hxxp://upfiles[.]com/o7s4Z

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
02/02/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://upfiles.com/o7s4Z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1155165157-2721788668-771323609-1000\{D5E9CC9A-DF6B-413C-AF3B-D9F233260BEA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
1660	msedge.exe
1660	msedge.exe
3440	identity_helper.exe
3440	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
560	msedge.exe
3168	msedge.exe
3168	msedge.exe
760	msedge.exe
760	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1224	Video.UI.exe
Token: SeShutdownPrivilege	1224	Video.UI.exe
Token: SeCreatePagefilePrivilege	1224	Video.UI.exe
Token: SeShutdownPrivilege	1224	Video.UI.exe
Token: SeCreatePagefilePrivilege	1224	Video.UI.exe
Token: SeManageVolumePrivilege	1832	Video.UI.exe
Token: SeShutdownPrivilege	1832	Video.UI.exe
Token: SeCreatePagefilePrivilege	1832	Video.UI.exe
Token: SeShutdownPrivilege	1832	Video.UI.exe
Token: SeCreatePagefilePrivilege	1832	Video.UI.exe
Token: SeManageVolumePrivilege	388	Video.UI.exe
Token: SeShutdownPrivilege	388	Video.UI.exe
Token: SeCreatePagefilePrivilege	388	Video.UI.exe
Token: SeShutdownPrivilege	388	Video.UI.exe
Token: SeCreatePagefilePrivilege	388	Video.UI.exe
Token: SeManageVolumePrivilege	3692	Video.UI.exe
Token: SeShutdownPrivilege	3692	Video.UI.exe
Token: SeCreatePagefilePrivilege	3692	Video.UI.exe
Token: SeShutdownPrivilege	3692	Video.UI.exe
Token: SeCreatePagefilePrivilege	3692	Video.UI.exe
Token: SeManageVolumePrivilege	1420	Video.UI.exe
Token: SeShutdownPrivilege	1420	Video.UI.exe
Token: SeCreatePagefilePrivilege	1420	Video.UI.exe
Token: SeShutdownPrivilege	1420	Video.UI.exe
Token: SeCreatePagefilePrivilege	1420	Video.UI.exe
Token: 33	2132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2132	AUDIODG.EXE
Token: SeManageVolumePrivilege	3588	Video.UI.exe
Token: SeShutdownPrivilege	3588	Video.UI.exe
Token: SeCreatePagefilePrivilege	3588	Video.UI.exe
Token: SeShutdownPrivilege	3588	Video.UI.exe
Token: SeCreatePagefilePrivilege	3588	Video.UI.exe
Token: SeManageVolumePrivilege	5428	Video.UI.exe
Token: SeShutdownPrivilege	5428	Video.UI.exe
Token: SeCreatePagefilePrivilege	5428	Video.UI.exe
Token: SeShutdownPrivilege	5428	Video.UI.exe
Token: SeCreatePagefilePrivilege	5428	Video.UI.exe
Token: SeManageVolumePrivilege	5984	Video.UI.exe
Token: SeShutdownPrivilege	5984	Video.UI.exe
Token: SeCreatePagefilePrivilege	5984	Video.UI.exe
Token: SeShutdownPrivilege	5984	Video.UI.exe
Token: SeCreatePagefilePrivilege	5984	Video.UI.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe
1228	svchost.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1224	Video.UI.exe
1832	Video.UI.exe
388	Video.UI.exe
3692	Video.UI.exe
1420	Video.UI.exe
3588	Video.UI.exe
5428	Video.UI.exe
5984	Video.UI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3208	1660	msedge.exe	76
PID 1660 wrote to memory of 3208	1660	msedge.exe	76
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4128	1660	msedge.exe	78
PID 1660 wrote to memory of 4508	1660	msedge.exe	77
PID 1660 wrote to memory of 4508	1660	msedge.exe	77
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79
PID 1660 wrote to memory of 4196	1660	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://upfiles.com/o7s4Z
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8aa773cb8,0x7ff8aa773cc8,0x7ff8aa773cd8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2567730478599003909,13924395566842956148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1832

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
- Suspicious use of FindShellTrayWindow
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2936

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:388

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3692

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2132

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3588

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5428

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5cabc17286e25c0ade7a7f050b6e92a6

SHA1
c25ab09177ad0da9ee6caf78310236bdc2cba319

SHA256
0e75f9140c154297d8f741aea07b90fc1be1b8deb79c3f204148471800e322b6

SHA512
0cc35eda0168f51e5e719ba0bfb226c9f5293a6056d47190a23377deb98244f42c62b8416696cdd13b2db6228c1c8a2513cdf6dbb1d4b59f0c1c889d1acee6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
193KB

MD5
7fe2c36271aa8065b034ce9efdbd2a07

SHA1
e22ee654cb122d0d62393dd8d6753d2bcad148a3

SHA256
02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

SHA512
45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
665e10e0b29556dcf86b3fc5945e9e18

SHA1
b1e2a4814e072a1917f9de2ace71248f12255d5c

SHA256
685dbd0fde9affeae797c88e00a509cd3e04ca97715ac23622de18c638d7286d

SHA512
e75f28184bac04ab269c77731b4243443b7e88370fd1a3e6e0ae53e0b01e16c05ee6ea7b2140c9cd357bc1d54715422482465c68fbb90ef8f669dc1780519822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
873b03573bf48235200a5cbdaba8d23a

SHA1
fa85dadca238c51764159f5f7ff9b162ff8098aa

SHA256
6843a4315b495d7f95890ae4dca93c87c275dcf506fef22b9555919d90abf59f

SHA512
c7bc19a395fbadf22939622c7ee631396fbb6634dfb674339a3875151ecb151172894917137669ac0904c78765b3814269db97580e2e7a45c01bfd70a8abc5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
c1fb3f255e0cf8d9781412984735ba3e

SHA1
05bf152d09a72cea657b5a934a7ccd3d74a13fad

SHA256
7973416b6df509bd208d520dbef68fd6bb0afb08ef4370717e8da86b86981e98

SHA512
e4c7211ffc9585a532e630fb44f437d7c03dca9ccf1d3ad10a6120e6e7d6b0e9444025fdcfd58f0d5b62ffc4aebea63517f1e7cf1467e0ed48abff2d51ff130d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68ed58fa2ffc8be1c5a15845f6a92d12

SHA1
928e24c65ddfe60e8e6a049fafff61c4eb2d9d53

SHA256
dd1cfcb55736a1360fd0cc6d39e1d6352c93f235af637ac2086fd7baf9f4d0d5

SHA512
8dfeaba5f513df44e386578d4ae51e0c79a2ac81520d7185dab51ffb57ad58bd5963e0b231325dafa100484bce3c5bb2c9381d38a9fc14fbb35e7d0371fb2f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
aab3d1f16cde7ec211f4237124294675

SHA1
249947e661477bf73d2d0abd3186983f653093e0

SHA256
fe9560641ab227dc245b7e7633153fb6ec843754840becdf1b203638dbdea414

SHA512
b8ac6b6f7482ca2d9a73224a2738c19914870e2c22d8c74c593e32b1b57c218209b0916cdbad5be1537ab1f5f8eda6533a42fc92eab51fc1271c4c593191bd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ad7a5f8f8c8bcd49b724079b423c948

SHA1
bcca442209861fe5a63cf40f811d1e42eb0440b4

SHA256
84a17902028dd2aa880431abaa99be9d5a32f882e4e827fa6c10cfeb2006a085

SHA512
cf3e91baaee5a1d12f1a6d0e5ee459c8c62a63b676b873d9ba004f3fc01d9e4bb3496078d22e5f91bba69b6dbafebbd10e9d94fe8426c64033cce92e09882a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bbb817f877b7eb5f81c1fa625a151e3

SHA1
88a5fbe3f5d8092b634c59b1509b99dd65d73bda

SHA256
71a04637216d33f145bfe2b253546c8c3aac09ca8fa9d6301957285d29b4ef14

SHA512
f7a955454704ee57aedf5cfc7c683113b4dd4d5fddadba498bb1fb893b4adde8a2b9c18358129e4634685aa6bf14df1a6c5c5958506ec01cf1d44a4a30ae129a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b32f59fd67b51a8f5f0e2fd258897c35

SHA1
05a91b5692c1192169526cfe36aa5cb6505ee469

SHA256
bad04b2543fbac4f01d76b2687aa5c8bb270aa27bfcf7876eebfff85df040cbb

SHA512
285c304b59f13b1b562e010980e4bc37e92a4509b66951445b809ab6914fd7f6d4b55b2c2dd1089cb1159dae2b12d711463a6bb3844ebcccf7646659db257be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7408bdf9ddc33810e0750390b0f8a416

SHA1
1d29a8f72b889030557c77439705a1b6a9a6dba7

SHA256
1b7452d42ce864e175f8a49dbf1670d026f7238684b34cd3e3ee79c2653275df

SHA512
077c1d26d608a2942c0e627c2f32870442e912e0781bd760e2998a499bd7b161e83768478bfd9b48ddd7858c6e786932334f61086964103bdebc013e9ab8e854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f884cacfc8d1f4b7a9b6f67849d8a7c

SHA1
a07a1b09c8b5edfd27abddb0242bd1131fd164fe

SHA256
cad262eb4262db91a6997b7934b6d3256dc31994860feb7d0a55004994c4488b

SHA512
ecc9e1fc8d2ff0b3314eaa58eaa513e0be32aa07cf1ce95804b20aeb50364a5b9f07bba28d6797dbc897dcf2d5420dcdf9cabe00069e3c7432c98a84715de7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf9bf73fa94c50a1be6dd04364061afe

SHA1
dbde80ed156dabecc45aee3cf1bda792b15c450e

SHA256
4bdf6c8e11ef8de98a5c22d54d881b14f35ac19abba3137e1bcba90fe0998995

SHA512
a468761301e80e2bb7ab3739e5fb7742ec35bb641d70f2f9de2e34cbe88dc548c1717586f8e5a160d0104d7dfebe783bda30944fb4980d2dc52181a6217bab8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
68fe6f34e7d6603a3d2f4c95919f8408

SHA1
c7be30582f94d46f05338cc39726f72c9e2fa4cf

SHA256
8cba909149b2d3fc45315cf63cdb8fbe42a4b7c614347171ba00aaf859639c1a

SHA512
48eac2f55675b01ebeb28680ed9af6dcb9c558f76fd647cf05f8a7e1fa04ee57f7a8c70bc0ea882bdbca48b29d62ea7af74b76a03b09c19762e4c93118929be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae880134712a7845a60c4d69f5ed6b3b

SHA1
cc3e4e55e247a390c08f250f172ea106c4e6d83b

SHA256
267a0469b012348524aaee4a34aaa04460636d8b6fdb95a6fd99cbe4744c5138

SHA512
bcb0b58d461fa82589accc5fd4de9d5ccfcf6b679253a3fa6c2688754ab0f376f8a1db078f5f22025f4618838d311eb78c1bd9ffa758a4e679f7babf6e545b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595922.TMP

Filesize
48B

MD5
f9196e76b082a4e820f3cc96773fbc77

SHA1
5b641e8a5b8992e35529072931996bd154cffdcc

SHA256
adc212b00e5d4166726ecce1b7134034d1a1a80199b7604a8f199503dfbdcb6f

SHA512
32917f3cae3a5f0c6db868b97334077ee280a1066ce684bfa66aa1cfc285ba33cef4382cda100f0a7972d151f4a691535b92bde9f87e1b695d304958aa2298cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
583b826547a1f9740f933c477fae89f0

SHA1
c0870a50dfe456214b5dcac3b66bf17d0adcd483

SHA256
b571a956277fb0050a8c56eb4c663f112d20c3dbd5efdcf007df3d987723a642

SHA512
5a5fe0178f20603d289bf81fcde182f6a583d4889454c8c0e124a04cd21e2a1fc6bea3c2039f24a0bc7724e675f8b6df0681885eee2e49f7753eff162957d0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
648b70851acf37cba2a2ab6375148ed6

SHA1
a711f4bb071a8e3c688188521b49b3d5a9178f3e

SHA256
adf8bd8bee256f64024991e89c3b1f890aed756f83b7ad1924d98d3f11795655

SHA512
02c6947f1e5ebe321f735ef1d5577d2ae2f2376ff4f4f9e35e170049142218e1f7cfc7e8d7f91de512fb2df0e9d68ca73c0c6b4dac910174eaefae96345522cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e3242af22e51c7bef898dfaa0205d613

SHA1
a8b68bb7f56988db520a0e0333695b752e2a1a1c

SHA256
d4bf7848ddd869854284e1fecf4afe9589db34d856f743d5af61bbf7aad80c90

SHA512
6a28ecc1a979fdb64406ef7e7c263212de378f188f7d817f8f73f43b2b8cc5d4bfd522338d4aef007be051ed784ec240440c23094bf1fd9140e6ecd0a8036de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b9fdea808bde8d71c5a8a71e25788386

SHA1
d98de68c8a61f638f06fc3a7888993830503e200

SHA256
1757773269e82b2b53a3e8be139703b4ef008522c05255e7ffdf6251dd360b5e

SHA512
34150ab39bd5074a31eb4a824489a889c4d82d2daff1b6c01fecc0dc03a5d9fc86213962ec6da0bc14245e121fca21af8bd27ae3d4816c3af5a1c01cf09cdd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f911.TMP

Filesize
706B

MD5
29bf34b38603b4f9aa5964139de3ed71

SHA1
1aaa25d959f065bb7ff026ad5d5c5314623c2869

SHA256
dee9daf26ffd75f602b7784a2fc5f12b48baf03e1a1b330739be13fd83f6f434

SHA512
5511653c672323a5e59bae8d8c19249810cfd1b7ff91851870c5db8794b0d0749491f9fd02562508d25cdb9a83a57515d910f45a9fe12044ac0dd61007922c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73c0ebf25a29e5b812a7c6fca087c324

SHA1
7c380dd778e8e67f7730475a2d23517139d42c9d

SHA256
9716bf6a0cd667ad4ad950e6cbf62139309091f88122e88897bd6073a9ae6604

SHA512
3f79abaf287214892d66e07e098a1938991ac625a3a94af3299fecbf754f0f3e2922f63350aad015e97edb8e7a129713d9c8d311b183a64f0ba425cadb3f0a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d60d0c3f13988d5aa7e611dacc1fbd0

SHA1
4a7d6f43bb9d7b0813f41116e03ab104cf8773f3

SHA256
aad4bf05fd0b1b50fff099df72670dbdb925bd625c5fdc07ca5ef737a4c60d62

SHA512
41d8ad1190667f5c26ca775984974436f046e696c4394c7593865b9228dc5575557377807ecd0af3f1da17c9c0bf536f973e2e1ba438c61111097fcdf1c985ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
700ef6ac8334b92ab69e62fff88b3105

SHA1
a413558e68f9a5f23d00d1818da4caec8a82d685

SHA256
2af995e941e5b9edcf7763da8b2b02c9fdcbf579b557376dae94657b36c34aeb

SHA512
583639f4a9533a266a74340f787f365b55cfd314f58871b45aaf1410d538126df7203c6dd8abd334752cd8fed0f9ac88ac38496bd6419d03ff8f29febb014d53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
2.3MB

MD5
cba1ae572d8843f99e958da13224d7ec

SHA1
29c1aa7d3fc1f25bfe42bf57d83d87545d2d0cfe

SHA256
9dd1175e6dbd6979c2bcd8e9ccd7e1cf130b549dda17d2daa4e1c4ae8ecb8864

SHA512
f674afff58fa75016c63a9162b976073b499d18ba36e5142c5ca515de233d69a4d2d2ac8cc780f6a1af648aa553d671c6f786eb6cef1afaa40b07efd215cca14

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
3.0MB

MD5
2e6864e6bc8e9686ac4bf910ec643a57

SHA1
b2c7882c6397576754667f672c7480f4f9490bef

SHA256
3661f2d4944be93c96f0e157a6617c2e1611cb358792beab86a3e2926afdb164

SHA512
7d7417c1454e9aba6362d8ddd5b01ac29a4262c3d730e959bad17c4428f7be910686f5d3ab11bf354f102ede032cadea7995aadf363d6367b8a431b574934afe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
2.0MB

MD5
8ed88a14c82e93fc72279fbdfb18608c

SHA1
b2d762f18c8f23f1fc786da868b5e56b96c6a971

SHA256
385036f934dee11349bffdcf6ce2e11605ac898bc151fb85320eee7b8c81342d

SHA512
6466efb40a7b3f5b0ba39a0b3c74fe079b99b19023f77906199bc18469975fbf0c1ad43d5948c9d177c7cf756720dd359ba2a6802ba1e95127fe6a36162986b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
742KB

MD5
4033b9200671aca7e1be3def3ec2584f

SHA1
eafd6e22ecb88923e2bc6413b87d2b12f805be2c

SHA256
79fbd4e61b8d04703d13659bbd2237e029dd6ec68a3b39a684c5c91ad60cca9e

SHA512
8b62ec2f8aa4cb6634e23e742437c938f65359962ef67a0ce38df1a27e75f1549c5294783aa80435f101f949699f072a1c2c7d116c71c88240dffe3ec6ad1a9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
2.2MB

MD5
785e9e10eb81bd22dec6029071f28158

SHA1
84d990174572d92865484d4a151d215485cb79d6

SHA256
27cf0faf0e13c70f637a5c9120b2810ea16e3dfdb86258388967c6264dd4d36a

SHA512
63f5806493a50f11ece64bdc039cbe3adfda7584d01789470a139f93f8c57a30579d770ba809fe3b4900f4360325a77ec6f4df1e3334f69d02ea54ecb8925276

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
1.5MB

MD5
2b0c440780d2d22ff7d52458d28eb46b

SHA1
2bff8f79db2707f19752071d4d07f1eac389f1c9

SHA256
355e536dbe1af6e54629dc9bdee1062b2f1a71c5b4579dd8575fcac108a8175c

SHA512
7fa541f827a0912290b03e787161259e0827967e7e388fd84e916186f9b6fee3523edd7dccf9458e3996b7b06f3764ceea3965fc37c6f7cdb19634d59b4c714a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Filesize
1.7MB

MD5
fc9a8b844f804d8da72cffd43c95bfcd

SHA1
96f25a204b0890ca2be737b6b775503ed5718fc1

SHA256
7e7bb44d5ffc4a130d63a31499dad2f169c9aa1a2c3035bb34b4e85cb3aedb25

SHA512
ae56dc4c6a9d9deecfa9558fce29e21691d2d47c11bd9be9a09f93ae3c5002c078fbe04fcef35bbb423b7355d38f72e46a3c29a67e0646ae3687bff8f207b1be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
6a61bcaddc7b49c0c75d33e0a3979249

SHA1
f43ee4749939b8bb48897eb49ecc388ee25e32a0

SHA256
9259b1c6eacf0eb2624279461020da4c857ed74c350ba8b28d6d9906f721fda7

SHA512
44cbf9368e5d6fda07398dcc015e2317cbecb6f1065563f23d3e0477e3a917e29390ec9c8a77be1d3a3c36784f18eaced06bf866db27dca5d1a6d7e1a78b7053

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
f79678cf56fba161a7ef203a42654c51

SHA1
6e30eacd491a76e7c6fce15db57f8534bd87b35b

SHA256
ed9ac82e37d102ba78ec2f8dee7fc470cc83c97e42d5b1132ce3f492763644fe

SHA512
2bc8a1df8fed0817265139a987519fa2dc45ece4c1ccc68822ad812524cedd14b1bc833e840e4401f22d00d16c757048c889719d9e0e10110f537d7d78db55a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
70bc4a8002142b6dba7051279d928e2e

SHA1
bfb0edd2e620df22885e163da46f5efb4e347d46

SHA256
ecfde9727679db86c7a423a42833e22060d057d90c0c2fdb9e660516522c59db

SHA512
452d326f7323447b66cb85efb9283abbc9e7fc4d2349231a1f8a56844b337699ed3c15766787563b859d25031eb1355c123030a6552ad5a0ba0afc90c107fafc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
0e6c2997cdc356bda10349a9771c450d

SHA1
5247667301d641ba542e31e7aebda5895d26143b

SHA256
da8ec827898684e6cff946123aacd6c387ae787b2c8826e03182a1c687cc152e

SHA512
e8ffcecb1546fd35b9069ed2ef8b951f1d7e8493735d035980c352f9961a5052f57f05305caffffcc3edb2781a52912890a123774fbff4e49cfbf72872dd525c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
abfbf588651e24e7ee121032584c891e

SHA1
e8151c31687130fa1d5b6fcecc21566cd4028a86

SHA256
f7b2302349f6d9f889afb6fc6753502d3c46aeb905e609a4b737a0892a898d28

SHA512
999e4959237efb94569358b2c834d187f892cc2a203b214cac509f13dd4483a31bb4ee38a91055fbd6ad5bac056066ea6d8c1750fa46c04884c3fcbceca7ebcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
9f0e7dfb34bbb70420fb8dcf98bf1c46

SHA1
960b73f864f610f34a4d888596c16044327ae8c8

SHA256
78d4a739aefc97ba734bca1105a56d1f21d002d4e871cc3e7364b8f9853e64a2

SHA512
d3326c6ecf495ba8d4f28aa61d69bb77b361e1de99c39e31d594ed55c1a207ca8fbe9de673f9c5b7f0a5ffd1786e8992c68f1aa355904bc958bfebeac4c5e34a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Filesize
16KB

MD5
f0bc0f97276b648a86d2f4e4139f2be4

SHA1
d6d02ed15526aa0af1f5f92115a7c038c788d978

SHA256
027357e34bdaa323dd4d6d27ddfe151199262ca3e017665619edf8b57fdb6a24

SHA512
886a6f1af29de977e597aa10237f75ecfc2ecbb2a9862006a7836685bcce0981f2f343d8681ae1ec5de8d0a00ae054bbe623e1a69023d415a241ea22125d67f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
5218c94ccdd85ce823b26baf49c2766e

SHA1
eb1012c0cc728c1535735b7336dc0e03a8d29ffe

SHA256
be5e7a6bbd0bf2a1ce8b94ede238575c0be4c6c847759561383d76662b79209f

SHA512
8dd6f921bb26753fecfb51ef490c5f46b1eed1a1c9d92900b908251a3507c972b84115c5dfe53e2171b766346892a308c50e90dda6a2b646a1c74384ad92be1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
2ad55d5aa7bef3ec17bcb474fd6e9c14

SHA1
c4c1f98a7839c1e38f1485a2813d9c18b7898770

SHA256
0dc7e9519c8ae3b73e443e944ff4f4c709ff1dc4cf42821a4809f698c1b215a7

SHA512
f78e5152bd07485e11e02211f1713512cb99fcd9817294565236e21e561045625ab8a866854b6eacea83a8fdad3db6f8173f212ed7be9dc599f3b24fecb91f29

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
6b4f133db37710dcfdfcb136cca800d5

SHA1
14564e4af9d204b86c150ba74c274df1e488f418

SHA256
87b5baf40a95ad4b63cc324f1bd1d4213cb5f116aa6c5cee272785d3bca00bfd

SHA512
9f6ae3d84a1624c210821c105134f28b5333e2d9e4121f4fa539d89b1f5b43424335f46ca8c3c7b840ce8fbcdfa76453e1fd638ab6cc3b32ebfe63e78c9cc72b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
c86ffe3b2994e75276caa0fe0284e64d

SHA1
cdd330a89a46d6bf981925230257db8706918fb0

SHA256
c8dd8797b819239150cbfcb02c370fd6ca34d0d48302fc93e431f5f86f693a6e

SHA512
124f725b201e75aacd1ec23fd0ee6904ebecfabd5411b4cbed1397f9471ceb5c0844e611c1dfdfb19a844ab8d5df0eb2af98a9bdeabb53830bd3860f9795bd4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
a2d23f9fa6d028cd2a3060c87e182790

SHA1
622519f1c1fd782c1bd8bf7cb1731bfc52de2444

SHA256
8a9488a9e121399df69fb13fb5ba09fb976e8df110ad24f803086b83b902ad84

SHA512
39319400161d95fa17279903ed966a3676dcf2778d690c715caccc9f176206ac23bea78cb3bfebd849664dec0a6ded31eeb75b5aa4f055081ffe22f7b7a517e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
698b74c6fc2692701a035ce7585765fd

SHA1
264bef0e2031f4243dc897919745fab579ae5c71

SHA256
cbf9928e244ab34cf54a593145bc08f89c1151aaaece6a282b780de9b7f88d08

SHA512
c8cb3256e23bcb0166a66681661d9034aec1f37ea138d2887bff038a59a3caaf4760bf72f18089b937e8b20dbc4718c99388ce98f01fb606c5a465581d73456e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Filesize
8KB

MD5
b0d0cddeca7ba150a23bbe15e5720a0b

SHA1
e6b1f204e32dc6ef841d6fd8dbc06e7e7efc7f51

SHA256
badb9c56da738b3439e6731e73dff7cf0b4e9cdbe8555d94c86505bdb4ab3b13

SHA512
a93e5b90849d9a80bd6dcccf09ad0cada4fa575ab98ac7cd0b4cd5754c5b2ee8fb86e3197ed46abf1c1b96331ff45164b29cf8e008b38605853d0e3573ea1942

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
2.0MB

MD5
8d79b13fc490ec1de4e1829e56bcac04

SHA1
3f4394003c341e026632f36e14b99b4ba5946bab

SHA256
b745e0d0212b596118872578ef6e1f13cc17cbe5043527afe441036cbcc87ccc

SHA512
20a2cbe2a9822fa5dd67f305cf5acb9647d142715038c44b7e3e612d0bc237d9a49c7eadbf6a02411a744bc40cf8f5da84b279d94a989c31d143bcf9d4ce4ad5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
2.0MB

MD5
bca46250d59a72e2e76ed3d9e95e719d

SHA1
10b779379ddb1f6e92f3afdea982a02bccc4bfe7

SHA256
0e3f1d3dcc2aa88b5751d7db02a9f08df911a6e667e372b24f5b5c2733480e22

SHA512
1dd1080abcd06eef47ed2f953a99163f887343dcf15bad4a8fd48d6a86b23127dcacd6378608c2a1e762c76e2592cfe9f0aeda5bb282ff5a4babdf6d0293dee6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
1.9MB

MD5
599ee50741fed73b1e84499780125dfa

SHA1
18f377377e41ad1ee9a7647ebd77da8b54f7c4bd

SHA256
66c750180c9f3244bd48730f601b4424a2a32fe32c8dcce5dcbffc4771d78b9d

SHA512
dbfdc880ddf58eb06ddc192a16b021dad56bdde40ce21132388c345350ab6ff7b1d4a4c0e6aab26bd17a2fddf95df1c47a248e7062141978fe46473e4838fbb8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
1.7MB

MD5
8111306be0f3043380506dee5e6d2163

SHA1
9d7a3e0301ec2248d8f017e71f1799947dfd254f

SHA256
2ff2076b1048f6500284b050708005bdf4c8831f00f69aa10de7a6070d9950b7

SHA512
2abbf11de013d5e9c94b4db84f4132e1e47f6f3664b75eba7494f31bb764677d3ee5c05c61acff98afa548a7d85d4ab5c265327410c555ede8174ce197e23bbf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
934KB

MD5
92222645717fc37b3ab73c62d0a935dd

SHA1
bd20569e78f05aed73bb011f3e83e1bdff238d36

SHA256
86acf8996ca9644eebca8b2d78d95c2bac06f6ef286bcff87f418663b27e2f09

SHA512
8f96dc6084803aa0bee4a937b7fee0633fb8156a4719d0878f93eb79757817ca52a2f272638071a9eeaccdb3bb7b381ba423d1a5c5273f65ef9ab1227717451c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
1.9MB

MD5
d94a1caf65a1ff4f9ef5b986f59463c1

SHA1
80dfd52ee071df088dde45b5d983816369ae2fc4

SHA256
7747f1d97c7c0f6aa88874e98d8d6ee9081789a542b911f8bd3fb98191595e74

SHA512
e368c07cf3d1f821ee0a9388e0f68338abe308f25ab6f61a95afad6cf510db4812a0ee9ffc2a8df8dcd5c92ee785c713dafc7522828e4cc86f76e47a9446891e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
288KB

MD5
fa4cdbdf1404d1c31bf7e34ed9faa504

SHA1
9a5e9e9d1d417b855264837f921810f9f5d42782

SHA256
8210455ebd49fde677b95707493c93be8d0e17164fc0ca897ae7d06d35582c5d

SHA512
3a9c7851ddf6948dd61ef15cc23fb45faf00e506dd090f5de1d2ee939e4a5780fc9e5b57644430cee5247e3e78977847c6d59693dde4e5f7723e7b9d3d964998

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Filesize
1.4MB

MD5
48cd4cbb2b85de9740549e7571fb95d3

SHA1
0643f6307c90204af745fe8eba5a1dbd6b10fd46

SHA256
3e6794b830f1063b1cea78aebfe9bf568624f082894fad3de3dc846debf31bfa

SHA512
6b0f49836f1e9218abfe83fa5ed3a278bf56b0cc46acdb7062a0f52dfdccc4ff6b5b8e3f02f1f85fd26bf6e2973f81036dda526c050b43350c2e5285f850d014

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
ffb4b6cbe44d203b12bac1f18b431e70

SHA1
5008f840bb4e9d7ecebee007245efb0bbbd61199

SHA256
547d8e61d6a4a9e97b60d9370951d3920a9752ddf98c31dc3676c59c1eaa304c

SHA512
20f726d528d2b5211aa20664e7eb4358092109cfd188325f7344adc9bb34ec3642ce0cea6c52540fb9c00aaec22fd94387b04446d52c03777410064cf0a23147

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a0d73b674f0311ec11b460d9f03f4ed1

SHA1
234daf341399dd2a408c3171cae8f39d35b0beec

SHA256
ddda4f23e669c74263989d8d33e262d525bfc4144002f6df90eef2ff809f3d0f

SHA512
6be57aed4e578506004dce9409466c5a5dac20cde91abaad618605cec042995298ccd37d4733e7e690e4a5a8730bd07cb51b85392fc65136489a5aea6534abf0

Download Submit
C:\Users\Admin\Downloads\cm-chat-media-video-129eb3ed1-e705-52e1-b9d0-70423170c4e6300.mov

Filesize
150KB

MD5
5fe00e84c99bbb4350a561e86e5afc5d

SHA1
f8a1fd06caebc6b55b448275096d6790625b9a89

SHA256
2733deedb496a16b4bd7121a5464c65f3dba24425e27d39a0be2d5e0bb3c306f

SHA512
1be861f7c2b3e9bb9e7c1f15053c181636825944ec737657bdb713867a9f2bb1ba9664d09e6cfe23d00860f76ae83265bde3f9d48fd912e2229e0e332a1a6411

Download Submit
memory/1224-288-0x0000028296350000-0x0000028296352000-memory.dmp

Filesize
8KB

Download
memory/1224-285-0x0000028296280000-0x0000028296282000-memory.dmp

Filesize
8KB

Download
memory/1224-261-0x000002828C360000-0x000002828C370000-memory.dmp

Filesize
64KB

Download
memory/1224-269-0x000002828F770000-0x000002828F780000-memory.dmp

Filesize
64KB

Download
memory/1224-280-0x0000028291B60000-0x0000028291B61000-memory.dmp

Filesize
4KB

Download
memory/1224-282-0x0000028296130000-0x0000028296132000-memory.dmp

Filesize
8KB

Download
memory/1224-284-0x0000028296130000-0x0000028296132000-memory.dmp

Filesize
8KB

Download
memory/1224-294-0x00000282960F0000-0x00000282960F2000-memory.dmp

Filesize
8KB

Download
memory/1224-286-0x0000028296290000-0x0000028296292000-memory.dmp

Filesize
8KB

Download
memory/1224-287-0x00000282962C0000-0x00000282962C2000-memory.dmp

Filesize
8KB

Download
memory/1224-289-0x0000028296390000-0x0000028296392000-memory.dmp

Filesize
8KB

Download
memory/1224-290-0x00000282969D0000-0x00000282969D2000-memory.dmp

Filesize
8KB

Download
memory/1224-291-0x0000028296CB0000-0x0000028296CB2000-memory.dmp

Filesize
8KB

Download
memory/1224-292-0x0000028296030000-0x0000028296032000-memory.dmp

Filesize
8KB

Download
memory/1224-295-0x00000282960E0000-0x00000282960E1000-memory.dmp

Filesize
4KB

Download
memory/1832-323-0x0000023BEEAA0000-0x0000023BEEAA2000-memory.dmp

Filesize
8KB

Download
memory/1832-317-0x0000023BEEA90000-0x0000023BEEA92000-memory.dmp

Filesize
8KB

Download
memory/1832-318-0x0000023BEEB20000-0x0000023BEEB22000-memory.dmp

Filesize
8KB

Download
memory/1832-320-0x0000023BEEC50000-0x0000023BEEC52000-memory.dmp

Filesize
8KB

Download
memory/1832-321-0x0000023BEEC60000-0x0000023BEEC62000-memory.dmp

Filesize
8KB

Download
memory/1832-322-0x0000023BEEC90000-0x0000023BEEC92000-memory.dmp

Filesize
8KB

Download
memory/1832-319-0x0000023BEEC30000-0x0000023BEEC32000-memory.dmp

Filesize
8KB

Download
memory/1832-332-0x0000023BEE580000-0x0000023BEE581000-memory.dmp

Filesize
4KB

Download
memory/1832-324-0x0000023BEEA90000-0x0000023BEEA91000-memory.dmp

Filesize
4KB

Download
memory/1832-329-0x0000023BEEA90000-0x0000023BEEA92000-memory.dmp

Filesize
8KB

Download
memory/1832-326-0x0000023BEEAA0000-0x0000023BEEAA2000-memory.dmp

Filesize
8KB

Download
memory/1832-339-0x0000023BEE5E0000-0x0000023BEE5E2000-memory.dmp

Filesize
8KB

Download
memory/1832-341-0x0000023BEEC50000-0x0000023BEEC52000-memory.dmp

Filesize
8KB

Download