hxxps://blox[.]link/dashboard/user/verifications

Analysis

max time kernel
411s
max time network
415s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
01-01-2025 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blox.link/dashboard/user/verifications

Score

8^/10

steam defense_evasion discovery persistence phishing privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: ^zT3pAzKttC{@p
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 2 IoCs

pid	Process
2060	EzExtractSetup.exe
4332	EzExtractProApp.exe

Loads dropped DLL 13 IoCs

pid	Process
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
2060	EzExtractSetup.exe
3260	regsvr32.exe
3488	regsvr32.exe
3528	regsvr32.exe
2060	EzExtractSetup.exe
4332	EzExtractProApp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EzExtractPro\uninstall.exe	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe	EzExtractSetup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lz	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive\DefaultIcon	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lz\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 686442.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 689505.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 152620.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4376	msedge.exe
4376	msedge.exe
4568	msedge.exe
4568	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
3528	msedge.exe
3528	msedge.exe
3504	msedge.exe
3504	msedge.exe
420	msedge.exe
420	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2060	EzExtractSetup.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
684	Process not Found
684	Process not Found
684	Process not Found
684	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	EzExtractSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2780	4376	msedge.exe	77
PID 4376 wrote to memory of 2780	4376	msedge.exe	77
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 3656	4376	msedge.exe	78
PID 4376 wrote to memory of 4132	4376	msedge.exe	79
PID 4376 wrote to memory of 4132	4376	msedge.exe	79
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80
PID 4376 wrote to memory of 3496	4376	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://blox.link/dashboard/user/verifications
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff79e03cb8,0x7fff79e03cc8,0x7fff79e03cd8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8800 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8804 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:1740
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2060
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3260
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3488
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3528
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
    3⤵
    PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8516 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8436 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9876 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,307097375266633848,13009389562275361333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9884 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2216
- C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
  "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe

Filesize
881KB

MD5
3b67b6026237810356f5aefb373d2b15

SHA1
1a4d565f81195adb9c048f8eb7fa7d77018ee3d1

SHA256
554ef8f1d2b201421a53dbbf897fcbea20dbba9d6e8fa881ad0b52be60c11f5e

SHA512
4e4a7445b1580c2076174c336414d5918a3fc0afbb13d56d29bd1fc18ca114affad1ced06fd52624292012dff2b95a76b19f4e3f9940c2d9a333c290a95d4641

Download Submit
C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll

Filesize
1.9MB

MD5
ede6796697abfd295b96322048642a69

SHA1
d0e7aaa407c4576eee42032bf743e9194a9c21e7

SHA256
6f9b0b8e8d1efbe25b81b0676a5902ec97aac1bfdc84a1a2d1b58659eb44dc5d

SHA512
88daf23e91c542c7348aa5c0fd16d382ef2fa95d7d5f91a4d5e39cf5d5b361eeaf4f33fcb43a71b52e4cea20c2b9dcb2b4e909d7ca3e5ab0c6d569f672dd385f

Download Submit
C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll

Filesize
167KB

MD5
968e162057c49c860813e465bfd3c2fa

SHA1
78e5b2e365a3cd7bd3f7fc4dfd9991568ee2ec8d

SHA256
08ccd848487f570175e3c5b8fa70b04ce30e3afb9f43b4105180e2eb079c85c6

SHA512
5c41164239607fd32393742943e588d461b8a1d276d9e8142929aa7a22b6f5a82a723b2fff0389ed84677cb9ea9cbf1d793a66d27c367b8f7b9909a242f94eec

Download Submit
C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll

Filesize
126KB

MD5
24be51bce468016e106b55b19a2cbc80

SHA1
c7e18c81ebe523a1fefd845c9f9e09b881fccd11

SHA256
2d3a1c7e0e6256344648a054bc5526d4804538fef9cc87efab9edb426bf1f4a6

SHA512
697d736f24b8e28db98885ad248048f43d6bf26237dc0e9651d37810d992fb2482cfd23a26d10164a2a30ad326fbbaca9390730ec498972cc91f673b77756859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3e1bdcb2b6c03c832a0c62522e6d18c0

SHA1
e747c3657b8ce5a86ede52664ddb3ee939cbf676

SHA256
bfa9f32886385e6747ff722c002778fb69ffb2fae8e6a5b82974a7bd370bedaf

SHA512
2e14e77c43cf7e5bc9e3675f516b044c5adde9a0a2a8b40b575bc5e1b0b9d1c1fb29d7d9b992837cfbd625005405b61a61b82da6ecadf6d912b152ec89c5234d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
239KB

MD5
5b1a50d32003745b1a936967b98f11e6

SHA1
fbe602b3997dd91a54a9a6578b2f5dac7cf50280

SHA256
177717c6a2bfd0ed22a2d249ad621321f2b901f0fce4dc118ef8e020d80d8d95

SHA512
6c49d6db209bb14e1462e655bb7d90b02750eb2ef6241110a97365799b8af2ada372b3455396ced05ecd9ca49baf007171d4a72a7b219fdea4afc16c43b7dac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
34KB

MD5
e85ac71b59dadc1488a1c888db91c5ea

SHA1
a4aa7fc9226bd867a978945a27fd78a0a82cc994

SHA256
7441da6812af01a6eb9afa5d602986b233a57700cb721343b0aa9830a15def0d

SHA512
2b4d952a258f9001c2d8a42402c98788759138669750667524df2031d3926e21836b037974ded859bebf88fd9296791a6a2de65561b8098f066f9cbb8ae719ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
125KB

MD5
e0ab8fe313af3214e0555d02982814b1

SHA1
704b4fb8c06d799a592b5c3c0c934f1a5020a82d

SHA256
ecfebe567c8b1452e47d6a2ea9d2e300082369e84d507bb3145a4b811e26bcf6

SHA512
a034c77a16e1f0baec0dae48165b2ff5e4edaa446efb3c9ec1ecc9e9f189fd6d183651302b2950560db2f79d37f103e32e6af869dbc949f5de879938b7275103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
337KB

MD5
2d873add5bdd1f1d0e5f7201477d5773

SHA1
d20b30cb317ae3bf5a96a198cdc30e9cba1d40bd

SHA256
b68216be9af1f95c43ab197f125a1e4fdd906997c47bce8188b33e4a664a9d22

SHA512
45867f6bd7aeb95d380aac3915992b614cc7029843d2c346b03e0a51b777e04beda92cebf3167ee332523259b21530cda4b1ef576051ea23ca91e2ca1a64e240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
24KB

MD5
7418012172aa768421d58dd355d161ee

SHA1
59d544071c9e9989a184fd9478fb2d9c7b2e311e

SHA256
20ed5ba08f022de75d81c278a9a1660119161d8790202828035b67170ad1b68c

SHA512
c03e139cbf2ef9eea21b6d615810ad7fb7ba55c49fd22ed19499acef2401be964986b2bf5ac48c3f8a64f7e0e049da1ad0f0f399e12493c62ec058ad02df61e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

Filesize
30KB

MD5
81182f4b684635f6bdcbdd907ee66f25

SHA1
a1f2f151df72ede41397c8131bd47a3ce85575b3

SHA256
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

SHA512
7fa73f476b084e15f6d02189f2405ca6d8d7b12604304fd4a3aeb71e8ec3e42dda64b062faf270d1272fac76b606b2e34fe0bc1a18f518f58b46a4162af17691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

Filesize
79KB

MD5
191c43ccc2ce620a4b61ebf8dea634f7

SHA1
2d4625f80e473e2b6fb79de43a4683b2a4c2c30e

SHA256
fe2c52bb5378eaba240ce1f3a2434b6733542950a13f545ba80f5470ce4294fa

SHA512
d554b4bf07142b185ecdc8b8434138b3e2b4731df6c2f92ca9a155c464bc7698257b31551b293f16d2d58d54d8557a0abff7176715359e061e62d64db9ea2505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
107KB

MD5
03f0dd539c41b3610aef67e7b55738f6

SHA1
e20de08db67957d25122f96bf344f684a5210d1a

SHA256
5e5fe4c66cde75479a6efd1da8386078e55fe3eac6547e67c27e76a323c0f0aa

SHA512
8346e5bcad1e2ba2f14bfdd80ec01f0dfb3f3288e3c717443ac340e1c41c44f55bfde56a2d12d8f32151b7b4d30873cd355dab6a309071e207f0b089a21bad0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6

Filesize
96KB

MD5
14187ac4dc2a3e99a0e981711e92b3c7

SHA1
26632f98edd938c288ab89685c1f5e776efbd757

SHA256
b465109f6adb7164752bc3a3da85b7b50cdba17bca5ae907ce27875fe7a59729

SHA512
bdd3216fc7f0cf5400edb4eb1cb64b25e4d62666916c4b77a8148d9a304570d3d6bbac9cb584ae4e92963ff0d645c666c4116957569da1802508af2575c7ead8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
3d26cacdf2ed4b3e02fe08670ba5a314

SHA1
75c5ef597aefb7aedf688dece8fcd56e5c90d1e9

SHA256
d4ce196a0d07eaa35f70d5b146f5f90d6a5417bbe9e8e2d058ad5729f9aaa515

SHA512
2e88f9109b9486976a2193d39670f7e555c296c325e34c635dd305d9925f0e93f308a7f7b1442dc473185960b568302b61bb2d1b8e23c1e51f8cd142bd14d806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b747b845aac3f645acaff5d26958f565

SHA1
2dad57a4e56a2336d75c7600b041692f2c41d741

SHA256
b30de8ffdd4eea0534a0b8d695e7effd12656e4fd5cb299c056173fcc24c6ac8

SHA512
8e77e4acc7b386b87e37c4901045898fc7ebb2b1bafdc035bf1121a4722a6066db43c8d49c12fdcd381d6974c8f8cd6dcc804bc5557e244d6e2d2f25b65af208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
12a4014e6e89183f14f35c82acd8e155

SHA1
8fce542a78dd3463ca3246411c3a26d0a91ef740

SHA256
bfbcc22ac81453cdecd134f6cda2433e2e038a006d4b4e14e39dbf50b1195a6c

SHA512
adfc082dd1cf974c4e0a0dc3eb998722db91455087e72fc207fbe84bd9c0f5f6ee3d960e8cd0fca0e6301f524e8b3a2c82ef925d35f57c4863eb256e08e8216b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e1fd1788ffde1ccd861d3718f91cb918

SHA1
406d714c808defdd74fabda436d8bc5dab4986c5

SHA256
3c622ee3355bcac69da13f2f59bbd92956844dece2e0d1a942d9d1b941083302

SHA512
66868535bc876c3b95127242afb55cca4a5fc9d466454c1c7a43790294062d1d8760112a2718e36cf4b942362047e0fcf58b7f51f02687d443b817cf45c58e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e5875a642ede1afc6e484ca3e3ac620b

SHA1
9c2b0b9dda9ce029eb36df7c1b7b0b81d59ea690

SHA256
eabcbec0e8250a67a3013179b069b5828a45f17d2306ced9e58b10902b564524

SHA512
170474dd76f555a8a38d2ad36b94e9879a6cb96bda781f245d1a79fb5752ab86b208ccd95f23859f301a0043e64152fc0fcbf4b4c6ac553e9c3af45534e96816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1e783e9bdf5581307c9366bf3bac4fdd

SHA1
5e80974fa3582a4ae8aa68c1e37aa36fcc04c8f5

SHA256
d40b2d0761db1ff79477aa38d5d8eb44bd1d09d0cc6c20696d93b4d2835d2cfb

SHA512
5ab41e3243fdea636f181e5de733e76bbde4240435135574bfbaacbc4a89a316fb95d026afb7334b1134f0df83c91d4f13dd73551f8482a03b4c0e761cab7547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
883b0847bb8421178d52bdd959455ff2

SHA1
aa8c71ea8cef313553733704c2412c6e2e8f06f3

SHA256
220d000c979caefe7bde4f1c6c2fc9aa16c702073751d61a1e4f7784d7aab2ad

SHA512
269bae120e91567c3a06354d537a36a4e77a7435562f4eb0a36166765305bf29780674e95f67482e0a17cb80a77637c9f9f69e9b97b85292bf6d2dad2a0e16e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
7bc377d34accf498c2576674da72733d

SHA1
3745b2769ad8bd83ca2e5ed063c3f12a5361f31c

SHA256
4866d7ba88c4d276abd0a45ee72bd7b84b42baf889e87d2cc322e041deb51d9b

SHA512
d41aca6f0124fd96d273f61b5f73528a94343f2ac35c3c31528949873b7afdfc4006153a14fb41de99ab240f85044767e70ed60fca02a7a11822d00d3e2aa35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
ea6e85ba56d461595598fda922e7d029

SHA1
5b1fd4fcd7e9ac5cc8d1df8208a391e36308755c

SHA256
16938ca9d423f508496114379c25c0fcf296a51ff19386e2dab10accb48a1665

SHA512
b3a1cc49a76c116d13e775d4bcfe74fa3eb52fcbeaedf63254c981343d35930c389055294f26bf54e0da160bbe69e83d3616c1f44087d8e664ff4e4bdf6c3c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4ef2f1777555835e19441b526752727c

SHA1
518bd9d18af5b3b723b587dc43ae6c7e7ff2b1e7

SHA256
856297f8465d25b81bb709f34ccdca0c27d444de33805d48a9ff2d9ca3d6791b

SHA512
7d1ab0228dfe36802a60ed889677f8513bd061cba09b12abb40d95bee2e3b6142b11add6617f9a487d4f370a67a5e53ad75f258caf8650ce4476aa8837a7f38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
f0fbfa3c60744cafc7af2479201e6e05

SHA1
646c6882ccc3079073421aa58b6583d2ecaa59a3

SHA256
5d7046c8abbb2de46773a5087cf5ffea5e65cee934ff21d6f1e96267e177526a

SHA512
a6ce273a0981287f8e509a1ae2306787dc804ab61e99b1a1a17c73c3daa109775511e4fe50fed0761e9231983c5ea8e9bc3ba15f8735f2b7c975fbeeae451362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
14bae5c263a2840bb4cae5a6c322d9a5

SHA1
23990322fac913164d9b01f9aeeb3118ada409c2

SHA256
590dd77d0e1546336587692a2b10f634cc8c1a64e462ddb8403a4771761f5dac

SHA512
ad54b5bc94cd966bda7e538f9b953b3ab2f086cc68878846b0f1dfd1af81fac483121c307888875d837656be3a3fa43b52a1c7aa82c198c449a617950ca131aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7ca455356af622bc8eea5f6cdfb4f9cf

SHA1
dedf0b3670a40ab0c124099b016d31fa960613b9

SHA256
2c70b5e2e2394a687a02311b93fdde9af4ce30bc2b3fc7b56c5ad34b4fce47ac

SHA512
91d89f76dd8ab0f698b96a48eab2856c18c86f8fe82bfd65c2910d5c134a69425a8dd09f21900266167278af2604c9bffbd108ee440ed335dbe8e590828e5cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
419d3bb3986df186c704a7b266ba521d

SHA1
44413a3dc5cd65495a0ddb50c699b8e7a1929b35

SHA256
069b84e51f29bf17a7375def64ea9839843d2fda1a7f400176f3bcdc45ea3575

SHA512
2bf10e301ddf5ed9d964eab1450a046d30c58fb6aea696b1537605978aaf5e4d7bb17b8868bc63e9bf45a81e6cfd4c7cc6f53b0192edf2fe483ddb3f6bdf8292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b5cc4a65340dfaca2035d2dd5c580b5a

SHA1
792ee375ec878a6973a1abbba1adcd70796e1952

SHA256
df38c76120c9784119b3bb74a2b6323e00d64d08e1a0a8c03ff785f86aa3d4d4

SHA512
7ec0a7232afce653b020ae2539b86fd71420605cac4fbf99eb9a01d11d428534e8b3118ce72e2f6bacb3f1b651c07d5395c4409eede6a6473e5eec0b73bdcb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9e43ab7812c87a425db0ec06c47416a

SHA1
4c06135fd197fc2a1ef2740dfdfb1b6cb46202a3

SHA256
bdbbe9e228c471d262230dcb880565f796cf4d4c15dbef1a1f9465e4dc0db76a

SHA512
8f9644c90ef488dc2c81c8f68dd42af054583e582669d5cd4763e16a7df0a867fb168b5b3b021ace337eff9e4dc33c51c0bfd71b65aa40fb7545076e7206fb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aa514bcf2230aad67c52943b9e57e063

SHA1
22991ff2989e5f8ce3170118c05a342b4a96f6b7

SHA256
6d06e2a0d0ae5b66c4d9e7b5ade659506fc49dbaed40e84eacc8a909a8757968

SHA512
16c7d97ea2610bb7389b9ee85f7ea7177c9310f60399a720965b1d5993a241c7f31e69a48f31a85377f27afb41de2b926208125817b00b513706ffa76574190c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ace68719a1f670c0eaeb4431f2be54cf

SHA1
05377fb4c976d9d0253d4c51408f4670e0af03b5

SHA256
50f9174d39902bc203bfce30d7b6224ada78431785c3e5b0779822ffb619a949

SHA512
840abe0f9281306428ca8a04b727142758f6f2a137b7a909cb9b2d829a5f37fea347f24a3e1a8c6a4e272b8d3b8a34ad32c57852268d2f7f1c3887f9a36cfd9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7c7c7d0b1e38229e89b40f7483fe1132

SHA1
b231856984f4c8fa02ff578b10fb2abc0850334f

SHA256
e70e7741a5a2400fd70cf2ff7bc3ecb56b9c6d19c6dd7eebd09adace7fce3baf

SHA512
c621f09bbc8c0d7dce20ce8590a78661676b91357a22506c310a9bb57a4cbff3faed22e9ad5218d2ee2251e2c3255dde267c00a2b810f68a9e5d90ba858ee865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9c8e3114536306710b8fbf51ccbede31

SHA1
6fe0f90c3dadd778fcb84ba4c67ccd5a1e18162a

SHA256
4f03bf9f7b31f68a071e3a40f1bce4cbd5139b732d1d0f43fea4b5e1f5fa1ad7

SHA512
2bc23c8caf8cb8e31d6b17e2bc88b29333ce2d243f1a1de237252107f2d92f53ef7bcfca29099a06784ad755463660f17786c591c26eb6ae8fee80b641929050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
53ed72710e2c629c6cf1c26019e251a4

SHA1
64f1cc2b10194eb24734e449b67aded694f083d7

SHA256
a805293679da573aef04f7a289dd1517808d59ce4560a7607995325115ecb93b

SHA512
b598f4263c10296ad8132f868845154ac6d2986940afe0a188b3b0d4afe4f2e2d60a399b21b48a24037d80a26421db3241a96e7bc3177bf201011c4f155d5348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
151256f6ace8cd3c367302795c6cb8d5

SHA1
8ad9febf5daec4c6753008b18527270599ee1d14

SHA256
623aa2917d35f634e50d609304e6cf00da47e9f09bffb66a327dafa05664ad9b

SHA512
014cbec1d3b122f018113996a7558d992120d70ed882ebdb96ea041f9b2f133744b0ce6393bed1159a35bf473de8ff3ec6afad91e6b18ad0f93cd6cab71c46d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ef5e10fc30b9dcb13242181570225594

SHA1
8a196db2d5e23e719d55133117aefa0b13b9bda5

SHA256
55bfd0a86cc0cfb16ccfea9d71c900e4637ca7b4bd9b26b3d0e06521616afb8e

SHA512
4e6dcf2d6fdf2f59497f408b436c3a04326776da0a0439b62b052eb99198b1853d5b367c985a47dc3cc93de08b3178584429ea82086f997ac5e3e2956a953c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c8d5a8cb303c8a4b0fc037e66e217ca8

SHA1
a7db34480b7ad6da199558d7ca652d97e2a18523

SHA256
fd183d737fa88382789d3e82cc96501ed4a9e90d60b6934608ea703525d2bc6a

SHA512
7a7c0bc5593fdf50572ac6e22d3dd53fa73c203148edce071c8e858bd1b5836a979d612f2b48f03bbb617b746133d4d5ec45966cffda00aa22ac3e5350ad2c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\09f45c5c-94ba-4cbf-b158-5d0819464808\index-dir\the-real-index

Filesize
2KB

MD5
0433dd4bbff665b79cf78ada40933743

SHA1
a83291e9b2f6ec553d7ac0586918f8acc6b58eb6

SHA256
20eb15df8d75aea99deb54e1f19e12d45d3cbd9e9ff560994b893f42e1abd969

SHA512
db2859caa0616147f5a8f2f1c1017b670b9493df2c97fc890aa77b7d80d33ee5beb0ffa4e11505019832a850bf6d3043ed35a798d664b95e785654746cbe9b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\09f45c5c-94ba-4cbf-b158-5d0819464808\index-dir\the-real-index~RFe57e6d6.TMP

Filesize
48B

MD5
36526be5bbe3cd199066c5c970842590

SHA1
8efe35017c7a2cb011f50c6330a0e40877fedfcc

SHA256
535516ce408f306064d7f96fa6fbfc55150efc9945c292149ba117c4306d7bcb

SHA512
47baeaa33d1a570293d95fb9757eb3440daae0910b5c7e0c858fef2cc97b4599ab5007dd6973fed384549834cddd13fd3fae315fb2408e244e762591ea0bd5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d963017-b2b5-4eab-bb6e-d7c9429354dd\23f39acc884671c2_0

Filesize
2KB

MD5
fb0c06adae6fb8d96f21d567e2abff8f

SHA1
fff3fcc64f1aa1f4cf44021f0a40a2b41f40257a

SHA256
d33183b29d894190ec57881ec734a0055723c0cd2ecebb741911ce62f558f789

SHA512
7da95c08449d5d7547671bda3aad11771e50cf5242ca3c8d53041567ccf98531c68eb7c760ad316014ddc3962ba9ac86996319da41f2b92671c93ca4c8c8e78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d963017-b2b5-4eab-bb6e-d7c9429354dd\index-dir\the-real-index

Filesize
624B

MD5
dd139a1fe42c5e0a28c5309f93e2a803

SHA1
b410c6b7acbb8d1bd54dbccbb4467b56ac393c0c

SHA256
ee1e2fa900ce43ed4f5a95ef70554f758f67f04f715635ed74dac63cadc28d45

SHA512
f093cef0644c3c4debfebbe4428699ab131abe704938f371b27f3f7f8f40bb52198aa1985b581ed1c0f439733d31d2b3e6f837140d7180f167e6632bd710480f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d963017-b2b5-4eab-bb6e-d7c9429354dd\index-dir\the-real-index~RFe584021.TMP

Filesize
48B

MD5
e88571d3aec8c077833a2b803a8a3023

SHA1
aedc9882b960467ec8f34bafb091b71241af1072

SHA256
cc6be396ce2ed6a3c02cd68e00b9b970bc866ab5a95886adb804cdc4547a1d4e

SHA512
71e4d33468c19514163549d2bd247705d5743afb6255532bb8ec28d3e039ceb3a71e483bfde5cd86072f869e9bc6d778cfe7d7fc0222ddd4468790fe712c770e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c48968bf-e78e-4b70-8a6d-4d349c1f7332\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c48968bf-e78e-4b70-8a6d-4d349c1f7332\index-dir\the-real-index

Filesize
3KB

MD5
f3cbd72e47bdd663bdf23767baee7df1

SHA1
11c18a2009fd540d11d979164684e4399c9e59c2

SHA256
42a123f91289768237ce0103a29fe1db45f195d914f38af30cfc70eeff984918

SHA512
f164a56c32260ccd26345ac4095d0ccb4edbbb618c39a076a6d769e186e98c9c0223bf1a37b250afa2663f687d49fa28bdc26e1698fc8f2bee89cb9f38d17f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c48968bf-e78e-4b70-8a6d-4d349c1f7332\index-dir\the-real-index~RFe58b82f.TMP

Filesize
48B

MD5
1970138cf13a7bd9a9012861caba9232

SHA1
019161d0278a12850762613d8bdd1c3fff6e68fe

SHA256
5cb87d4162610c43bddc8ef9ace2b6aebe67167b86a68724c0bf2a1d8471a8c4

SHA512
22059f7b6b2c2b72dbd6f5fd43e40b56393a9906eecfc988763d012caecda0c5b7f948f6b3e55f742d39f34109de222db443e02990ae4a56fec45cf585458f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b0a50397ae698b29e93ea9267790212b

SHA1
e3bb89ce9b957bab9715187ad809c3ee86ceaf4a

SHA256
bfbf0138342671f6b28e1b3ab9a4867a28ec2c47d86e132d8ddccebad13bb52c

SHA512
fec53e37fd5893f31595566d627bedc3cf94ae5ee9569541bedbbfd3cbe3eb6bc7e5777225fafc6d517894efbefdd43d1ebaac481e51733467c9ba7deeabc7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
4b5b90c466d56ca3b723acc1951b825e

SHA1
613148bc13a60b98b40b819cbd3838427641df45

SHA256
3081d87d08b8810aa1dda50448dc136d7556d92d8de864cd7dec58d954d0e0da

SHA512
59c80eb477d4f1b9ed82cb485b302deaecd50e2ba66bb0465f5ca1e3babf593609ac8940af9aa15cf50ad88aa4873f4fd9ab7d470d970b63d59778faeeb8eda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c303771c6b141874143af81f60dfc05f

SHA1
d89fea6e32284c304839357330b492ba8d83771f

SHA256
c172709a5c92cb87ca1bb725343c1fd4ba0e65d4e47952050bd1664afa7c046f

SHA512
6b2838450480a0040d69ee2c00386f9c3ea0583699caf08463130b62887b6003a752a97ac6d3b6840b8a167c065b7f128a66397ca0d3ba306c8c5ac8472b258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
72e3a2469e4d9b5427114596492ee5f3

SHA1
80efaa7512fc9970a178fc54a5d85151e4b2853a

SHA256
7d18de2c722637ba4e0e1a19988f441fc6eb467c26c5a9ee824b97053fdee4d0

SHA512
59178df37789751a04417b3920605d2bfc014f5bbad692e0425f78d3f3289950f7b75f15be42d12e33d4f204428146aa1f73f2d33fb6c9bfbd50fd19840ee7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
156B

MD5
30a48d9b1cdc86a84ab526f2e44ea1bd

SHA1
dcaad0aff8ed4439f300e92065b74c23fa78775b

SHA256
3c0eee5902dfa7563e668d4e458a337ae59f1bae6a45b463648cb04e19c34213

SHA512
caf554f0edc47ed19d9553bb47049074502921e6de45d04c5214e5f9209a18d56e574de7f8527dcd9df685f39f64760aadb54e2066f6b08db4c6f636b397c99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
1964058407ed006643efe5be10191f65

SHA1
0ebc67c1e8dd70a4c0049a2717490988a1f96233

SHA256
c6ff983ce0b623847b02a0b9ee2d582f420d436558884a278a0c994a714c104b

SHA512
ea2f96ab9100b476f9154c02ea3385cf1ea05f6954af0b4311047853f327673b4dcccb72ffccb09f9831f535364bafb282f765ba70f45348bf7b742e39a48179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
43dd1e48d66517b4b37f5b3a72121e1c

SHA1
c672b81b188235486f6d8d2ff18e3832b052801a

SHA256
b5d5e3688c4dcf007f22aaf23ba0bc12a9b0767567923fd0692888ab84fd4d21

SHA512
262b606bbe0920d6d1bed26b07aa0795a5d0750d65324d0ddc8e50075f48367eab9d6a41913c4cbcca2b5109352bd6fdc5a001bd6992d042c101535eacfb2e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
1cd67295f01a29976fc1c807f067c43b

SHA1
e8e52bdb19c1c0153ef20af7f12269af787d714d

SHA256
2b69ab06d0099a926c39792c9e0f9eff0d98e2483f341fd4288ba92e284277cf

SHA512
bec250437da7c9ae9cfd6af87800386b490188778fb06176f47a053d4e8df1cb32cbf32e84ca6ea4631b453a13f896c6453ef2ebc0ad8be25969370daccaa5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e80d8cdd9673df82822342f07794b85f

SHA1
e43c70e9a5cbdad8b75ac068b23b4bac744662bb

SHA256
e3df39d0d1011d79e5eb8e4a813a8cb7f4ce0c2d03f05710ef6ba582c21590e4

SHA512
72d31f615265881d7cd618ecc55a8404dff35cf5398cfc95595faf5b8bdf85faf727f837d350262e94f46faff2d264dd2f677cc955809c251cb8b0834b36efd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1001f65110ea660d00077157ff280230

SHA1
dc7afbec858bf5c7c618e03ae1905cccfbad624e

SHA256
437da2967c66d3197d49d49151eaea3e1ef3a898544fbdd3dff38986f4cdc75a

SHA512
952a66aa75b117f1aca94865eb4c24ba2f56a56ef58eac4250584269f2c7f019a9b53e4e4addf882afb80972101c6acb19dd2f666cce7ed8a07fe5599c46827a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58392c.TMP

Filesize
48B

MD5
15b0dffd447ce498105418b6c3ba102a

SHA1
0d115454c005ca35579ab5614bb2bb075eec6668

SHA256
590f9b2751d3448b6090ce5abc948f097ab4e903e07ccb3e34ad7d04588fabae

SHA512
20903c2987a74a94563f5bd503f8ee98025c42e6a3101ecf5d0274de149bacf841a8210fff30ff55d464e5c2ffbfbd1424e2b205c1de749356e88363cf49c5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7391cc48856b516e713d2c428dab4834

SHA1
4885a5bc1d26f70352d3aee8dea04676cc9ba6e9

SHA256
a4ad25222e656d47d621d510745fded5f0779dcd9a5e73b7a162adb1f60f5f6e

SHA512
2bc70ece31d73b14e9f4a4e6a046a26a01c1012f256f6899ebdbff314b303c0863a501b39143b0edd1f8f88be9728843b9e5e82bd332c39033367f0498c2ce41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd503510b3726cec034ffc75a6b68ffe

SHA1
efe74ead17dbe7b3af0f1c05492e844b17bb8c12

SHA256
c07bcfe76fbab5f0a9ecc641faba22bba8935d3df4c4c1dfaab4991cb16683ef

SHA512
7a60000a2375f34a4d545a36fd8584e0a61055e2e4bb05520376f65a69a283e8c5927eb6fcb9cf482fa84c036bc38eb15389bb92ac1aaa7a7f6ec37a0712e35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
39e18fef593bda5554fed69f5d9f0b21

SHA1
0f0dd1e99edeba666ccf63908304595efdb9c90d

SHA256
dffc8175b76df7b84d43633426413fd0ce5ec963dd7517aca5ca34bd60f0d33f

SHA512
9b967e000024c23b4376dafa4f8330e54b2a17589d8548fd9e8a210e7bdbd2911c856aace9fa9d2771c74ea9fb5208fbc11cca352526f21a9e8ec6ea34961b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2567b7274af28eaf07c34c58bed063cc

SHA1
e32a91655d76ab1a458a0abe52ba86348dc799de

SHA256
77b7a80c07aee59ebe541feac62856341abfa79fc1f290818829b9d1907f61dd

SHA512
471ae3664c8952c41bf9595c1bdf401d5df94998d593a37cf8d2083a67d0b3f36e4025639a1730671620e561dfe4001755b858a753f637db7528e138dbc4528c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6709a7516847d8e1a9a295cd5f00c85b

SHA1
d0c4c058ccd5062c0a1a410ea9c05a7ef029a02f

SHA256
f4613e7ce6b6ab65b58fe7a14e16ad6383c2c4aec49d41c9684b723e9290d37c

SHA512
4879e9e889c9fcb9c7d543b2d923176507068e6f03df25aee020cc993911e5a70a88008c42e0fe8bc8330d6af83187e178c22a05cfa6f09a5c40a4fe4b8167ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf54b4a9265a41a91114f20ea22b17a3

SHA1
55b2d07f2403b612aea4c43c75f740eed2f0aa9e

SHA256
8165e6ab882b59d2b5068474664b9d0fea0eef5f2eb1d78b050c99dcdef71076

SHA512
ff1f687d16d2e81083ed50cae4dc0aa91009717f354f9de33a8d91f96475aa77150d93cc81242b4a28cea83982a0837440d1f014ca76462609bb0418380a7900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0e186d9ec5194d7c6418137e0426e6fa

SHA1
93093d054abf7e39f497e33988d843ea8e10aa41

SHA256
60e5544a489f0ecf82f74d86d909c67e0ce8d0d0d5deaa6da1b4c1f29cbca61d

SHA512
d25a4c9919ff35db9925421515274539cf8ca763feb80e09068fae9c2115bc80b585a206c746e1bf8d5368e1b0a71048e2afcec0679436ff06987f2cb87e996b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
02c3927e7921c8107eecc06a2ff4f02f

SHA1
77b8340e417fb7e2137418d725245adcdaa8843e

SHA256
09a4aa277b4942b77a15b5f5a40a7610fbc1e50ba4ef760abaf8408c5cd55462

SHA512
313d1403125c459200178f6e9590b38da29d1a8ce8725ae25263b40650376f05eb2ae784544d6e52924e2f6bd6035dcbde649ba8ed317df9a51dc4f1a0190513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad7921c4833c7fdcf549319ab3e832e6

SHA1
1778de2f26033ee3fe74ead54abdc295fe175da9

SHA256
17cfce833de36fa9e91a74f1de528d7a835e23c31409a8df2ae3d8ffc0c2a75f

SHA512
9892a59c65362fad6fd04a10b744e980c038469c94ec44166dc01dff1c7ebfecb928ca81849624ff00edf3adf60ccfb2678cb193901a90138ee0b907380453db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9278b2d1128204ee0142264ce1e675d9

SHA1
e0e04f954b19d5f24c06002b7a58df71e3ed9d37

SHA256
55f4795d3b30c48be5f2407cc660f5df931d0feb92e4c10d3841070d19d69491

SHA512
35fefde47cd08db2ef2ed9376ca20f1093556e3d2002f3106c5b2fc318e1553ee4703b925510ccc25c89362b418e4aceed58bf36f425958dddca72e933cf6a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
440fcb393c40cebab2418894903b99d2

SHA1
0488e4debb4d1345f5d2f29781ce69de73490b5d

SHA256
e8f010e2c1497aaf8990fe62f84097ba44d4d6904c3789074500802a41ff8da7

SHA512
71f557db911b238d6b9e597b88a971737c2f31cc40a97de5f3ee94c0e1ffd6d1888c25605518146e859d8f4cf3b2a678267c3f5fc43b442115ed2d12b30f3bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cd8cb15a150a50d2f98cca0b29c8d3b7

SHA1
6a6b14366d0b8cd6f947be9269e402792b0a909b

SHA256
0d4c0245151a45c9f37416894d877b2edf0ce2f62e748f67b5637dd5cb2e6785

SHA512
9f56585b20b2a89e24299f9c6516c218fbab66baf9c1fb51610aa66da4575fe841de0a2e2d35fa36d87895a25f78c271c7372304b9106bc389b59051bfead19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9d9dc3e97b79f19e05cf379d37eaa48

SHA1
81a06b2aa8fe8aedcab1a94928396da95f367f71

SHA256
e52bab9efa01b35b18853557c172cc3b017cff65089d0bcf2e5b936cdfcf03f9

SHA512
aa5b93276972dc0c90a4c5ff9bccafce5c4263dd73081498a19cb06049b98d9066506560db1814a730321d96607e550f6cef13a2507bf5dc7f44453dae948d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c319685fe07e7b869c0c7c0fc1b30778

SHA1
a5481aaf4bca5f185531fcdf051580e22338ab46

SHA256
58fb22792d8d54d2e5cf6b2f370bd0c83df8e3528c15699b1a15c8636d9ba109

SHA512
496c49f62624191f2c071aeda3b6f18ea7826c77b7a8985b422f45985a0db46a63c13fcefc5f626243cdeaed938b30943ca5b06285551b9bc6e85562ad5c82fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
7484f797931bfb566867eed39f6b7567

SHA1
44cab4d9f15190d3b921bf470936ade82e8cd173

SHA256
1decdd546b3ad2892847ac5af1f479009d2abb1451c55405053d567e9385d89b

SHA512
eddd1644e6abe3b0183cc1d0edc9fbf9ec1f852edfe5bb4b333ca9adf9a399b2599227db0cadb85a3fa5d798b3e25e1dad04620e0cebd71d742a042b7bb32408

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB2F3.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB2F3.tmp\NsisPlugin.dll

Filesize
280KB

MD5
1d0e98e6817a35237509731e1398b47a

SHA1
2690a72941f1641495a1cf51ebf5399987a74e5c

SHA256
23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298

SHA512
5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB2F3.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB2F3.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslB2F3.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
01656063d49cb49786a267b3a21ac343

SHA1
63f894fad1e5f1cf017cc433405780fed8c03473

SHA256
5b01ba25fbf60006b448c143c49d0778b3803d1a405d0345f8ccd2374bf520ad

SHA512
9daff7757235911365cffacbdc356c0b0e7a9d852eb0a0cb17da6a6021e58699ddf16d63dd7e8d0db2a7120c8b463ef5a429f8367fca6a18d92a4646f700fee0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f2ec394c0867de8e2b12f0b46a8384bc

SHA1
2bdb02022788214379113523ba2799c1d05a4f5a

SHA256
264dea5dadf044223d3f63ebba64ccb7a68bc74ecf2b451c86b3bfb9876c1afd

SHA512
e3130a24835fe4255cca8d1b56c60c7d50ffd8f9f082c646cc5571458437a8eceb60ae3c895ed5678088171fdc801b0ccb340206ad60bf1c6e4b235b49f4a405

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
74f3f22da29b547816ed43eb711c7c07

SHA1
5853ee6bdb38f02112e03623437b7c07f42ad3af

SHA256
530173da2eb046ae0b440f5b46bdad2416dfaa9a54113bd0b4a182f62f6104cb

SHA512
b04e96ecda6ec2dd7065b54f0af70ba5041e4cc2f907d55b71c8498224e94368100e0ffbaaa8d5818c60b38c6ad35e16b3b033e5ba6aa8bafdc44a30e7df4461

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f71403911d0d767ce85fc8f4138e8fc0

SHA1
6a644d09319009f87285892712330a900f5e3cd1

SHA256
5fa7495630195853fd3fedbb520dd4cfbc20996da52fcef7adc82579df05c10e

SHA512
6cba7644a1bbb0a7081dac1c8e6800fcd16428ae806dc73204538cf02992b29e4a1f172af8f862469aec9fdfb78165296553fa347e3877d478be69003043e4e3

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup.exe:Zone.Identifier

Filesize
132B

MD5
d0f03b321d35868bfff6326758877018

SHA1
829f3feff12185f2b0597dd856dd93122514c3ea

SHA256
a6b59d410c0bfdcb062be10a9953ce84af21771cca243d545685c8892983d228

SHA512
2ddd0a12661680f9d485133810c7395d2b59a01ab370c5d76cdc852f19558275b4be11002ee6c0d2cd92c8ca383338ced6ea18c9bcf2753f30908fc127b22d06

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.8MB

MD5
fbd1f74b2128eb69936452f38fdecbcc

SHA1
834df43fe9d4d216d39beaafe2f0aa551d4d8c6a

SHA256
996645fff79294b4c0b9d4248e2e25f4c6fa1b676a028c93a9a07d9dcc9f8080

SHA512
f678062928daf1ecf3634fea5990def8c83418f4e8caf55a07dc6c794e36a9a476106c5f3e6b598c28ffc4fb104413a143ce5ee36616f03e91be9bf28f777848

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 152620.crdownload

Filesize
4.4MB

MD5
7399ebe1e1b9c99f3cb4a2521d424384

SHA1
7a560782421feb72b1e84f162cf0abd0809fda28

SHA256
4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f

SHA512
80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d

Download Submit
memory/4332-2004-0x000000001FAF0000-0x000000001FB28000-memory.dmp

Filesize
224KB

Download
memory/4332-1989-0x000000001B120000-0x000000001B266000-memory.dmp

Filesize
1.3MB

Download
memory/4332-2003-0x000000001F5C0000-0x000000001F5C8000-memory.dmp

Filesize
32KB

Download
memory/4332-1988-0x0000000000270000-0x000000000034E000-memory.dmp

Filesize
888KB

Download
memory/4332-2005-0x000000001FAB0000-0x000000001FABE000-memory.dmp

Filesize
56KB

Download