e2f855b

SHA256
d6587d9eb230dafaa41a5dbb74ce1383b6046d0940788c7fbe51ec7238af7374

SHA512
c0c098206689e0f5e4e9bc45bc67e43d84016dca255378658a59f57c84eff113af4598660ffc4f7610e69d4d80a2a09cd411981bfde4c1784e5f222a96f48692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
70018f8a98f70b765cfbef8477eb9cf1

SHA1
9c691118438849583df2c1068050a0a5f277be4a

SHA256
941cd7977cde9a4736256107c33cf774157c6f1f51aafe3e94ec23f2132020a5

SHA512
a3c1bb1bcac95cce3d44133f54f4a5f17eae96592b95f45019afe9ec23d444837bf32faef0fe8204b8ccf314ed4c801a5e9064b349c611d60a145d8121a6e46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9aad14b4f8dd40a5e88a6a8e2929532a

SHA1
e97f7f83fdf6fb4c6af4d38291353e664c7a9eed

SHA256
b5db2e57fc61bf818488ebeed890df54d2b42c33c949af1d7081c4f430b9e7d6

SHA512
0181860c12573c8dbef09f66b5cb1e86f983f1cc9737edab527ebf679535487e7ebf70fc1ecaa20a9aa443aec2992b139254af5444b10db17d997b46e4328ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
272d9c016f77ea63648876e67a3a7d1a

SHA1
81e96870962eca23c54d368d35b8690ba0d4a7de

SHA256
d340a3166b44d56ae63abb3d6a6a258449e6772cdd3a796654158a38abb47c8d

SHA512
645cb9df317f700d3d51f62fdca537e76d0b6e304ac769ceceac1bf34fb570bd03d4916ffdd9cd65841813e3ffb0af3734278cc54689a06b89cd82a02c062ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7ac2c80c91593aa8129448638f4cce5e

SHA1
00209b2e54b8a8fc9f6e41056ea3afe8c550064e

SHA256
a0408b38801b87dc810f33042693d3401fc76c48ab37f066ce9ab60c504f5622

SHA512
c07da93e707f149fb3841ba3e0fcee57c85793648c83a219ec835c755ce009ea9ad4dfa2ae3af7d223aedc8eab615f04e016d91c9a945a6825dcf4f9a6445f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
39fbf9cc6177c6b21edd00912c87a2be

SHA1
1e820a9f7a95334854fdefbba0098dfef4a34e3d

SHA256
cb470ba214bf84bde77b679a055cee393f6f635e3de760d250732a1fa734c47e

SHA512
35e74712213da7a703bce5e59cfe922564e140ce92e7cc50f71dbd58b9cf2ed49d945f8bbe8cbdc9dc1ee35cb4fa50790cc8805787dac24d76cdb4c3ca435222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f23b.TMP

Filesize
538B

MD5
e15ac8e988329c9e4708c5d09ed3b39a

SHA1
37600ef13529a875046122a756923d841b5e6f45

SHA256
f2fe7c5ec9ec5bd9dca50475696a29917d3ff70d4c14f7fea1a709b8560205ac

SHA512
4cd78bec4a98aadcd896b5bcc045606369b464f817cfefd297e6a95a61aebb7dedd6766ddea66fa805b89d248ae02592b71bdd01c3e04f06cece13e783569492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
dfa2e068194c5755fab7980b3b306302

SHA1
ce46429d6b884aa4d99dab6ae4fcabfe076821d1

SHA256
2de202c8543a6bfdfdf57557840bce794f51d36659a0ca187144445fe6c93a41

SHA512
17f84ab95a98fd2b2ca3d3e78c3970313c882d06a64f8e4c7a0b9021fa3edfae63fda298e32d6eba30dc13fc021973c6a121b885a5af51f41acc3ad0219bc8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9470b3dba9f8225011f60fcb57a60f07

SHA1
c0278669ca537a7cc4320f26c6cff9315573c0a7

SHA256
4f32c6f47153053d995a2f68575218945d8d6a0c926ea63e08a49ff83ce617e6

SHA512
0869a9239808539ccb21396737112bfe73c2fc5af02c78f819b43b960c5e2873f86196d0f4e87c84da4a68ebf86f85fd999661dbfcabb083073b31dde067b419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
61563c7f6efc62412735a749c4b8ebe8

SHA1
56d6e133eee32d0c7aa0a0dcbc8e75f68141e915

SHA256
c4e8013c9648c0366c54eab2820f192ea1d4b24650fac485211a02fbd2fb256c

SHA512
6e5a2ebe77c185e9444049f9788b3c18af704f45ff07680718941d14d65d4ce73097405d64d7d369081f67f7be798a7e1b409ccadc2a501c282645c884c984c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
7ce0db5e153a7c961fc6418067c08261

SHA1
200caa9d7b10888d357ca802905504a322b3b45a

SHA256
974a717dec1b37d657e588fd57c2baf056fa910ed7ce8bbdca4af44d9fa95537

SHA512
94f4d56d774709fdb893d6afd731321eeb375b041da60c8a8c39935fd53697e290420b1be9c01c67dc025dff15999e97c0ba22de07a33780cc681f92f431193f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
fbe431549bb2bab64034ebada35c75a2

SHA1
8673bc6a88af2962c509603b893ecc10c0d6a992

SHA256
a960002c8e02c38b07f6b5c67e9057ead164c8ccff0ebd13b2ae32230f80aade

SHA512
092bf227fef9b6c0d58f100db5483e7719286fd7e208b33d9f46633f95ea0d4551c37dbdddfe828606ab39911a6591d50c0ec24bb11aa1bfb7a883a429abe8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
017996f24ea4eede8ed11e8c41a2c80a

SHA1
7e9c3bf5b1d21ed344a72bcd7a4274c6d86de984

SHA256
526730fdb0c7a0fd3c959268b9afaac7072d1ac8617c6e21aaf47695dd81cf20

SHA512
f8bc118f385ef9d430916c5de7ddccd06eb1bcbebde771e0ba413cfaaff68f6042aefc1945b26360e74c47aa57a3d5fac30797a88ac6340bbf7a7027a9008ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1a6a6f109b5331b1f13792f8e43b1188

SHA1
5c08af6c08695a14ee6fc0cf8d238338f3d1a950

SHA256
150a8878eb55749a06b8ffe5dc60f3db3fba47a3cdcb1dfb6a4ac67db4d365bd

SHA512
4a438f7a6d3cc9a98c3d0d14b3573a3d80026934599a3d5a7f09be47cb373ea2f148e36c45d948282f03a54b137bba5310ffec1ceb73b183da60a8029f5bb907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
dd5912d31e5376bf66af33364aa8c753

SHA1
a1769a08d768dab1781f797fdfb73b87b324abfd

SHA256
e43da6723d55c871c7c16ecedd0ad2ed44f69575a8d0c65407e15fd73b896b61

SHA512
f1553767908b784cdb7f2c607c387f86444ee118c53823bbace90c9b5ba832848d872ddce06b0e36bede44b563af4441a1e856624da37fffc475e820d1311c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b5e7e68ed8dfb3098f749784b77de30

SHA1
3973b96797c1e178fee714d986fa04be2066f2fc

SHA256
f390cf0f3fe386b26185b5eedc1c59ae46ade2ebc5cb604374e04ec9e5d5029c

SHA512
4adb4d45ae32f52abe88a26c3b502c242fb97694923918f64dfea8e888e122308c73d8daf70d7ed67e21ab10e15d6f2b169dac57123750c122f1c8ecf31f4d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c03df60d5ba0135ac6f59ab5e9c38051

SHA1
4bde24799b0f9402befca012029de3ff9e131688

SHA256
b9642d9edf9c1d1c2e00e098e25d4e0a328e1ce6f661babf7cd03fb7228dda4f

SHA512
b4a0e0b932a3a9219657f4a045fdf9a2a859010cccfde4d46a81fe6db741b32d5418e57798e76abdef319d9d391f2fda5aa42fefdc7db358cb8c42a62e0869ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e5672fd3e20905f2a906a9ec41f28f3

SHA1
7e5dafeb27b67add5196fc5ba13469274b340be7

SHA256
b6dc76bb8a98642ae3727fba6cee80091b8a543af01e4fa069d06ed5782fe396

SHA512
c865753d7f2a5e201f4b659761b98defe616a7349e71a63c349cbc5a3efb5eb15f3cfb9e981fa4d50aeda56f13f09cd03dbf8456adde96aa4e68620547ce7b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1328c67402ee887094ee391d8b67209f

SHA1
88f6f233e1670f4264549deaf572d630b0879ac7

SHA256
4338b5ed6f8ad8b953a806d6955e8105250b92e4abc4e4ffb8e56d4559a058b7

SHA512
3eee1de954ae6dda82995c12e1bf727eb13e1742437a079026031bf802d0f58efa10b0543801abf9883c9232ae33321b8bdd7bcee92b923f9be2487194abf675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21903b6685baf6fefaa8bd562dbcaed5

SHA1
15dac2d22a87eb923736d6fdb5a181f485b519ca

SHA256
a4db1e07d9008165b9efdddaa4eccf5373bee266534c04325aa16206b4bc6901

SHA512
65a7f5e6e4b1b292a8e4ca95b40bc85751068b3869c9fcecf2847e6bc08ce4ff2d5de864def579d3237c6c0e3969b7b6d302db582dcf3a1f9ef9c15a2d22731d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
14cb576040e984c700c9922ae3a22e07

SHA1
84594234cc7c01b0dc42116ac6c665ce4ad9b12e

SHA256
2ce96a83ae20e147940c1a6b2d105e07c6241fdcfc0ffa8bef141aabac94bd5a

SHA512
ad1a7619deda5099a21ccd999a461a9fbc2ff020834b396c979b2faec651a26d6b5ca7b0f751d157f75cb3e7d2493462c00a19bff97db5910cc27a47c867f4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FEMT12MI\p[1].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\501369a0-6176-4d02-927b-5c9638835fc6.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hxrpj4nv.ls2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7D56.tmp\SimpleSC.dll

Filesize
1.1MB

MD5
7b89329c6d8693fb2f6a4330100490a0

SHA1
851b605cdc1c390c4244db56659b6b9aa8abd22c

SHA256
1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d

SHA512
ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7D56.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskFF61.tmp\NSISFastLib.dll

Filesize
137KB

MD5
9c7a4d75f08d40ad6f5250df6739c1b8

SHA1
793749511c61b00a793d0aea487e366256dd1b95

SHA256
6eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef

SHA512
e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskFF61.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskFF61.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskFF61.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskFF61.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr5B1F.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB330.tmp\Banner.dll

Filesize
4KB

MD5
a1b9bdee9fc87d11676605bd79037646

SHA1
8d6879f63048eb93b9657d0b78f534869d1fff64

SHA256
39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465

SHA512
cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB330.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\metadata

Filesize
114B

MD5
aba898b89928dc630c02a4cc5f80f159

SHA1
896484b71db30dbbce2c7efe094af9e24180de83

SHA256
51fcc1a439dd578e36b1d9611a47163d411819e203b3f83f017d51e224b33bcd

SHA512
ea65d1b364251e1586f71982d5c91678a9e35a5aa00da611a3ce56d0dc6300c679ccc6e3b34426a0b500f3a73e1f256ce2f4183df189e727383ec60751aa8044

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\reports\dc4ff9f5-0d3e-4dff-8d37-e094b51be196.dmp

Filesize
2.0MB

MD5
320cac8df8b12a7e1e4b5307b7bc0e0e

SHA1
e387890c22fb50c70bb7d7e008f0de594050c851

SHA256
6ffbed48ef0521e92fbbfc239f90471914951758713f30d151fcc8dc1e936245

SHA512
eb691fe23eba46b77d47a0246bc85d119fd6aa08d8c8f11e68e79db0b7dd5a4d2c97fc965816b6490730dc87f94e5ddb4f478f9e6f01ed1f0aaa4c1bb6b18064

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\22fe6e8f-7e38-4aba-aa68-312674dc1bd4.tmp

Filesize
5KB

MD5
a268852f66eabdf0ae238400ba674203

SHA1
568b9770f7bb9f369b6c8a6e7bb2f64d34d155f1

SHA256
2c294d2a12a69dd83d9e4cb7b3fcd49957f84fdc8c9fb364ca70ab5f19cec8bd

SHA512
e4ab74db243a990e5af46592aedab360cc1eafa3131e86082a7a6bdb37fe63a7cee87b94f15e9da46dde44062f28801ec50a8fce1c258462ca7e28d572c445b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\52087729-a294-4f95-a806-19131e1c3f3f.tmp

Filesize
5KB

MD5
7730bb24914eea19279a4aff149b27d7

SHA1
5299d1af98e36c46517f5dfbbd8bfc29ee060181

SHA256
6eb5a65b317b3d40245f9d8cb5a6ef197413614a837ea0e399d458804e5a5e73

SHA512
32b1ce98d684a0725d57b86b696b226a8710b5170712ff7a35b8f602c0ab5274504fed20fd3ec833559d9d8c57128425657891207217e0955bd48a84fe85400b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\9b9a4e7b-ea10-45cc-8e1d-7f1d2d617ddc.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6bf48f517f9b356ca1afd9e41027e66f

SHA1
cb5d0aecfab6b0a5d4f842e067e3be10de5a3c8d

SHA256
a3619746cd91ee087d61fb387e1d9175d9573daf224b5dd448ec2a16dd102b74

SHA512
6622b9a25fc685dca93246456c313a3760bb1dfb45c8a9fde043d30ee4fefab8420025509d9ebcc2ea96b61d1dbf9c51dc10b068f26dc00027c659eb2c4736f9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5bf29a.TMP

Filesize
48B

MD5
a4d94950a405781c55f4b75bc4e83c2a

SHA1
9f5e83b759d43adf7bfaebb275dd2fd1cadf4fb8

SHA256
4b077d70879696a28c2e85808ab5fb3629b28715def955164518ecf84852d0ba

SHA512
be672219889ac1341d7b5dcda3432053b5140c0fb66d7ec0ddcc690ff68b946ed07f004d1c15505f475bdc6f4e24a2c40f42da784e0132174f4a243f0d2ba9d1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
73eae3414e66813ef7f347f9915f5ad2

SHA1
6312c3544c07b23c6432c8abb92c4bdfc2e79285

SHA256
5715579d636ab1af4a65b109a1487f25b6603bb83f0f720bff415d344c74eaa4

SHA512
4cd1112d28bdb8a9c22d69617967d36d575a7c8263f7be3190b47cbf394d10afa1ee17e7ddabc5313051daad4ff9a47758a1c0ad34dcea83dba862dd21d4dc89

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c5e4c453ff297a0d5e8ca1f241b0a0b5

SHA1
68410c242f9f7f10f361204bd4c6bbe122539619

SHA256
b484b7dc87dd417a92bd6fa4cb0dd77f1732581c8f4821f8a45cc08be2a3874c

SHA512
897c93331a3dce13b02f61cd14d65ccaf14cc2f46a5b5de44eb580535fd46cfc372d84812ff2fd01e6667c5f97e4db940348efb55a9e56a6df4a8280a24f80e0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a989d2b4919b95ff1cd10626ecf7ae91

SHA1
bf60c7dcd8f0d1270fc0c49a535e7f79b25cfe1f

SHA256
6ddc079df111ac9dfada26ae0852ba5b17bae2d8b888f833fd59fe6c2432b56a

SHA512
df47c3af85a664e3e05d97cc17534b94cb27ce5df223d92bdb2306799f34a6a33e9b8d467f8e3ef539f528ed6f1070c3291fa527254b1e0b3b09f3e81e0db85a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
82dbba00f4be93ebe707daeeb57e83cc

SHA1
79f38ce026298a2e84e21651fb18d9ac07dccce4

SHA256
8647c9e177d64b9bf59847637eda6a8aa2e1af242655a7e2dc340699f058c877

SHA512
b553dc4e052d8e492dcc3ae796f6c60a08d1025ca3468f0eb31a3f9f4cf6c83d357c85d56660d7f3ffb6811762dd081e02a901c7fce46b403721caa4a6983d3e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f8405d57797a31caaba94c6ae5f22657

SHA1
da5ae521b4343979cb52366b36390b2dc6bee5bf

SHA256
68db0c008a6b61b740c6a161825d0ffd68981d36f4bbe23d4a3dd87a203c2d94

SHA512
667b4fe873cf2d5308895fee826f0b0a0982b388247ebd84b9817da394ab493a6165d3f4f7cc0cb00ff7753cf017468b82cbf4f45cd008a955855b9ce1afaa67

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d7e822cded939033b021e273a1b6ea4

SHA1
ad4b5c36bfcf713398b8417ccbe7768da85337ba

SHA256
73eb7f33b788eb54d9cc64b2c136d4e60d961863c96d71830c1d73388928d345

SHA512
8fa676a180073ce10748ed86e5e72ede98a016ddacc72ff3a01980ce9a37860776407607e9149d3a1ff6f73dc48faeffdc57228b1e7522711290df79d7234233

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5cac64.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d2003078f8634eecc6ab778af1187be7

SHA1
7112b97cc788440900581c6afe7c5b7bf0ce591c

SHA256
5d273273215832c34c2d453a3c6067ace6d91e1cef27096d64981ab56b9a4a6e

SHA512
e12b86a862d858ee4f622be3a02c33d50cf44479e6cd9a209becf551de8eadb3153807472619d3e78e2791fa999623a1b3851b99f9a57523669ecc7437be6b1d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
17b32b8d4fff21ebe412b367a9ab04fa

SHA1
2903ea7b2e55794a99ed50ac3b6789119a5bdd27

SHA256
5d1aa4642e88c664a6d555e86c7d1964732b65cd48de68d17c5d3142bdeb4089

SHA512
74cf881e95f8482fb00a7af42a7f2fb35932e6a5f971da156602b71885763c909b4e1d5bb12fac7f2b6af69dd925964b7348113136c1eba064c418310fb0a319

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
c9ceb590de4125c95416c46088df82d4

SHA1
10c00ba60e4c188bd6f28a568c2f59e4a5739c5b

SHA256
7db798a1c794e56795e479b30d3744122f81307a7ae628e062f71019b715b4c7

SHA512
36d0a1ec8cc80d3414c0dd89be52abf1c49494d37c389f9da01e8c5dc3e0785b3ae55daea3b6c7ca6121b1b31ca3296fd4e1e6aac30f2992fe6f4c93fe02eb7b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b5ddc7818b84e0c8d143c0326c6e46e8

SHA1
f3f13cc6ed0bddb380b08f25a088e2fcf232d7e2

SHA256
96f83d895c20e933f35c3dfb4abf828f8b246331e03b1dc668c78f24e3359d62

SHA512
ef68ccf71ffbbe768e86bb18f73b84c4ecca70994c99ded6d264082084cf0d131b1c95c8b6f63e27e30d8206f1c8b720ebe4aec67c45b4b236185ffdf14134a4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
3644f06bf8227ac67e1dd7ab4dffdb9d

SHA1
5c5a8f64adcead4a67646c64be66771f209795f3

SHA256
3735a1f356c9e8af96d38ebab6a65831265e9e898113af835a75da387b22176b

SHA512
6abee9746fae68628e1b9db3043abb41cef0e3d32a4acd056c59bcd7c068aec7102f62f42fe83392b5de47bd57a026674d8ab68a3ed74f996548b1fbbae5b18d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
46c65bb5269c6d966d1047b7ef717bf9

SHA1
ffb81ea75e4fc4b8a6f66b9a7ac34a7af2a5c94f

SHA256
17ebb8aab4fcf69d3a53359703a2ea8faa5cef6973bc52bcdebba5574288252d

SHA512
e7a8b57b34a753102fc2098530bf81f8d18b32a70496623e157374a13785ec28b66a8d278aacfce43930ac92361bfd0b2cd700a442da6332524843a6d02625b1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
fd60d15d1fab83dd3576e75d2b6f92c0

SHA1
04ca6347e4b2041b6701fe7cbc37623d549cda3e

SHA256
97bc9cc68921afc935546c6f18ed4dd9a1e591dbdd29f88388d9118d1872aaaf

SHA512
08e200441052cd38d4959130a360e6d4e0317f31d2887ef51306485a74e4da536bf2651346790d5237c720c3939d18d9edf26093c5348ec0034b7779d1ca6c40

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5bed4a.TMP

Filesize
523B

MD5
11d0437e8f88b41b157d2376f4eae5cc

SHA1
f9fb54a5313ce3dc65aabe224b5e54ff9a439cd0

SHA256
a04ff527b126af715c2423de262c607d4938c07d2d15b62412be52d5a13bc1e2

SHA512
9aca95d5c9d3c0681b602277f8e2b65ea87b91fadf0e0ab3c71ba17f8056540467b7038133967b4447235a297647e5ea07df6026c32acc1552adc727d9f54389

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c651d9cc85560b0dcbbe293899f45132

SHA1
7c406dfedf6af6b9cc8bc9abf9da8be4946f2ead

SHA256
b7ccd0d43bff0b2a64d387bf0a762bc3ff75f895f0a12d2740bc3b05b34407ff

SHA512
5066c5c94919bbcae0c085337aad39a940de3aead6b6f429f20f71a41fb5619c8a0c9aa0b8b39de773cfd5bb54566066aa7845634c312ce8fc988c750b92cb3f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c893e83f79b7649327b5534074b042b7

SHA1
7716e0d64789c301d339bac287dae1ce130fdbc9

SHA256
6ab30f429d0a9e5e66c77a9370b586b76609ad30d7098191ba2262d9aae61dd6

SHA512
96cb2303e8ad006756b2067c35f3595480af0492b777c49d6f9840714d6d566fe61ca66867eb394f9342b566d1fbda723f0570dae64cd98116dc5d106398f6e2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
78671ab3a4e61baa4196fe40d21671d4

SHA1
1ad6f8bbb716985a27d3b34eea6e3e42f381f31e

SHA256
bdf2c86adf63297f42decaa6ea8b6fdf01b1aaea22f63704ca8870fe4a9c34ce

SHA512
47218b942b0dad4ff88ac69c63c643801426ec4eabcc94fa601f6f39e99e5f127deca4836e0bb46e6df5655e44a79cad3f4e30a77967f98f3391c6599f682a90

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
30032c51816b72659505a8e50b436e65

SHA1
14849cdbfbb48e7e5ab27ce2e2193bc59e915757

SHA256
ce8bd31e0f03e7f4959fd7a9b8dcff3c7d162ca6f72cc4518566a834c1a047bd

SHA512
50ab2fffbecfff941eecac7c244f22a2ef08913e4a67dade73bfe81cdd390d1d290b3c01c86016a30c5c28732890e8b17b4c0811e3237f0bc20c8e3a8c007227

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
626e22b8f3df5609c687cdb1bfbaeff7

SHA1
0432a31376e2f2ae5516b091d1be55f4564c48ad

SHA256
f95d09e3c537580743b4e7dd0e0b4d8d1955b650c123ce790efcaed71795fb0c

SHA512
2baaf7d6d6015c9f1c27f14b0373c63fa0ff813df28b4f0da38595848aae4d1072bb428b1cebb8ef28ae454a6a7af3a8f33d455901f7d9d5a2ac7451f9c5f9b7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
1c6f3e70982e85386f102edfae18f5d7

SHA1
5246bccb07486750f94f9a44525e298f368b56c6

SHA256
ae4a69fc3630c9d9b7a344dcb69e5607ba27a81d3a8a3c70641a53f86364b272

SHA512
0e7ba19aa62ff6a89132bebc981ced5686ef7bca695a0bd58526bb71853b751ef43612d62dc6730ce91900871b9233242c74d767d38fba8f6326fff77946a466

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5a087b9b1a830626711897e773681a87

SHA1
e41b8173ebbf998de14d1ea7a83b1e7c2d33cef6

SHA256
bc59487ac2f9d16eafdcc8a0686a59dfe3e223ce3d4a24998e021371de34a8c9

SHA512
54a91c671039a446ec9bcfac9afc13a244d1668d2fb0a1f9398bddb7bb4f5247cae2421b5b4fc13325117ad6d2e6a7f7b65b8d967c8c1e838c8bb63808395a13

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a11bbf5abdfeadfaaf11b11ce3a1eebc

SHA1
1c194fc5559b3babe6911aacaa8bfdea895c542a

SHA256
23f834e20fc38dc0a8bebe044a613c2345f8d5a3edb388a38e015eb28ac034d1

SHA512
f2cc285baa166f011b9a87af634eab22c540e11f4a9745389f3a09cfb92a76fccb77087373bbddf69ed72edc52b11acd91528ae7428a9ba377785ed5274a431d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
3dabf76e30a7549101ce5c343a204147

SHA1
5ddd85b3d99d07587ebd1421be55266b388d16fb

SHA256
7aaea2b3190c88ea2572f0005957043f62352126b506ac345c8eb553e377ef15

SHA512
9d13e117086abf9fd8558bb469c461621e5430982ca66bf4d9bf3989c6c5dbb3edd1960ee2c1d2e458d66d360dd3dcf7d75c552e97ff1ceeaf6a31af94a518b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
fa383bc7aedcd7546182dbe4825ac77f

SHA1
c7ae2d2b361d6084db94e29185743678137d8365

SHA256
40c18bf58e7712f83e1d39510402e2fb7f36e00cf408060b033633f5b0024018

SHA512
5d4ff0c88361b5504bfd05513f6ad0419379cc1e275741782047d4a0283907211d75cfc79b6bfc1ca965685db7a45a77e903111ff5660d5acbe80f62a8d168de

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d6c06f6551ff967667c6ad5d3031450f

SHA1
532efb88c04cf64412d029a4c9733a23392ad2d0

SHA256
d264a6c334cb42b693132e71bdb37087bdfde6c0bf4c39fba413f3e3cb284ef8

SHA512
6e87c35505170fe570eaae487f24e0a191d265c6ed8e9d9930b3566029e55061ebd4e279a9b22ca69321e0e7577044668e0eca549d291efadbddc38a5bbdf9ce

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
3ceb6f98ff246bc144bf20c510a6c857

SHA1
59944cd772d7892356de4d84b80f0038dd513529

SHA256
69e50bff08adaf19d3649c67e7ec5f82c67761bff9c9d49a12ccab5a1ad321f7

SHA512
b82455073deeeb7f330ed584e4bbf73c1317afd586af9bbb5392ac09c2695a28ee789d9cdff8a8b43b7fc1c84320c34ea4119aa1402fda4a30fffd7f6fd4d750

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
1783fd43ca670bf73621194898d0a98e

SHA1
8cf447d206d27289a8e12fd4a308cf07b5db9511

SHA256
af2c2cd11a5279f3aece06f5952c747da5ea83f722057932ded8f58b044e33b1

SHA512
faac8f77f6909373d57452ef70f955c5881dcf9d7ab4f5890387664adb91ab97c3df33ae3ca91f9b94a74472409f70e864c07021354f886509a2a80440bae4ad

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e49f80029fbafc5e060c86d82bfbcdc1

SHA1
164563244da05bf3085a53a0ede68220f4b3b315

SHA256
2124641bf1f69723bef865c4c7c77d811bc065f04b9e0691b5aa78309c09baea

SHA512
55759e8413c78bbeefeca37ca251713d6e5d1fad3eb8f37d5c215050d991a207b11eb9f945e6beac7cca8ae9423c2c9b483a8387c608337d045ecc41062b276c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
9f2b8061cb6748011f1e17f1f1b5bc1c

SHA1
aaa29c2429f3fcb408a15e205895ce43169e6706

SHA256
089268cf5f13db90b3e83dee0ed44e3cc1a0850c32c90f497d5e242057f1c332

SHA512
20a26867c6b197fb8711f40672f30e8be406e41f2701fee75f1ececa16d157c06a285844007b595a4767ac6bd6cc2d3a7413e524f74cbffe7f4c551d83b0ad06

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d8ea395c675fad877f572a674c3ea7bf

SHA1
7f89684fbeeb91cce5ac4436529c6e7578fdcd83

SHA256
641b4daa09c4623c2e198a72e428e2a0b3d8966f8caafdd31e5ca5cac0db0a57

SHA512
15991ca881f9caf300b0aa98d3e8f2e941aaf2db7916000d52f6eb6df8e7dc40c138efd11fec01f0812c2a1a48461634fe709869ba52b627bee7e86bc07f65b5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e797f0d4030848f10e460968f66208b9

SHA1
2b15607fffc50de9eebc13470426f8de9b42dcf3

SHA256
7b968b56e7ee1c2d2a26fa92d35d7ceb8f62b4557169b071acde5715144c444e

SHA512
ac1ddeb35a23540d748544aeecf9e19bada3e36e5534afdca8fd59f6a2e94692e16e31eade20ed70f6a23f8350702c3d46720bfaac986ffe80a23c40c8b8602f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b03ac185b50d0a81b783a613fa024efa

SHA1
9aa73db2024b27f1ad1f3a0db704696e14e30e6a

SHA256
398c6fa8325263a020e42ab389a173f2e9b20d6d9b3c72ca522e8a0b9b164bac

SHA512
86b28c6e8aaf6101d21d85c6e47124bf32f4b4a6bb70091bbeaf66f9fc726a988869092b2dc0819bd80ec831f2d45e41d3bafd38295c896a9ff0e9509c9461ea

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
864f65f33d8864d366c8afd3adc51fb8

SHA1
aa525cb82ce3956dce4de6033ea32a1dbc538d0a

SHA256
f407a514c4597bc8c28fb02abe8934a2b3cf7ac58eac37ee53892bfb9a20ba2b

SHA512
c3828ebafe456d05ae47e882aea253b5f70d0d1f5bb30055c30069b2056fd0bb7631983a22ba82491021f9251d5c3d298283b9fe087da41d95bf569b056b305e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5edbe409a2eb92e834e7aa861bcd0959

SHA1
c1422f108e8c715ca52b6618184e644c570a5a5c

SHA256
c51538a5dcead17cb04b0d626320a95b78441bec6560564dfe6713180ad2ba9c

SHA512
980fff9e87069da4e722079d0727a787344b0a304126529935ab331de558564754a7b2c3fc6e3d86eb9fc7dc122bdf416a2e6449bdad91f100d1ed155b1226b7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c1c1350459400cc01ffa7f40085d7742

SHA1
c6d7b058cb23fedbbc3c362da91cc88eb06ad930

SHA256
f980afff71914d62b91882a30265dfac804238e8f092a18daae65a4bfb65bf59

SHA512
3bcfaf56b357d98cd25080a298b913237eca630bff8b7621349f6431f5e5776dd74ab67caaf5e81a530a40235262443d73b66d6627669b606b5e47b4f4db1db3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b31a57692cbe436393a7752298f44667

SHA1
3765d602dc94d042becf59b365b6ead88a8bd69a

SHA256
a46c27148405b65fccd68b785667648a54988f59de9e1cf0464d321ba01b2c2f

SHA512
f1d8cdf391cfd1d85704026dabe97dca954cfc88ae558ab8b095cfa92bb41830c114e63582438a976e49f38480bcdeb163c437fcf7220346ec303d1f4d8fb853

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
3fffc130b83c0e15855dc2aeacb95075

SHA1
08728abac5c5a03f35c891063f55faeca9780268

SHA256
ee1031185a24aadd423efbfa5321652f8660444bf713b52304fbbf69452e0c03

SHA512
a7af044efbaff11637c928f2ffaecdf61f9faa4ee61956aa882cfa5752a302a29ca86295a760c950d3de084f5640c750b637d3bffbd5118e3fe2d108e537b179

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a6785602086137dbeb66b592d4883dc9

SHA1
e1615d31f26268c0a60a1c9af5fe41d7a6ff6a99

SHA256
90abcf5d7e5b5b1f60a4e2a38af074a1e2a6050544e6d52690b6ec8eab5cd026

SHA512
5fa733387b817a2293f2fa9669592c70283e93df10b14540eade59ac5e6ceeed0f6fd0171e712ac17c948c8b5370a8d9c9de68dc229f7d2b79d4bbc109a23b99

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e1b206857d4d3aefda7720771b05cde4

SHA1
e00c44772b63023062c77c6e82ae0c120468994c

SHA256
286060bdad676b8f67154bb4189d05698bd935b2fca9dc66541c9e0436e03a83

SHA512
9142190e8bb82890e7ffc58343d5e0b318c599a5150c13ee0503d6c97065a24b8eef0a652fff7f0918aa049218d2366c34caec0046f83994d85e034f4a64ec17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d03aa7e3a8f9cbdd0f9799b71f4e731a

SHA1
cdaba891cd4c4bfb9f5c227d0ab4d442d8a33359

SHA256
1d9ba5385aba9fab6761194c15e2ec4566c3f15e9e861128f8d8e05850f4b69d

SHA512
74da6c43ae817dfcad86c5f0397da3b9b5cc46b6113a525591bbd71183d5503aacf291cd4dc99e86d3824f346c1fc6226d60a7a59419bfb4b6e2c9943a9d7547

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
244377a70878ff34cfe649dacbc2e19a

SHA1
240916c5216195c3700c3b5f44340d92ba1c454b

SHA256
bb6b975c65a1810d331b6313d9b245fef8ce367da259c7ee38af10ed95c19b35

SHA512
3955a1d076f89be64c9eb8397fa457d1dffab8f95be40c83e1872133e423357e7281621e1e74444af00618b27371fb2cb3076a1b76dd86ebbb88de1717535127

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
2bdbf9462d32cd57fc0e86b339206830

SHA1
06515bc2266cd3115594dd927f7c15b8f948f4b8

SHA256
3de386239389ecde5d5cf3f79368fd94311320ddb3403338edbbdd3583c70d81

SHA512
399ac839a3b6be946203529edcbf0066e5500cda32145aff45bc6b3699a872f4733592fecf75fdad1bf9ef7455c70839d8d07d3ca6aa9c3baf85454a492c6fd2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
6150b6e80275bbad05a80995177ab35b

SHA1
dfa727a2bad89c7e93e533f8f70b05ee62b39715

SHA256
f719fb49593df29df27b294b2bfa4af2be426035ba66e789a902d47303fb360d

SHA512
cc035f849df60c91dcce4faae5d47dd9e1f332f34b954260a7dd1697dab39ebe28923f72630829986b9940c7da52db0508be738686fe6df072f818d64abf8b8b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
4781624136a45dacf3b8d497bebdca80

SHA1
1caccbb62c550ffa28426152e398688540e6fd79

SHA256
8124ddeffc283ebd6b8049c076c43d76112ea683b06390499a2789a923aa95f6

SHA512
473c90281254ab59e1d6914b2d0810aeadd330e7fa3ef1e4c0fbb4e0482dd709696313cf154c997b387cdd903331e7a16578f5e750fd8fd976adf42a14cb8949

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
e679ef3334ae4c86e5fd588e797949f6

SHA1
9c5a6db031157ef1b5ce48a45c0712d1f61e6f5e

SHA256
8769ce96ee7f0d1d8cef2df2a60e82d28de04b69b51babd298796a7f0f1118ad

SHA512
07488957b65bc809ff15c7a4ab53939bc68c08a78a264227e2bd13cc5a1b3131e3e1e193fa59350f58873b89c6f059688246726c3a94af997ae39d75967a57ec

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
f309b657c130aff7a87febf20b2637c4

SHA1
4f030cca2d8a3e0776c80139f0202e43fac495eb

SHA256
0986c207f41e1f78c605a73e6b886aab7a74dc3f30fce00959c079b33dd79ad2

SHA512
64a9339b7c51a704664d45e5e3bb5ad004a26db7a3574c7c9ea077a0aaf2687eaa3fc837e9f6c4a5f03b8349d8a63f2c39a137ea5c1efa922194b1be77dd9cbf

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
2b1130d95b1095c1b55ace34c0a65a47

SHA1
6722f595ee15fa940a50194ebf7061ac90413524

SHA256
3453246a922990d8793a0fbb88c793e67a6df214a49cd00b590aed44acc7e464

SHA512
65382b6c1181eaf5ed76f2135185b7864904718bcd01178a85fab25aa80eda66349bbeacd707a5f7edf6f5006afac64f092b3e431a782d30db7ccc962917ed37

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d832f4cbf739e99a817ef1ed4e3fc4eb

SHA1
936ce09d0562858ca5afd15207ec593478bbdc86

SHA256
f930e92bde2a1b55377a59db7acb303cd4f68da9656196aacbb782cae530bbe8

SHA512
cb765d7f42aaad303711a570535d1a5d2f4b72b95ed9cb490cdd760a0bcb96cb1439a20ee6e5562c08454c0d2a743e677f4e017d519fae8e623ffd2a78a8414d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
2e36c0e548a4eab02a51dde2c3821ad2

SHA1
c95332c67ae402aabd550a113e635268ed85b0a1

SHA256
d8ac70ff4aacf260ebe87e3edaec3536334bf78c4fb92ce2a439bc5de38a6659

SHA512
ba1c6cb3d051a7cfaa7fcc1404b5585dbe4fccf2dd4f28293979255b2fd7244e265e69bf2f30a3597af70fda3165069e06900cb65a88ce948afd112c85d7fa9e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b23b1b05619fcd7642f0d83917b90867

SHA1
20e5adfc2b52011f891b75ee77fa5f94e99764f6

SHA256
080152dcc0369e80c20855d68b173f535d58e4398c9da594c266c8c50f8bacb2

SHA512
cdfb18d6f65ae0ec2dffe7c10fd7b8e1efd25b1c869e331dc441ccf6d9545074954137585c754cf3d6a100f3ccf098984ae9af1e43133fda7eb69ec7b95f807d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
931f385b10f74618e6bddabf5a88fd69

SHA1
cbb181fd6920e328b1002ae3f2f884fc67bf7537

SHA256
ca3fa585caacad77309e66a711c174dd2727523c7fbb8a186a84d33c25aec951

SHA512
049c959d58d76e556b91aa55e74d8f89e81ce1130ef4b371c5ca1ce9820c4db0fce2fce268cc786656c3c1ea76af9e9e62cf021737c2b47a58b1ed3aa5f06e13

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a0d8f57a5f94d45ffa1142fa25e4a6b6

SHA1
57d5b7d3ccb74f6f45dc51e489fadca74b4490d1

SHA256
2982eb51aa6d80e2d52fefb9ab99f9236f3866a0bb7a2198ed2d21e171903f9c

SHA512
1320daec8320b6b0e387912e7b0f8c5bbad5616f7bf0c37691f4a4307a46fdab1c6f850d5ae03bfd509f6bed8ff0ca423c7bcbf41e6a717e02268417438504dc

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
3cfa437b302af5f7dbfac9f5b464ba8e

SHA1
8ca6292fa13efb62569a672dc647692585af2ce0

SHA256
4535535307d53e392157d7989ee886ae09ba490a80c307439781ef9abf376ef5

SHA512
162909dea36c36bd4d06b0f82024ffc5a1bb87ba13b9e863500ba2145191c3e820c7be11b90466811930f15e48a70fcabd824ad314a484f45aadcf1efe9aa555

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
680eb600957ea576bb745857f19a3b58

SHA1
053ad6cbab10e10c165ae63e7c4953a0ea8e1158

SHA256
8d62db01669de594860125b9177fe5620ae69b26d046f78f6661752f729331a6

SHA512
c654d4c57d7ed709684a9116a36097d8867a8543511ba9ef6146dad016f83856155c5f7f7107915d1ac21b7c211ab57c72d477aa3fb5587e0ca1f7b03db7edd0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
dc852d2f02f47ec165e733f3b2bf239c

SHA1
6a5b7b6ececea5d7ccd48b45639f2c039b550f32

SHA256
822cb8cf559c7417f4c5be9b07746c108021d44ce7ecec2dcb52ac8dd8b51f6f

SHA512
9fe2212201b1a470ca37d6b18f76c2944c74bed67d038b5520f52dfd8030cdacfc24c93014c24ef0a5a8f44460624e74dff1d918badfc8069767c0279b4f2dd9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8130e084e9374699f6eb10917ffc569b

SHA1
05756af6c1b433b9f27a3d83b9c60493ce1bdd98

SHA256
9f4d18ecc4476bf72202c4933e233334de8ea39ad1edd417a6e9de04c297edc6

SHA512
53d0393d70f2b5c9b495d30d7e55cd3b5f42d54ee9c9240838723ccdbc073f55a356d51e024b474dc658b8803a56e98ba8e4519761a2e78d37ca59c15656ff96

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
86dfd02d1e3cc2235fb968cad5e88127

SHA1
3b259bb5f08854b46f8baefb78ad6e17de002847

SHA256
1f9effe1dc15fa7a8411bf58a6b67b6be381a1877b4471fa55ed0ec1ad4b91b1

SHA512
97acc43617e92ba6be509f841bffcaf2040272e1abe8997ef0f2beca6963577f29cb7e5d797d8c90b0d685320e8266da6665232e09008bfd5b30dc2b15f663c0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8b0958379e8cd3233729dd2da0a78d4b

SHA1
c6a0a5eee438c1368d66dcb7668daaca45183e2c

SHA256
02adfada48930078c475317cfdfe399a7daab47c302bdc77bae4c17fe0bdcf5b

SHA512
df696fa9712fcab20755fdb17eca62a0fa6aa0f67ed01233ee9637ed2e23f9ac3887dd88154347a73059806dd8452a70def93e5d9b0db18da0be42d98785512b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5364e000e91c0f3e4dc0fa6b474c665d

SHA1
e258bcf5bac5d29602459d664856de88be986e44

SHA256
f7c7773fd82b64a51a124c622fa784f52b444c5f70aa6352ddd2c59ca563f3a0

SHA512
bc1f4e7e53afc6d70dbe676651634f3fed86b7b839d10cad073e17ccc6cd64528dbc4f262bab59db64f900c96f0ea2cdbfac7e9775046dc8990cd63a43834cc6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
0a4239b03179fb67b381170e7b27a758

SHA1
e44c4207437ddd916843aa53fa4d884029c1ddf3

SHA256
82c70fbc701f566bf08e02a16fa0d7d7563d8cfeb16f91d0b27524a91dc438f5

SHA512
3d707d965b2dd92ad13ab15c181b8aabf9b09409cf0f8cb568aa6e38f6cbd72e3b6fe4afc44565c1eacbba25c841cb74ee76caa37bc1a51efd1c75de1eabef01

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ddc210c96d7774ecd657bd1897d6614d

SHA1
7cf68eab010db45d75dfbd57bca1d1d6a5c233ed

SHA256
0490a256e3d3710e2597104bd51d1b846cd2e3deca27bd6273a08e105c1e42f6

SHA512
8133f9bdd66045a8fa2bf8d6432700d0472aa4b00be3f5309a30ccb82104c857b3e1dacfc66e52594154ac0ea5cd75c0d96081edfcdf1a0bd600cbcf4ecd0ba2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
1ce459b48b794fe863693ac3c9c711fb

SHA1
cd0a6a042d8b18415e8405537694a5081326a23e

SHA256
59bfa45ee33958b0fc9ac43fa93999a81f92d0c12d3aeab2f041b6bdbf325cd9

SHA512
6691b0ac3b2c923fd54c8f4a99ef5cd531974f8d6c7820325efb7856c902fdbcf667cdff668ccc42e7897d87774fad4af4bc47a7756d870e2d7480073d37eead

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ee85449ce99d4ea97837bff1a129364a

SHA1
20cacce56177b1a6cfeec9bd8c09a09d1cc7147a

SHA256
121e77bdf3383cb9b19bcf31e050d325939e76565a9a8cbda056fda8a3d1b3ef

SHA512
af73ea722c0a0c595c91441a702a6632c4a4c06ed7dd91d7fc1e2aebf93ab8a994e49cfa012d358154d9b658e18ad9aaf42b29d5d790278bd03dd4485d3489c4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
efe9464ab67cb5cc83caa19fa8461e9a

SHA1
9c007b9d23f6935f45f254d8addd41e8e49db420

SHA256
8b7c1d5a5054e057e09655203586f3c3d4add44a5453a98e6fa00f2b93cb44df

SHA512
a7dbfd5f8d5ec582f3ef983113edfcd1d637955d09b99bd89dc4e9673f9a3755bc6b8f6c0e8d2fa0062e264e229c8d90fa242c7eec243ce766f9193549961259

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
94e50eaa504acd3d3d4c3ff0d9f55987

SHA1
2fba87ec5c6ca56c09a6e0155ef976b202a8606a

SHA256
bb7696392785e1bdf20d3b8ef20440b58b09c94109a40a5da2edc32ae5d1cb11

SHA512
d15e02a0c0611def65820b428734a5eb493736bcc1d767c455961725e78120c01fadfd202ceb15fed8eab097fb75ddafbdc5341b698f97a3d595fe703c14a3b7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
da30c0cf434d43320aedcef1ccbbf2df

SHA1
0fd9235af63c4d40c811be559990384c4b5a6687

SHA256
668adb16c3f91cbad70a475eebb0f13fa2cfd07a7feb7d3344e94200e7b9f58f

SHA512
7664ce21d3e901e24a836c75dbcf7e9cdb1710be7b276acbf7fee4f524e845915fb1fd95966f5896c4aa0deb943699bb1b5eb83c92776c8d5b3b320be12f96ac

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d03b014a5511b2d61850fc9ce5dd20f2

SHA1
15ed631f8a2e71a56b137bf2e2962173d7482084

SHA256
44f99f525966f6efdc4f4c1aa36516a951d1b0df767bca1a4093130e62cf0140

SHA512
0d09a310dd7c09df838c9f08d2701d35012d500ebe7e4eb820f90fcf9a5b216f14f2662cb105f2a5293e9460952d05d72b29ab9873d95c56a310eff769e24264

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
af4a0a099bcf99bbedc2f84d489bff48

SHA1
86f1fbf89c91748ab0ba16ed7a7eeac7753566cb

SHA256
b513b45a294582fb1b2d7a69db68ea7aa3a22ed50ea6e20a043722c1bfa5d250

SHA512
e30c430899a4ca4a0331ee7c94924d037a1f3a66786651c979851f1d5e08f6d0c8e390c6e2974e2ae91564b9b87db1d9c0d2928b8cfe048d440262d26cb67808

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8721bcd5d5fa503ffff6d9b53164f6d2

SHA1
c9143bd0652e6a1a9c930975c1c0fc6bcd13f037

SHA256
a4faa540b63f65ac1f4e60fad5d6c50b01a9d55edc78ebc1c9ec9fd5a95be949

SHA512
85d9d689e5564dafe93a39bb56a97f6c551a1d41f5a185ae8a0fa2346c5fa3df13568e07437a114d572e40d09e491655a7efefdd55ab5ef5517c53059773b4fe

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
77c354f29cc29513405637e49f5cbea3

SHA1
4a88671480715233050d8ecb80e6aa7baa5e3054

SHA256
3c96b07abf680b2b84bc76dedf32b17b23729016f84b5e46ada5288335f25270

SHA512
b510c384684198ae5efe2593cbdf489724bb13c307a0d903126c609714ca169c44611bee76651394d73b12370ccbe4237a80995461d601be02f3cef7a97f6350

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
01c8b22a7ec4ecc2e2dc0e7c641bc721

SHA1
0866b18ad7059db1f6c6af2e83cda7ffffffee12

SHA256
6d77251c929c79cf4a115627c21e2c77529c45aa5857faf13055daa9699c9328

SHA512
0db69322f45ce6d9daf81b82c860031e462189c637be5e450e0398467c0afbc44843d2bba0b254063c3a76e5a9ca38a88ed93765d10d2f9a2ab914c93a5cf896

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
f853ce59e0a4a0e0fda368b8d56f9b07

SHA1
86b39cc1a2bf895065ddb4319033946e61c2db4f

SHA256
0e011050befbcde510b71d46e4cc5c8bca65801adf534c7091ab0d6843432257

SHA512
e881705e961535f3b524875463f28798b09e659a516007435271418607bdf1b0f7d4630c2056971e106f9f9bf117b4c6b9613ab36cfb3c1783a0d41bfa521502

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a9801be924ea56378960789d35bd9c7c

SHA1
655234ec919e0e098e349766398d51e9067b16bc

SHA256
f6d123b456a291ce32d5b9853e527f34e9af0c7c69e2f8243cd262c82a7e5285

SHA512
f69a4f289dabc7648b93830b4cab5c483075ffd1079c547e7708b9a31cb8825dd394d4cbbacc73d0b32d75bcec3bc23cfe2774cb652a62e8c6f49457ef619fd2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
19ffba5e7ff3fc9387750598dd91cad8

SHA1
51270df4fc01b439526dfe495c06ba203d6f3b0d

SHA256
6c7b3db1d01d8e6599a009132244afb1bdcd068fd8210d8563fd47f7cf9f70ca

SHA512
de561b91c9d99751b0d4c111cceb461eeb0c4de80eddf5969a60c1a872723f56ce3298830d7919cfd8dacbb74cd3255d8abaf8ba55c3b676ea3e03efb1077d03

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a579011e2274a9cccd04b7eb26049b60

SHA1
203b86dab6ebc77654918417285ecb5f6243a02b

SHA256
10b8ae56641829e6c6585d92f20db269b6bdae7a1c67ceae66d704e3bf6f0d9d

SHA512
f088828f7e8244a6e1471708ebd83559381fc5aaf929358ff5cc45b7fddd45c4983a13d7c3c7bac573e219751bb54f71d468838af17c793ac28339874913065d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
79d2eac63caaa15eb632df380626be54

SHA1
65eb22c56ef9861e70c7ef09439a4a814e357eb3

SHA256
3b804b4d71c75dab509d30dd1be3b395944f0be864a5f22a035418c66ab56287

SHA512
2f166928bf5e4316cca63f92a5d8a2053ae774e17ad0180eaf3c20edc0c9e38f34660d2fef1abfa0749b2134baad41d82b32c24eb2c36f826ec5ea1b974d987a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5187f147feadd486e38ba0da5c48d008

SHA1
43d4e774cb00eeb3c4eed981fbc1f7b4ed672bae

SHA256
c1df9783984224a33437f7dadb738cfaccd4b469988d0ada41dd53617807c144

SHA512
6741ebbc3946ddc5e25003704f24a1a4fdd520f5f721346385358695d42b6906ee097fe3a7dfd668a0da9c056aa9504f17129bd77ad96f2d62e9dba704263ca7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
64e28007675fae22f02d98f51c124f05

SHA1
f60c3e0254e5009473230b9794dad8104baa0cf8

SHA256
bab6c8d31066dc0932b1417c1bfcd2eff464050a4f9793086465de01761fa6c7

SHA512
18f4c82517e70d29d80b0986f13826d02fea59910828a35e73b2f9fa9a7888482466e7e1b7b382fa0b652ba93a6c873ab8aca4a40ac18d6eaf87baafd1d3d0e3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
08e4db5ec84b7e1280c1fa2b0f3e6454

SHA1
a34a8211f5b515be71280c10fe0caab7290dc18a

SHA256
fe0ad6050d2b18d952d984204d6e588bfef2551ef8295387223b61d14c853cd9

SHA512
e4dc0bce65fc8eb6401ef97f3c87067e6f3222d4e366d9ab0314dfea43a7f7d3a46ffc8dac0347e0699d9df3c54c281171f9cad321bd4b2d54c5230519629c72

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
2ee3d1237586e8041b84c4e1b7e68162

SHA1
ea92f7b843e3297b0c543836f21a6450f85e5f3a

SHA256
49785d89de1e4843f74bd285450d06447bea5e52980af694e4f2cf6154ddc505

SHA512
2deaa2e348dcc06e8657fbdabb9a29db65d6325c40f1349f9dfa0a0bebc97686f269924b4b924b3cb755b8742dfe7990896cb274f0fdff1d3030d5a4fd77979a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b11d73879325739744641c8c84c1fb60

SHA1
e5c65021b53f8126c18d2dd24e548855ebcd3e97

SHA256
1d51a8ff9a5c7e01596d792b5201ccef8f484729a80303db746635791ca01e1a

SHA512
963d104428f203ea9c577d39a0489808fc159eaf4728626587e65df8eed14383913a2f8df3cb473aa6dc1545a1eb4b8b9736fc83aa3d47b3dd374a1ee7b08b34

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
dd595598de04ebb78f67f233382971bf

SHA1
6ee3ff645f5aab7f66eda733a5c280ec41b1c2a9

SHA256
369661cdebf023b6e0423e7408b96db7707fc01becd5223b4fec7597049e8b86

SHA512
a57f13b9c18413926fdcf645f8492e865c155bf4fd99d27187d5973d4276872f8417396a7c0a6883fc3b7013414df18578f9ed00096f9939d5cb80636a37aff8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c08c9fb0236db84b5319445ee878151d

SHA1
1cbfefb25ea8954979412a62f9d8081773a37c11

SHA256
84a8ca628d778f6b88cf0ac9d9c4b3ce35081899bd96b416732e08d4f337ad4f

SHA512
849ee177b9fa681e1f488b6387a05f07e85646fd33e3f767748467924bc69914747793206d58c146f0c2939b8da643edac2dde3e7add8c15c841bc698aa3042f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
0082291d035b11ed3e9a938a29cdfeee

SHA1
98749ef82f949e40900eed4ae8b7588d1d1c9617

SHA256
6d25e3825ff1b6a84d127c51f1ca36baff4ee7e199336c61e886a53880b6bac3

SHA512
733944b842907e5f57b1d957b098d1b135f9889bdf5056c84b92cee61c8695d4068f5d56f659cc6677a11a10c87f9e603bc075d369d7efed0b7d902c86973439

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
4b8593c25e61c5ad50509adfc6f7fbe5

SHA1
c18915ebafee51495607382e4ac51d4ee2b58da0

SHA256
c1a8063599f548ec116fcedeeec9df7ca1441d932bd0052c9847c9be8fd43437

SHA512
676a2acb6eaa80ce0613fef25b3affb9c6226bfb53c51c3ff6cfc599295e947bce7e0256fced7d4ac1abf2e76ce0b4b20cecd486c7f3204b71fe079d690c608d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
df74149c56339c933b7811b37a53ae16

SHA1
c2bf2b3b2eab7ddda52ba5e3767c6e0e35e7e5c1

SHA256
288a1c1e7bfadab57e96378088a591fd8d3e9c0fb40614ed2087a487e634a49f

SHA512
8d679d5a1a1efc639ae8174f79653257f5829900bfc1b3c1db5176386b73153af875574999381bb490586c028a270595ecf8b2344ea5fd1d25186d5a3148f3ac

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5be7eb.TMP

Filesize
4KB

MD5
42ee5f668faf69b7fb847361ca4b3e3b

SHA1
27ded9eda82a1a826690bf59a2ad18de94067a2f

SHA256
4821ee9677205f75eb32d99a182ebf15d34dcbc636554784b7de2703416aa503

SHA512
6fd08052b2b3926872416bc4ddcc8348847e82356a747144482fc6870ebfd35eda3dcae8ed4d569f138479567310d73b878003f5a818c882328531f632a7923e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\e8052a0a-ab1e-4a19-be91-76d64221d1bd.tmp

Filesize
5KB

MD5
39bd8571425016c57bb7707b05d32c34

SHA1
e4a1b6d3e8c3b1190d8ee99ffad1bc818cdb74e7

SHA256
445e339f39f872380f99aa0b29b4a3b1b7906ebf92b0be36090ec3039a8f4028

SHA512
02ba5fc5d68dba31130a1994d631ec5b3e93952645816d9b46b278e99dd923025032ecabc0a3aaa40630638ace7e5b52370680085208e40b25cec70a4bbe0752

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\ed09390a-42b6-4bd9-8ce7-53aa43c43a4e.tmp

Filesize
5KB

MD5
324b7dd90b00666a77a6ee1e89359622

SHA1
0a16598447ac0a9e05447ed4e46e7a9a5346d126

SHA256
50f6c691c437c2c318134afa6bd1add3412c55cfab3e14baf3d15344bc1fdfee

SHA512
3b5bf61674239aeca5460fbef18eb75224a3b15b10fe962f458998fbba91b88cf9ffe1f5dc0c8dea5a6007bf81e3af0d24cd50bc0c6252536622ef4766403fe3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
d68363e916960e0d51a0b8d210718186

SHA1
976810d34593fecd4ffe2c42ebee814a5d7d0a62

SHA256
2078611e71bd6461e10736fb9013f8d909ac0fcf4d7b66c0923b254074f30f75

SHA512
4ef2f38936511f39d46d00850763db4bf70eb4b2f23a3ead49e2aa946154287574458683745d52a4637d787e3294bdf9617804194bd75286626776d6a5fba37f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5bbdde.TMP

Filesize
921B

MD5
e8a42ef88239a40fcc788ffc878f9327

SHA1
d05b3721058a5a0c709190a3ca9d547f51fc56b7

SHA256
e3bc147ec125114db641e0bdf623a8bd48364ce133c415d1665c96f62835b4e8

SHA512
5471aab62d5991870ffe7de36cd5437b9b2336ef1adc855101bdac03002274485a8697e49984ecfef2ee256e6d5472cc89e90c96eddb02448e374b042fcb00f2

Download Submit
C:\Users\Admin\PCAppStore\download\SetupEngine.exe

Filesize
118KB

MD5
85f2849f25944fc15e58521a52b800ff

SHA1
718d11673de4743835523983ab5e06f88785a03d

SHA256
c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677

SHA512
f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
\??\pipe\LOCAL\crashpad_3780_TAJYZPSRIFWNJOZT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1208-2960-0x0000000007E40000-0x0000000007ED6000-memory.dmp

Filesize
600KB

Download
memory/1208-2958-0x0000000007B90000-0x0000000007BAA000-memory.dmp

Filesize
104KB

Download
memory/1208-2921-0x0000000005A30000-0x000000000605A000-memory.dmp

Filesize
6.2MB

Download
memory/1208-2922-0x00000000061D0000-0x00000000061F2000-memory.dmp

Filesize
136KB

Download
memory/1208-2923-0x0000000006290000-0x00000000062F6000-memory.dmp

Filesize
408KB

Download
memory/1208-2929-0x0000000006300000-0x0000000006366000-memory.dmp

Filesize
408KB

Download
memory/1208-2933-0x0000000006370000-0x00000000066C7000-memory.dmp

Filesize
3.3MB

Download
memory/1208-2934-0x0000000006820000-0x000000000683E000-memory.dmp

Filesize
120KB

Download
memory/1208-2935-0x0000000006860000-0x00000000068AC000-memory.dmp

Filesize
304KB

Download
memory/1208-2945-0x0000000007A00000-0x0000000007A34000-memory.dmp

Filesize
208KB

Download
memory/1208-2946-0x000000006F9B0000-0x000000006F9FC000-memory.dmp

Filesize
304KB

Download
memory/1208-2955-0x0000000006E00000-0x0000000006E1E000-memory.dmp

Filesize
120KB

Download
memory/1208-2956-0x0000000007A40000-0x0000000007AE4000-memory.dmp

Filesize
656KB

Download
memory/1208-2957-0x00000000081E0000-0x000000000885A000-memory.dmp

Filesize
6.5MB

Download
memory/1208-2961-0x0000000007DA0000-0x0000000007DB1000-memory.dmp

Filesize
68KB

Download
memory/1208-2920-0x0000000005380000-0x00000000053B6000-memory.dmp

Filesize
216KB

Download
memory/1208-2959-0x0000000007C00000-0x0000000007C0A000-memory.dmp

Filesize
40KB

Download
memory/6340-3014-0x0000000003260000-0x000000000337C000-memory.dmp

Filesize
1.1MB

Download
memory/6340-3213-0x0000000004A50000-0x0000000004B6C000-memory.dmp

Filesize
1.1MB

Download
memory/7728-3860-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3861-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3863-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3854-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3864-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3865-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3866-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3856-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3855-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download
memory/7728-3862-0x000002C182E20000-0x000002C182E21000-memory.dmp

Filesize
4KB

Download