hxxps://drive[.]google[.]com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link

Analysis

max time kernel
1028s
max time network
1046s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-12-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: The@orAtSymbolinSpanishNameandOrigins
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241208143812.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bb91332e-8397-4181-9c5d-bd19ecb9380f.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
828	msedge.exe
828	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2788	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1508	828	msedge.exe	80
PID 828 wrote to memory of 1508	828	msedge.exe	80
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 412	828	msedge.exe	81
PID 828 wrote to memory of 380	828	msedge.exe	82
PID 828 wrote to memory of 380	828	msedge.exe	82
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83
PID 828 wrote to memory of 2416	828	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdfb8d46f8,0x7ffdfb8d4708,0x7ffdfb8d4718
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x1fc,0x254,0x7ff6e2855460,0x7ff6e2855470,0x7ff6e2855480
    3⤵
    PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4850300035245722586,17805085601511406005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x4b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2788

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Copie de www.chromekits.com 7000 Yeat Lyfestyle Sound Kit\www.chromekits.com [7,000+] Yeat Lyfestyle Sound Kit\effectrix presets\lyfestyle effectrix bank V\lyfestyle (1).txt
1⤵
PID:3824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Copie de www.chromekits.com 7000 Yeat Lyfestyle Sound Kit\www.chromekits.com [7,000+] Yeat Lyfestyle Sound Kit\effectrix presets\lyfestyle effectrix bank V\lyfestyle (1).txt
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
34KB

MD5
128b7bc9f9f4a1cd1128cc25d2b7b550

SHA1
00ac04bb2dda4e04e9b2572e184ea0652a1aab7e

SHA256
01bbfb7d78c01a1f511ba612b789448f1ce2c2274f820edc811068e976b1ca67

SHA512
6e6557139f39c09d6e73e5bd1b86f5e54718688c05dc12dbd9462f50043515f0a56943dc84c2fb1525bccfd0e6937ccb15716910eb209ecf0e774d23273dd59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
4efd5e55dd4d21357ca76ae3acf337f4

SHA1
7f9c0cfe855bd33f02446f89513271e9e100a432

SHA256
eb0a0d87591c71e0053a50cbecaddadc5d3f83cd0495b003764b89bf1ce5471f

SHA512
21972838b5ab3191173f3b84ed66f1b8835690519d62696d8b658441c4b163a575ef3eda7b72d8eb32ae809774ef38cdc30213e4844b2687bb5f62145c6d5b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
97KB

MD5
5035b3f3c53d02d0a91371ea8e0cba0c

SHA1
253b5fdf02980ef542b8d2be8d7f47cde25c9ec1

SHA256
fac869d290fa23674c002cee6ad4f3f57316da7563972ecf13c547252f7df2c7

SHA512
2e0e406147a5f03c4d3c49fd18cad4721e2c81891ed18c03a771584846b7545067974c68f2389fd4889d2522cfcaa189a9e47eb424f671f38d4e13844349a1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
112KB

MD5
71e4b829c6cea1fad85ea8afc4c2f81b

SHA1
90cac94547d8851c1b4ca3185e5771cdd33a9ad7

SHA256
11dd29313867b0ba33a1d07daa2c28b3e9941d7ccfdf810b46cebeea52a7e758

SHA512
d3773696fce807e490f49d99ad12e50b411112c2f841b9f48e95640ee535070c69aa6347bce257475af8f5cf65109f2e05a045f3881f54631cadb2e3d820a1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
104KB

MD5
8fdf4c3811e3b271364eae028e832836

SHA1
864f26d950d7ddc7d15aef04c9e7aaedb78de2ea

SHA256
dd88f16476f649dbea7a333a937fb1836d4ac3d17f8bf774f7d8d4226127bc31

SHA512
90cf6056fc56da4ab14666d07ef00e4e70218daf8355ae7fad90a9f99d178d6b66a8414ddcb67109a0696b37c7f8026271f92401a118b92edff9dd4abf55ff41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
12daad355d3070b91fc26375077f17af

SHA1
41e04a7af64a335b50d1583998c47cecbd0dc6c3

SHA256
03de8051332ecff87b7260efae247fe58dd51064fe3abe57d499c6f60c9d3a4d

SHA512
8a971afe8240713d7a916296c261617e0e60ea30f52e9d51c653794770a057d617031b71acdd855c82b064de465f09a351a01dca67ecb94c3089028b821ff77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
328172100ff360355cd2b550c2f799ab

SHA1
a9d2a0befdfe3a5d55ed63368c2cea58776d5c35

SHA256
b680c8acaa40958aaac3e8d3b1de407d1305490784aa38e66d45a8a9c823d7f9

SHA512
f63f7b3167565f890c1cb171b3d44ba4df1abdce7654d51a8f98490a8de193a2dc82abf9d73df842a0b94f6380eb0cb995b7d9d03d05b28911e907efcbd0d8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
2f02a6ba8e2d832cdd29d266151ff1c4

SHA1
741be09ef65312169972d02a141eb9524938bb2b

SHA256
5ddea5c6efbee578004791cb64363a93b1481b6b8c2d817842f79cfcf69765a9

SHA512
5ea1ef5e2ab673e19d0a0ff5f7acc5c2c6c78210cfba5e64c938ac5c2a134519ede23bd4215e8e6cc76231393bc06e527740e0a5c7b2fc7d5ea5ea9a81a77aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3760738ae643a3477276b23778b682c6

SHA1
36001946e79a0861099d626435c0ef286d6ada61

SHA256
c7619faf23ee6b187f36314e318c6439e216c125ca5777e6218652e78aa5e375

SHA512
30e042d1b302b8da706c819903d69ad855e6212c6b08682d85a0bbcf4979784608faad5b8afd92999ad3f830dfca38f60cfd5568a6d80cde7f3e58b3463975ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
19edac029f585d0476b06e24facfdb1e

SHA1
9224b9421c43e3ebb81a89562b9df7c7a89203eb

SHA256
1b291a26cb02ca7910376fdfb578818fdd0f274532da7d5dc27e0110e42d37c1

SHA512
14f40d977d2b3e75536bdbce7fb6ac35d327edff2d0cea04c8c525ccc216a7270f4cf757891810fab22f1c14873b2b5463ef64b50c406a75271b41642446a751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cb3a7ed99805900d97ecc40698379f17

SHA1
46827c20e21eeac19490878a45c994d5f34c6268

SHA256
406c853f390a156b599750cfc3ded01d1b3e0c24292f79953c356e573690d46e

SHA512
3f0470fbae2645300c386ab5cb9b8da06ac158d119b8095ed6709841dac0540c221611089a743611ee2e47c9b51e2f957c90da3b58df889b6340a8b576be15c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
757658b525725e57ca0ec5be79d07d06

SHA1
b2ecccdc911a4db9dc71d44b2e2727c5613894c5

SHA256
6bdd205b4898f50e09d55b5028de0786759ac0e297e0bf0afe0dbbc179adf0c0

SHA512
d94919cc4afe922d4b55bf6ce593a3065e9e2147b0671406edf975d8d6a54db74f3b011ce2374dddb3847a6f927e59ce67dfb6adcf55faea28537cb632a2cbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
87459422e13c92458573c94faae77072

SHA1
396ae3ec5c27b1c1a52cdcb32902f5e0c2e1d296

SHA256
9d15d30d406caf8a6ed6ffb77a530eb7ff56ee6f7eba126257224e2604a2dceb

SHA512
f2641a42a468cc509acfc9c03a6e4510e845e96efce045eed80c3ebff2faf1ba5180e6304e1ec253e21550103577ea54d686ebb1e72d27ea10536ad4948446a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1b0ab0631db41f675427d64a6d88f340

SHA1
4f47597b4af9967a9e39ebe0dfc3b29fc4b20df9

SHA256
226dab75e7b7d7880a3fc3bfac584425c07c8bc77bad6899846e3f76939c8478

SHA512
d688853b307284b656a64f88742acb1a475f21ad4897cc819a3e9343e73c107334eea18815b4d97223a9725d1de6054d9a24ff186dd5dded6763c0bb8741e9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6b79c0e2e8333e9217e1a974e4c7ba7

SHA1
ea8a6ecb6446c434d3de7a6783bfaf5e7d10a1c8

SHA256
fbb855e38da6003e75db5a4e4bdc4ed24578b07c690c0e16ebbfde26b3aae036

SHA512
338b31ec13b3b339ff6746fd722e4716d4bac5fb28615c6cca01e6d6befccf25a7f43a6aa07d7405846cf2275d81479435712b30bbcfd3dcbf659b9c3fbbd429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b9b42473ff976a044e8fe25994c48b9f

SHA1
7795bfebaab26b5b052fbd52ad6be52e7d011816

SHA256
5396c445594f81ae4105cc68c3f10f97203895ec4b10c14dc28cd0fa68b5c793

SHA512
6a4dab9cd3d4ca39feb54ecbe1632146be2815132fd39cb8c2c74528dbde4c8f751866130827884dcf30163f1bce44475f15b612a1770d65088e22f97ba3742f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8f26fdab0a44d5d2e282969d5f7ae03d

SHA1
f82638a97550d851192dcc440a9c812eb9e0b0e5

SHA256
93d752c6e3e9cb015bc435c274077572a2f4458eb4ab27c590ece5a374869da7

SHA512
05c7c2faeefcb7efd5a2762efad16d39c29aee3bbb271dffd6b7e519392ec70c2c3441ffa8d76e7df8e5e366750f681b06a6f6d7340ac4c6feb5d2b7298adccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6ab22bc9ad085dd55e411f22ee7b5c78

SHA1
f83610756ad6f044d6e5064db1598ee3e75f2d4a

SHA256
5c4cfd8719d669e0f48cc89d708fd95823017db33ab7304161a1346dd2f57333

SHA512
a52b71ee7590c5a2ab8e0885bebe0b6bd7817c02a1e94f21520044e8c784fb2b13b4514bf2ecac94875499f685f20f45069a88c27ef2d399066d49a0e1345f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
bbc7ffda577fe05c4b511c21c0f79646

SHA1
e07f2d07c0fd6e3924f52d8752affb512c7bdbde

SHA256
ed55ec3341dea45492e0e49d8b6847be6f854a6d1ce99a1e3a58ca9243ce3006

SHA512
1d189faf041ebfd558850004ccfe8b2d9c1244483efa7b06afae2a7abc9afcec4650186b4b25e2349accf9259d9a7d10dae902a0becf3c0a055d8e237a276d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a0fe.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e1cde80943401c29c0599b8772665d9

SHA1
7091e3b8ed200ab8a40afe4ff70354c58b9efa75

SHA256
6112b666d5162ae65caa698ecbc4ed476f7fde25b1e80a7f267cf34e7d94cd8e

SHA512
0ad7d452c8d67872f0cb53f811e1b57678f7680bb89cee4b3071ae839ea6eae4f3f2ee684dad4a987ee55c61f701d37e0df08ed691e8cb6597dddd835f9f8017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb15d5e2cf489b80093af0309427e9f7

SHA1
e3277d8fc3bed65d1e20f11bd37fa02bedcd275f

SHA256
44ecd407d14a77f6f2397d130c603db1836e85c43cbb5d9ef075a9a9efe05372

SHA512
6892fdbcf2bd77b4ba4ab1091aa908c9c5e850de2469fb3768e3ca8336c99c918d9102519015b4ae03821ce0bbb2d22759657b1e8aee6eae56d6b3e23e7185d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
04741fac410fb6ddad1bfc0289b608a5

SHA1
40d86e1af0b142161f9a54ec70ebd13988437928

SHA256
273d95f1bdb113d2e9dec1109b4381ea96eca8969748893c9e7aff57ec1e0241

SHA512
55bb39e9edc7b71136636ae8b8359543053d5d39b4ac5a007a4f6648c33ad619d2c0cd428eced8ae578d8e21f319cb9e4c3e16dbedb41eb646b8593228063624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1003c712840a1a116b40eefdd2f21a95

SHA1
23d15cf2099a87a005666c1c53ea316248c77d09

SHA256
058228c7d8559efe4e14d247d3da470904f2bbb55762dd5c5062f8a324e79e11

SHA512
0f3a74dc07d360d37e26a7656ae86d6091174b8d5551d7946d411bc7490e5221919c21b9fce359114e70fd3b31dc1d26552a652179aa38eb719ee4c16d82b01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f146b182e0a3df063489655ffe1714

SHA1
72531918f9945ac2c4b079764d08c292d07d81b6

SHA256
46433b71ae9e7577da61538232dc515298794aebf85d66405e4add01730552f2

SHA512
a8ab6b02e8f50788f93ba5a1a17a3792b99deb426ce448e594f121ae1a7851abf1a7d7d1712d587bed8d645a505a5c73ce6535e41d9bb56d677ce614b205a224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f49cc95f6403c955cbee85a8856001a

SHA1
e1b57c922647e18f5192b6530c9cc31621f4ebbe

SHA256
0ddd872063acb5d217f407148bd85fced386bc20fd62b18ebc3cc968b400d777

SHA512
938d786ba7525d8fc1b27ae40fde6c341128bec489bb94abb6d9ee82eb6b8c7a8d5dfebf392dcaa9544af072deb2ba69907e74194c4431bc3f76dc52695b28a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dc8045fe35c0ef6e31d2671db5bd3d5e

SHA1
8028e193deb675b503ea6748aa83f1bdaac086cc

SHA256
98ac761a5c8b053c2dbb2c3d31aa455ee7973b78bada63c0b17bc035134d8093

SHA512
a2dc3057878cff0c20f4c7a6821a1f28144d64e69dcece3a2bc68f7e161342221d88fa87be6fbee18b2df1f9fe2882e26a36d950e3be096033a47c4d556a2dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
585eba9d7789dd155fab223fe9fd2217

SHA1
b2c5fb931e98ab44c4c8342cfef01b759252d5e5

SHA256
32ed2690184de62d9ff9651ec094a6344a696230a55903321d98d65b3a7b9deb

SHA512
d64cb5964cd7b5cf0a1533eeda1b5cec61b3d1c122aa477acc9fc1bb57526e9ece7d6566c67e78b0190440f7c7697537a8b5fe99503da159867c6d989ff5b867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9450385407ca2e6e81e8f8d2224c8a93

SHA1
0f69627e353722e9c2958c84df469fe8f7a7b142

SHA256
3ef2b67e23519753bb9f875a10a82134b9d16df9a202de59d67716510c923109

SHA512
9ad0cab2844f5759a3e3e5173fc7d9d0d7ccdb9cd77bbc9033a45577c3d506f1922705d78c7d7df4d500615d152fb2923422eb53b8962f401deecfbd70a1966e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b653e.TMP

Filesize
48B

MD5
e4800230f91e589e48bb0e5609fd5eed

SHA1
827972773c347ef98feb193c503d92ef6c1c103e

SHA256
9ae116c05fa8a59504902de5d9742367d4f304a10c5da9f69ce647f5c35d8839

SHA512
6e2d2df7058a7a071e35a8d4a0233a5990f6fe8660ed62a4c6532bdfa126f800db9ce51a7a0421a3587f421aab221778a15340b0d3a973539e5203b54c3143c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
312cf5f46b81b3f88dc5516c210c8672

SHA1
13777598887f5ba8215b5b99bed01fd7b76fc7c2

SHA256
70328d019ecc0a9af8785fd0324ec647b590c9cb6e260aabed17c2a5614ff51e

SHA512
bd5b9f9cc4180fd8baa1ad19ef26f14df283d5c54be534746fa5797179d28cf0e928ffcffcf7f92c907e35379e30a285c8c83b6928bf8dc4d95e46141a08a3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7dba607b75ae2cf8d85ebc6ca70ab814

SHA1
ff1330a9982091589992017cd7f40c84c98f9281

SHA256
ce7d4fc20fa25700172129bf61a24ee424687ef1a3e6d5ab8c0c85110eac6a4c

SHA512
a964f7a8f139afa0b1f647592c2fde852c39a34d7a9cb16e0a0d65b31f91649f0eaf0acb843fa59fe091bcfe80dbd8ec8545732ef393726184604c1cea9a9925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e6f51c677a56ff48fab304cdcab1b8f

SHA1
783a54004c30acebbe568b27eabce989ee2bb471

SHA256
b81350aa39ff0247f7dd157d8f88f5894c073876a94661585625fc2984fb1f89

SHA512
bb7f483b69658870ae54e39dacb7497dc1fa6adc9f758c8233294fa2e6904d78f6432423cf8d6c7d7b0fffab8b75ae502de7eda13de766bf09bc44a1473f41ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab065c7f50bc151ae11ec55b692e3427

SHA1
fa053c06f246dd43e90def3995ae4336efab02ce

SHA256
2e2ab81b362be115d3eb90982b61143fd7f7bb77bc3bf0b42cbc565893aff3d9

SHA512
9015d6ec657af8f21ccf41c484ffee45983e629eadaa7a1aa42ecf76d572ace7179e6c077a7c332315b75c27b176c6aa9be1936c6b5091dd889229252386b2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b5568abd3123ae113ec98cbc1df08ed

SHA1
680645588069af67d2fca60f9f3b941bf05793a6

SHA256
ac6563455c42bd5cf7a19f389e589cc1776a39d5f3755f084f339620e7bd96d7

SHA512
184998a0408c731ef95fbd4c17a9ce082b0f4be449660863e08dd63889d1ce62efd9122f11ca13e77d663541444dfac5297dd536cb72e262b4c252f99914bbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0461cc9f628645904dccd9608150c5c5

SHA1
b7878bfb6a28a660d64e1cd54f7f560f1c1cffeb

SHA256
6e4220faff7e5caa59254c9ac6c8112c876d568a704284a7f35113228bb9e8e2

SHA512
1ea9b41b3cac6793e2423d1844434b9fd8447150c52ab72c2f39b2cef5e1d2e240566363170885ff1ee9b327bedbfd1068ba59ff77c4f7b8348dbbad31ea5f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3a53d50a0c7acb3a0a32d43d190f80cc

SHA1
9a20b8ceae39629a5cf7cb2b6aea19a7665e934c

SHA256
559cf72b1aaa2d57911bc362b5b11d118c39fe1cfaa09ae1a03e51a780bbf83b

SHA512
9694f56b80c1509de3ce837e46c0063a46e9fc28471ae5deeca4aad0aef02e93f18bb53906e54c0629276a6f383f73958b4ca7111cdd77222c7731d27affd648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c82e3d010029547c9b3a038db6acc5ef

SHA1
c45693c6d91f8b9a288247dba5068c2c45cdeae5

SHA256
b64f27ed29f3cb1f2a5bd96a87c34a9a4838a47917970e2ffb95549744a5fbf3

SHA512
63d89bde2710aef5d0e2f2d07c8b1a850c69de97f3655ee3e87268b8887eac7092861e1652e4e8e62fd8c279d2efcbae54154ad0a5c148a8d7f95ac19961b404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2045905ff6aeaeca27b5a2fe8b9bfd1d

SHA1
1613dea623469d124a779d5f0ec31dc696f70825

SHA256
270bae6259727541a253501fdb177b8cfe202cc8ed2919a64c64498f3f409704

SHA512
c6f77568f7b48b549765bb40481caf48ab7b01dbc5ea1bfe90cadb3fde0546810d9467849d3b32cb07359e542a3cac0b2d6a0644d0f30e8b90f98a6c04d3f377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8732be42aa059d4e4d2016125104d73d

SHA1
ecd1536e91bb68c031350c96d309cacc2550b388

SHA256
1471366b1ca3d6bba9a89900a7e9c9cd689bea87f2b55dc61a002f91003201dd

SHA512
7c810c93e880b2bf284302d34684f0991ed4de817191fbd5d3a6151032256354d4b33273238fd00d75c4f514fd523e245194866f77eca38bc57a341de21f2abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a31.TMP

Filesize
1KB

MD5
d161a917e058f277dfc292dddaae7bbb

SHA1
b54c3e65b9eed52e03285cbebf941c884403edd5

SHA256
a5ff3901264db118555424be2a686d45e49de32fdc48c7d59b1747d8d734c67a

SHA512
c2c1d32f5f448958b85c98f4812a2f078438533be5d09518e3914de695084a8455010ca63e661241520a140a6f06308c61ab599d1971b9529530eb0871dd1e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7296f681425b37251f75343cd2862273

SHA1
7525506582270c053c1deed3b6a8fd19e857394e

SHA256
08c4080880a909ff599495fd59e16d0dc12af8d7d69f62deb124b3f28d806072

SHA512
d6bbfb5871e4cc010af1c2f797a68933f6f5ca0520b273e9e6cd637e027178e246f3f88aee1e4f4d8b1976356c81c85ee4f5a1c7d05afc43091b46663f0d22af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c922129f9a839fe8e578951b2499bd0

SHA1
32f29afbed60e9bc97c69d5dae346087601dfc71

SHA256
60e0786cc67ffbc748bda33009fb15364065bbfe9661f1a51b6a64122eeaff29

SHA512
338d8e83dbe87fe8a9d9eb4cf7995146c2b5d1008f460cb5f49c2c9d53054149093491af81b31091d6cb449247389f357465757b143954da2516996a8420b7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5738dce6545d135ec9cf61b8cebf45a

SHA1
49b9f14b64985e6e8e8b8268046a830337e10902

SHA256
973602d691f1edd9c400c1420893c88bebf8839879d505dc51c92c90e9d28ce8

SHA512
4ba211659b62afcc0299bafb2f26bf781dafa2efa342fe22c498f5a8d21442d575971805f3da6b659a1634ab01ef222a7e75e8fcf88b3573492d1cd94e69d441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1d99a6af1c35dfdca5f9a0756fc62cb

SHA1
03b7cb1a6612f9510f7b5ced4c4df612a82ac86b

SHA256
36e98231cec6373a7144822d3dd0544cc4bac88adb2000691d820821f91649d5

SHA512
87935d9eb60ca29b5960bf941b528c9bf780f5f3b6aa6f0de6c2938ea09aeda94a5926e6e6d49e81f55aa8ba233b06d89bcc496e29c058b1bf97529eff5d53d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2ae792d4c425de09a2a1a650d972f99c

SHA1
a36c03a2f1dea2319e0893faf0f91e1376439c57

SHA256
eb568c51646b85b618b979d6130769cc6f8005e796905d2e593e1e8187ac6b4a

SHA512
9ed48a6ff9727200c4b4357bf2aba24efafeb272b0201c854ab2896e19e79dec69e1d63c2278330da2482c05751915764c180d029e668c9fa7650b918351ad6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f00c191eaf7f77809d841c532527c2f5

SHA1
731bebf87fc4530d0a3d172df02a2521404b8ef2

SHA256
5b69a429d66286437b8caaa2387ce9afe67119ba9fcfd937be5e81451f4573c0

SHA512
9a7cb9688958485660e3e1492e96d3ef112334f8ad10cda23202c6d2b84430fa96fc187154a3d3c598f597cc2e91bb78333a362e7744b177c886b7d4c2fd84b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6681fd816c0ade972b0ec53206cf791d

SHA1
6add5fcaf07b5dc1ee7cbcdb87fa6abb9b8f4bbc

SHA256
ae8c354945c737ee1e2c875a2cdf2f613042c22ee48fe604d376595200794dff

SHA512
2d1cbc72dd90baa9e87789fd1670016addf2550b349ea87b57c16b6d643b49e2149aae87dfef173216e233a01ece4fe11c0eb3bd7da65c33de3afddec9f850b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
5e90b0b12b7a92439c98d238de220f15

SHA1
7c5f96e0f1f1207ba666b4ff21752193b44aacad

SHA256
74b935e9d24d3f7692b80e66fa185e10031301dfb7c4ad6488fe858e9a276a22

SHA512
ee9f27f44a831fafae2e4dbcdd27ecd56f5d7564d876b640baabece2b8b5aace353d53426a73d7aa3a98b2a3741c1e39bad50a30b41096f7b1a128888cf11f95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
582316d267f431f7c5626a99a33256f5

SHA1
1d1eba4b02b487c60e1b9cf3e7abc5b3c1fba09e

SHA256
92072bc5f4ee0b82120814996665c28f21305db43c7177e0934212422623a19f

SHA512
cfad89ad9dea151b30dd77bff2991fa74d345e980758d57e69b12ac0d58123e1e34ce4379c5f52ceaab99886586c85b8647dda8d78c0fc74c0be8954d3e902c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0abcc5debf4e4d9302ccf6c846fde9fa

SHA1
4d931aaf4e1b753eb8ebbeffa8f85e977620604d

SHA256
ddc76a14118b13b56df60ce55936b586169c1c14b500a34473ee734680f4fd21

SHA512
c27a5253f326c3c8d4774b9e724a0d8a8cd30069649ac39d8ecde7ce5db785423cd28cb8b16407e5db0f61a4aa3f322df8e62de7cb807ac0bab50b5886a632ea

Download Submit
C:\Users\Admin\Downloads\Copie de www.chromekits.com 7000 Yeat Lyfestyle Sound Kit\www.chromekits.com [7,000+] Yeat Lyfestyle Sound Kit\effectrix presets\lyfestyle effectrix bank V\lyfestyle (1).txt

Filesize
55B

MD5
5bdc926c34166ad49a9138aa4066b2ac

SHA1
89ed0c1419f8c10fe76f5a5836a33cd53b967671

SHA256
e2d54f17cf1b779de4d7c6d16cea3807822de3aaa129f29e469b14097aed45ac

SHA512
0c73d76baa3ecc3435f101ed41a0066e4e14f737c39130bc1130db9f5f29d312ee945ccf5dcf2610696b0ee6dc131292bbda2adf8fa892a9157b71ea75798e05

Download Submit