hxxps://yt1s[.]is/en1/

Analysis

max time kernel
304s
max time network
304s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04/05/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yt1s.is/en1/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{1E353FE0-9C5B-4DF2-9B61-87D3C65297BC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\In 10 Minutes This Room Will Explode! _ KreekCraft Reacts (144p).mp4:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1548	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
3048	msedge.exe
3048	msedge.exe
4804	msedge.exe
4804	msedge.exe
4200	identity_helper.exe
4200	identity_helper.exe
1648	msedge.exe
1648	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
420	msedge.exe
420	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1548	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	1548	vlc.exe
Token: SeIncBasePriorityPrivilege	1548	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
1548	vlc.exe
1548	vlc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1548	vlc.exe
1548	vlc.exe
1548	vlc.exe
1548	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3084	3048	msedge.exe	79
PID 3048 wrote to memory of 3084	3048	msedge.exe	79
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4408	3048	msedge.exe	80
PID 3048 wrote to memory of 4448	3048	msedge.exe	81
PID 3048 wrote to memory of 4448	3048	msedge.exe	81
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82
PID 3048 wrote to memory of 3108	3048	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yt1s.is/en1/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,9608311002365015926,11889085380202614474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:420
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\In 10 Minutes This Room Will Explode! _ KreekCraft Reacts (144p).mp4"
  2⤵
  PID:2608
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\In 10 Minutes This Room Will Explode! _ KreekCraft Reacts (144p).mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
220KB

MD5
9ada39c59a1f654ea41174a4a6fb3069

SHA1
f8465e82b03e67dba69549c2345ed02736568965

SHA256
3f5f691e877d0b289e7c42149d63174d29b9b91cc35f02fc85ad5fcde1ad7f22

SHA512
8cce5ecbe7a03847a509e41333b131652e092764a88be8c3fd7df29e6e891fcc2e9dcf98427066ec69b7d4c68c335d40c1be14b313ab13533805f2b5c9ec6f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
29ad9ea37ce397f90a9b0322792a453f

SHA1
e0ae24a29fe1daaecadcb6f6db1cd6e3d051a273

SHA256
e7ac7314e4507f160cd0c863fa5c2cdad5c8a0fe83d5421e184b9aea877c4a84

SHA512
444c3999c3673d298894d99c61d57cbebac28da2aa63826764ac8ec21b0eec81174b4e1483391bebc55b4a81e1b9e17d97702f3cd995694488f4821a33addb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
32KB

MD5
4691023a524333adb2337720b52adde0

SHA1
a92c4dc3df565cfeed1e15ea4ff059ba01fd9248

SHA256
19f1853554fe7305eeed5dda5c8f0c01f51e2e14ca101f129ace3ae25f5c3d8d

SHA512
e7c9da80f49c888db06da32da467f8166c5e10374c207e2b7ad29a32d504c97491d96d5c298f4e070f857bff045bf4af25391b69cad5d5d379bb3054c4da8803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
32KB

MD5
eda13c6b6a5166489f77c8d20050d7eb

SHA1
83d1706bc1bb4b7e491045b945c3b50db09f58dd

SHA256
6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637

SHA512
b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
98e913a1f6ead2e12c2e6120d5289192

SHA1
05c05f26b59d382abd1d32810640b49f169012b1

SHA256
3dd36fa327b028a05316f72d4e1f4bc0f117a3d393051a537955c0d74bed0be5

SHA512
f97b675f51157d7395e5c1b9b20b9aeab78da118893cfa5fda9d56888ee92aa0addf629429d8463421fa95b78b898039558fdf39814577c0ac6fb2fe268aead2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d74e674b8c98497b35019d541b179f51

SHA1
bb5ddc7504bee10c4652c7030d4421aca4a177fd

SHA256
8455bb1dca842eaf2e518ef114b51ffaa7dc325c88e885bfeedec671b734fa51

SHA512
9a4761a56193699f1716163795299f7cc71db9984885e240d786de8419bec1f6c4ad2a5a7397f94f9adfda9eb925a34b2c046831ff72e823fe56ebf6b9a26054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
844494b552587779dc7bfff052db818e

SHA1
479bcbf2f72ff1381b4611005374059d16058759

SHA256
9dd2ed8118da1e1ef5ef4a89039fab7c1113afee151d02e75a63a51a0d484697

SHA512
2a4904ae8f10fb50eb960cc94e98ffccb9ce92c1bcc7aacba78b3b6d44d2877863603c79611af1f25f1dfd0579d2137253a1f5ba82759af0f3271f2b7c6896fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f38809ae9166a3b870ec620a90e03252

SHA1
d34d4a76f70ef8604e49456638345586ebc9445d

SHA256
51dbb1da5edd13305469ba1c2d1a9bc2c85d2df5eeb6e09d61710b7e29fc8807

SHA512
27070e3f7570f3c549c1ce1f0fba6f206eed7b80d5c163ddb2a488f21d47750adfc081ccc12eea0923d1a9f474a6a67a6038cfd9f4ead0ff804bf41422374b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
be7f946417688b537a3a0532ae799f12

SHA1
f5147a186e8f8e04bab4ec19549ec0a9c34a5e57

SHA256
31aab43ac4cf70296e45b262e0fa0e8a9a1dd799b103f322b5c56901b00faf4b

SHA512
46d5276a6a68d2164a5190e97df0c695c1eeda7833e61b7ff83e5cd524c66dd10da822d95224456a3af317f0cd74a98548e5c10490e8363c1758e59245b64b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
60835aeb1327d091373d8c4dc6ad0f90

SHA1
997d9ba3fb78afd8a8b2d87172493c046d830586

SHA256
fab5d8f01907c13e49ef1ccf220cc099d08e6ca03c9fcc12b108d71bf64c5f2a

SHA512
4bc40098d865750b7fadcb0bf0b8a91f7bb9b67cbaf3d4b3c967a4f7e9bdb37581e7176e19cb64f0c91fe37fbfe75e49ca35e32558a76be64219a6c013e2b93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1854742e88f87d2083fe76079ccff527

SHA1
208eec790f91417837865469fe2a5c0144949778

SHA256
fe0ea2be7965a35a95ffe48bdd0bb33c09fd86f354f482f99ceec9e4c8ac8964

SHA512
66d82795796d6c1197c278d15293eb6d0f71b1e707dc8a6223164843a1d3e09d67c409cb42075db26084b945d23d9b92ac19eab6cd8b2f247e09e4f6cafcfa7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2661d57693b5b745242b95216b0f18f6

SHA1
a90a3984350c40592400043583c34b0bc30b1762

SHA256
a09c3e1f1a3f21b7497118a4a7cf2273c1d17f428c87cf6480b01dfb75b95c68

SHA512
30ba831323cc671106ae17de5bdb52537b38a10fcf2ec868da7a5aa3f71061296d7f9a940ea7861c2a551f150cfb52508b974ddd3b07a4ed00a5bc04ad358cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d2bbe3b8ebae5f62d2a490d0de4b326

SHA1
ef2387d6ed8b1a6cc83a049d6618856caa438e49

SHA256
a075429e70962fafd72995fa8b14523102a43317c7b45f9c6765cef473a58a17

SHA512
2222447f92e40708df3b8863139f6ab35bddec502bb0f8aac63cd73464391be1eabeaf6e53060f641587d813e8ce27e412c583c6f488a50238183bee1f4f0920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2837980b898fe093da24827f691833dd

SHA1
28467c32edde89857bce3fc2439f69759c209973

SHA256
618efd9b29db6e7f8fe7823ddf075bf7d8b30f6ed4459d489f776cc449926df4

SHA512
5103a157e64eb61ceff94f12f89ae426438e0122e2b123d4715afee446ace5547db80c43f7f466c8c8cfd3000cf0d04c5450fd54a3338b6d258ab9e92683ea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d688d9812c032d67a771a0a0f7b0c4b8

SHA1
40690ca34e15171745081450e91e4eb993669d41

SHA256
850c8a148905507bb939b60349d033a8d9c215b58c29849b470713a6fe9bcfd6

SHA512
c9afea168f9e51f2f5502a4314776f3f43f8ecc022f46cf41d9650a3dba22996655c541950b8619570ee81ad427692da92e83f215ab0b9da2b5247d832471c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b0a228e39ea09ee386cddc82e59ff6c

SHA1
5c78d9782e2a780f317df1713bbaf32089a92918

SHA256
83a39e8df8bf75efbbd8602af4e04e3215f0ab641004960949f72237b51fe40b

SHA512
3812c2b0c536dc0707a08acb6c5749baf1d044f0503e7f42c5a634710ea3216b232348b8911be71eb732727678911ea0450f83a39d549fa6b70022dfbc7d10c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2d7da50d651fc1c4a12d08e2dd1450b5

SHA1
88258f928b993391ea6c645f468236599407fa27

SHA256
d77a86f629bff7f00ee4f254ac1d76fc501bed4f077d04e310690e52c3837bd2

SHA512
7c9eb0b4704926f6f7a027a9cdf0c073c01418d3dac8fb03337c3bb9c3dae5087701a9182e88a215a822c261d84fbe9a03fb5acd0577b50e98f7bd1cfc264eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
363f3dfdd2a20d48c00b1fb8b74c1560

SHA1
0c6c1e9896c372a90874a01471b51902917e86be

SHA256
c6c53c6a2a04893539a0535d2d25f7dafcc6bcc704a1dced2188ecfec82ceb0d

SHA512
2d7937ce42bf6ad4e31c09cabcb26dfac46f5616df12cdd93d458c54c985906b6fe2ffa9202dbc2254761681396a5e7525f6db9e9973f1dc34b99964ff00f252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\23bbc70b-9db6-46f4-b5c6-d74da9855d01\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b0525be-5ed2-4014-88b8-efa53ba4c02c\index-dir\the-real-index

Filesize
2KB

MD5
e28c32e1398d6f387b4d960eb22412e0

SHA1
c44f11e813a4ccdea8e37281e617bb316d4ce890

SHA256
8b2e75efdc8fa78e4f09facb4d4a94430ce685de290daf23e671683eac925dd7

SHA512
e189bbbdcb3e067c829258b444d870e87a9a3fe0859df2d5459d122952c58913f9fc1c982926aa3d872fc2b598ae7980dbdd1cc79866100ade13cdc94e0b19d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b0525be-5ed2-4014-88b8-efa53ba4c02c\index-dir\the-real-index

Filesize
2KB

MD5
5b2d2304b37c23a1129a2132b50eea6c

SHA1
5eb006cb69e2548af8fb374e2ddaf0312eac4b55

SHA256
94ebdb48f82bc0b154d1ae73d896d9459da162ca433e5a59d634109b20acc887

SHA512
a9523f4f0fb9eeacc9efd79d0b31caee7d7c4c231700e86bf4dcba099c37fd0a967cd9d65b1f464274c69a73f0eb1aa7a157d2baa7bc2e9281d30e433420d2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b0525be-5ed2-4014-88b8-efa53ba4c02c\index-dir\the-real-index

Filesize
2KB

MD5
77524d4cfe8b5b1eacb27aaa28fc1114

SHA1
9e23e427760c35b3ed45238209628c1de845b355

SHA256
fc074494a4a0d12577ceaaa9cfc9d11466e33bf9dfd16ee43f5336663f222c98

SHA512
8c7cd7f8a753b88a33e7ae00c259ece16c330a93819f7f470ce62120722c6137f5d4924ad73d908518d87d6732174c415069d191169f385633d8509fdc41239f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b0525be-5ed2-4014-88b8-efa53ba4c02c\index-dir\the-real-index~RFe57adf3.TMP

Filesize
48B

MD5
00780dac084286fad36416189061c91b

SHA1
73e2c858ec00a57a79e3da0577208c8c625b33bd

SHA256
7265ddeb306a705f87ee45ee74553afed21ae90817da2ca1e5e12b1106a50938

SHA512
41ada0a6f28ff7e2ac5df32de5701b89542fd798654b8a3442075eea4cd256ee44f0ff1bd828a90b5fe63a83111e6e0fe3bbc7b4373dbea072dda88963c75fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5561ae4-a904-4b49-8e59-71d398578310\58dd475de93a75ce_0

Filesize
2KB

MD5
344d3e7a943673989a2b92383e717574

SHA1
d5084eb9e5324de9101f5ee42fb9e079060a45c6

SHA256
099dcf269b0c209ca68d6fc743b29b56b44d6a913e17f24dadf26a77e4804d54

SHA512
3e7a586fea35b0793bf5450c04b524bbb668a9dfd420c20f4dafade0d9a4853277abbc7cce7e53d43746bd27f2e06386aff8a9995555d8d4505a2827144915b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5561ae4-a904-4b49-8e59-71d398578310\index-dir\the-real-index

Filesize
624B

MD5
74a82dd0bbefa0b77fe5f0c9bf18dc12

SHA1
a6545976bd3b91cf9fa435f70b508d2285754e83

SHA256
7cbcc00b143bb2df3d415bc863b7541586b9e4fd95a42292a1d0cd7853ed4476

SHA512
cb5fa33c6f24094d357869e89b73d26999fedc5aa80eb8452ed94128fa8a8064d21cacdee828897693a5231173594af52e78f0f130df258d43b73c30bc1e274e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5561ae4-a904-4b49-8e59-71d398578310\index-dir\the-real-index~RFe580606.TMP

Filesize
48B

MD5
27449846945b1d0acd96a5c97d587686

SHA1
190446ebedf337f3f61ae3b3a843eb16a84428a9

SHA256
779126235e4915259b246f3cf34a3a6f7ee29b93b382e8ac6ede4ed27cc79d3f

SHA512
5f4db2409ce6186ec02b995a83c388aadb17a5cffbc9eb9e0fff414ca4fa830a8cfeba4233c74ce3de43407b3fd8f3df06b5ac4402827f72541755a262ab064a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
fec2c528f3a8224bd4c362f814466442

SHA1
1abe0e57f584c5703e09cf8a88ddd6ccce7ec5c5

SHA256
424db2055bcc72da526b573db1f40fc9d146d7c37bc0151e707244411734db8a

SHA512
0d9b1a61074774bf7bb0def35a211fde8f7b95f35d0dc488ab0674b7b918a3b943f39f09530e4f28c1c798f9a129cb910d681d42bc7f2088f6c8961ba0a38cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3a071f10fc2b1ac0d4ec6172d875c8ea

SHA1
72c60833070467777481c6ad02a8f98d5abc3914

SHA256
b9d8eb4360c40f5c6a8857c55f0a3430fcbcc83d8f6854668e55d3cd2b0940ff

SHA512
93a9ccb8afd41724c9391de9cacdc4fee52e97a5b76241745c1e3927ccf6a36b0ac542abadd1f5a87c85c1dea149dce67b9b1e1f09eb0a0b823f2faeb0f7b358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5a73cfe2a15d69f33ed9674d48f24240

SHA1
20ea686bae3b526e818bf69706487affd77f288a

SHA256
ffff186c4fb9dcab2ad00ee94935d7df8f8828aa35578f64ec6ce1a5d87141fc

SHA512
aa30459aea87346fb0e7fd76ab0d08fc1892cf9ef76586038a684ecee019c8bb40c65701ea51be315b29dc020553d6978ca6aae2c4553e2073f21154d4cefd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
85c62043525b22b296ce974690b668b5

SHA1
acd43a600ca8cccc5c4bbf4da884bd5bf53bf35e

SHA256
7ba49c8a64a596f8b9c867e7d8b0bbfc1239d26c7b71cbcb0dfc633de3ef0204

SHA512
418f989acc042994cdd3040a41dcbd779223cd3ec155015dba820507832f0151356bbf35a1726ec8e6a44e2461c261d302f258d4b93106db80dfe5d01d13f240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
a3c9a40c7ff4127cd0cff97cef03b246

SHA1
69ed5750715771145961eba26cde0c761b6a466c

SHA256
af8147df5506bff4c24e7da554df38c71ad0b0ef1d6315e13a74cbb93303f70a

SHA512
1dfcf5de6829dd9f5e28aa37d63686f5b5ef3384e7afb718ea8db37f765b911d07f13af26173ed1e05200d21c9dcd102d1336e1034d8dedce3ea86fd0dd6f202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
00aea706ce1405fd3d7946975c1f94d5

SHA1
60a8f986c68649945bea0d0bf33b8321b1c963dd

SHA256
b12a57e02158a29c265c103df4cf6b8a82577b847c22200ebc56bc5166f40a81

SHA512
7b56e67f9abb8c935a956501db444c723de8b18b5866d8d367965dd441592c8ebbe8d731356cc8b2b71fded8639c79c078fbfc15f8c30301a47ac261e5ece6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
106698c8bb04e80ef55dbfcb1f3f82fa

SHA1
8162510f95455d05604b868309c01b7d6f46250e

SHA256
359771a8b8421554fae023ccc441e147392f21e54bdd8ad06ef4ef87d734b479

SHA512
e54a6cc4cad54bc54d85ae03ee61e7f27cae840ff52d4a3eda9770a743a408f04182fb8f566aed3460dd737b5430f91efad25292d89d0ba165d4a79e23589394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
6a09866b5c909112f401ac8a7f5a04bc

SHA1
286b3cb122153fd15ca8dd3105846b6836892ce5

SHA256
d7a2d9a907eb462d2a0ab0dcd2c6793ec968c9963f8dcec3d575912a247901da

SHA512
87b519548d30b676c3788b24481acb3c5a1513b6e2585064354f18fbfde9778eb86c080142d7499ae895d3a6bb846e5108199e4c7bb7db01fe8c30e9700c4800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
153B

MD5
f34069b879f0bc9904dc26b5331b56f5

SHA1
14efc69d7b4b28d4bc4148c7540d309b6e5e64b2

SHA256
d3ec158d6198ad7342a8fb3573f7cbbb90c412651b2949abe45b4871ab27b26d

SHA512
94b9164cdc63494d40b44390ff1392f3bd0c0e533f0d5d90ad3f0d124410de83417d3e173bfa0181b4ec5378ff71a05162f4a1745c185ac390ec4aad00dacfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
09cd8eea0a2045ad552febacb2ea2916

SHA1
9ed5079f8480f120d78ff2cf89dbbdad06e65305

SHA256
5ce84d9d320229c9f363ca6c3855d7932ee80fc294815c88f9bb18d3f7ee0cd3

SHA512
692ef6eade61d95c799a1e125871af0bc18900bca69662d578f98cba7530bad7f651951ac4c374c5238cb9fc88351b5b22c6a59fc05107cc9123d3d1c2c28912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ff8e.TMP

Filesize
48B

MD5
b50a4363f9eda723623af12110ade623

SHA1
6246068ee18f4dfaf64c12054fb5917cdcf341f7

SHA256
5144b85de2a6a304a44edab93131785fdfc7b43d2da7c72b3a84e442f908cebd

SHA512
6cff3260b95849d8dbb38b88bce52af8d7281c12ec2e4979ae80b8bb318e5d5ce3dd279b959c2b06eac44596559f9088f95deb8997afec58a9dd67192d884402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc62d9f21eadfcb46118933eca64d66d

SHA1
bd476e082729a90a751433ed9cb033eeb51c12ee

SHA256
56b79ed4fdc4154904150151936f45159d1d06fab3ddcd6906acc552fce42023

SHA512
03f7c2cc5934e7ff5f8e07af3b466f1d67fab2b51edea7a14db41aae5fdc0e5af9591bb41af7199ab2067cae3e8d7cbd78e20a9ffaede3889cffd3f56cd0c44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bacb2790f2d99a405f735c0943ce7a1c

SHA1
a3afd65a099bf1c77802324e5422bec740f991dd

SHA256
f6ea8e78fe71b8bdecbbca35e864cb31b3a84d08b049782b766b98a660ed226d

SHA512
966952f3f3f5d667b43afb840e8d245757d18555073a4a455b5b324c6af9dfd61fdb154322caad36b6af0681f924ead4464d4f69a40e4500ad81b15007a278b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7562cdc18e4ebfaea3b856c44246f98e

SHA1
d81b4b58434fdbacc1ba80d37328d32fb85a0995

SHA256
74a1cb366a1e7b16431dac09ba2cedc8560161da8c4dd5dc18dcb69fd4ce9936

SHA512
232c981d15f89dceb6092577b519fae2ba62be9a58c5307e3f4d1618618bdf24d23b1cd314a4c67a5ff2e784237d2081f731f8f4841b54cb5fee5985f2b3709f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
43d62d884cee7bd48c2c32a348b32f6b

SHA1
79ebc527e26c5ec9b6a198c54a694040e48c988e

SHA256
87e6798b90a77988cee117e6789d6cfb5537e227954dac8b1c3fcaa9a11c809d

SHA512
200586ce9437359e1af0185d66975a72f82e77ee798b8c72f31025d473857c671ed1852470aee011ba3fb3175a2d106384ddc6f6b92510412b4fe92ec7cd84fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ba629c357807666c8403b0b2cda6763

SHA1
41dd3d778747f79160f050696be0b2e275e7d33a

SHA256
e216d874bd8a1e91c39bdb4dcd95bf76c1772aa48761f4ff7101439ef6018457

SHA512
a233d93e152c0fc264afecb704046a968d545a1e154a5f1cfc54b34750f57c925b1cce39b5d6a207345452e2b54d0ad4546061261a2b57d5f9a44ca6c0d66959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6dfef2e9049be9114ff41aa1b9407926

SHA1
1b517f86eec9dbcb97cfae04cb09fb7b74fef411

SHA256
23e5a29615a402a7ad414762d52ad5f8cc758280357425319fffad5412ca1145

SHA512
6f34604452af90509adff6bbbe6ad5796a1eb60e7714a15ff8f2ec4633e2f76731783f1546fbc1baf6363d1faa531e536141a4679d4c4dd2feb933e456f2cd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ef00cb2700d5130a420c22d0f732928

SHA1
6c0864f86c39b2404d272ea8fd0f121e5e273652

SHA256
7842c747d1e441cda14a2687a9c0fb88279005a995e2d60ed01a39b45677521a

SHA512
a9e971d3d0af589e8c6d43d2ed8ce5e2f40a508eafae792f8b2162c7b977d0395dd0fa0fe6f44cf291542bf32324e7fee985688f499c512e5167a429af4f1f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f44076790ee5c4b18567db4995e92131

SHA1
15db027575ed51e03221cb3f69e3a96cfb58f607

SHA256
78b57a51d57c1754d518c00b995614abbaf7fa43857ec2ffd1751e96c00fd7e0

SHA512
9a562c530d7c988eb2dcd6a6043d01fd13f1ad5b7e3f1dbbe460537e6e515ae38a393ad8d012989eaff4adf88f21456f1baf7c3978990124112564002f6fefa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ec7cc9abd845e5697e0903744da8714

SHA1
e039c943f787a301a73267652626f27750ba80c7

SHA256
0fdb119eeaadc20b01f0da34611e7b65cf9e60d8c975fa573032c04223e7a124

SHA512
5d7cecf31f501725dd8685785d9e6c688fbc83c60576cb2650818ec5a7072e357902037c5f1cfc40c4024d7cd3b8c8a69192ac52b1b93b8e06dca46e92d4ae32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57af2c.TMP

Filesize
203B

MD5
619e4c73841c397770f9ca7219863dd8

SHA1
bf69e20a7fc85a194e142e844f77e5e01cc6eb87

SHA256
1df05eac4445b02896eb99f4f4a10fba1116b205484113e0df55242f0227ed8e

SHA512
0c6fc50482f99410f6fca2de9d91788f018efcc9c788126654a6160bf04404654ddf28dd3d0e4f6f026621bf87b3bdda356ea46015715a5e75ea43d5cf467326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e56341e10630b3e37c40e54a6fcdb1da

SHA1
3896426be16faa6cc4383aee9d5baf19c7624f79

SHA256
29d295fa17b7b434d243c57efb2f8f2193ffd94ce9c3f097334c7af8d74ed3db

SHA512
baf249c8be6b1f7405232f9dc716a85f37f9ddb2cb43fe7504a8fef375b498706b7104f7e4b6d81bd5aaa970d8b39277d4ff3521872ff53901a41ff79661bad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7fd4d026034e09cd4dcc6feded4c9e98

SHA1
b46d88ba782cb4d2d36922cfc2d0d1feb67aa757

SHA256
48297b9678997c57e3087ba13331cc4a837b57515dd16d0e5b9c37b520e155c8

SHA512
2fcbc7841416739da775544169a6cb431144b05937f5b02c233ff2d6acb8c1962a263afde959795f8dc7495f6379a41f3bd9087ce41956792463d0a9812ab258

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7b7d15acd4db85d65da119283bfca056

SHA1
8b738877080951617707cd39befdb2ea050d180b

SHA256
535121f499c556030882f7e9c7bbbdaa35923ea8285163c506b82fdeaaba21bd

SHA512
e2e8180ac9bfe9166ec294264b2059924515205da3bf3295d2d70eec1af3dfe04155dbb824453fa34d63208beb9d15c53be843f5e52c6b3544b588d053fb63bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d21f7fc61c142263089ffbb74a729278

SHA1
154fbf5c8e3c14d7fb1b0ff52c337f684e88764b

SHA256
1911fbd75a332eb691a0a4ac385b199a672aa35274e4bb55242ba82dfdbe0868

SHA512
1f330bd751935c4f34eb1bb06a54588e716c6d65d354adfd2baca8db22b3343889c6f266c7a530e696e3510b1b80f55a40ab6f46af92b7c6869b637e63939098

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
01d4e83a3b8c49928c3ecf2936f32c87

SHA1
1ebfe5a3a71128c7197ef21b13e372170cd320cc

SHA256
d1ca2549e87691f00a6532b08314d7c7226865e81ba00f7c7607ace6b1bf45a7

SHA512
2633a1ea05e8c2b2c91e4119e25b7d8b9658937f30f92aef460766264c9dea1b6d8091f79a2043348c9096fe4fb64c050bd5d4c87bb21fd1fa8030092ceb7aad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5a2d4d9b328fe9c7ff2ef1aa8ca109a1

SHA1
67688e7bb211f87045e43ed20ca34d6aab8fd8bc

SHA256
b176a025552ccc2c6fe0a592dbe0d9e745e9029df9e022d349e707a6863d50a4

SHA512
552b2daa988df8c32c6b4b11cb577803cdf4b9e6b9d991b5b1f367eb9fcb64784973e8bc59b27648c9b1380023cb4e0b7eb6098eaee6999088c3b02a3326c145

Download Submit
C:\Users\Admin\Downloads\In 10 Minutes This Room Will Explode! _ KreekCraft Reacts (144p).mp4:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 316601.crdownload

Filesize
22.1MB

MD5
f5e50317e794d9a1c847bcb5a4a89784

SHA1
9c8f00b35150e305cba988e5894c3e0934dc029f

SHA256
e71e96e6068234a5ee4c4262d65d5dc7aa240f109d16e12ace9a0c692b1a8a2b

SHA512
b87e55af7c4748667a6250eb1fa3ec1b3bfad40cf270f49d55d958fd7d66e9ce6ee999f1c3d6a118174451d26797190adc4d8b2de0b44fa02518ab59964fd8c3

Download Submit
memory/1548-1745-0x00007FF8AA020000-0x00007FF8AA03B000-memory.dmp

Filesize
108KB

Download
memory/1548-1743-0x00007FF8B1C00000-0x00007FF8B1C11000-memory.dmp

Filesize
68KB

Download
memory/1548-1774-0x0000026F515F0000-0x0000026F526A0000-memory.dmp

Filesize
16.7MB

Download
memory/1548-1757-0x00007FF8A17F0000-0x00007FF8A1AA6000-memory.dmp

Filesize
2.7MB

Download
memory/1548-1728-0x00007FF8B88D0000-0x00007FF8B8904000-memory.dmp

Filesize
208KB

Download
memory/1548-1727-0x00007FF6F8C70000-0x00007FF6F8D68000-memory.dmp

Filesize
992KB

Download
memory/1548-1735-0x00007FF8B53B0000-0x00007FF8B53CD000-memory.dmp

Filesize
116KB

Download
memory/1548-1730-0x00007FF8BC2D0000-0x00007FF8BC2E8000-memory.dmp

Filesize
96KB

Download
memory/1548-1744-0x00007FF8B1BE0000-0x00007FF8B1BF1000-memory.dmp

Filesize
68KB

Download
memory/1548-1736-0x00007FF8A15E0000-0x00007FF8A17EB000-memory.dmp

Filesize
2.0MB

Download
memory/1548-1747-0x00007FF8AA000000-0x00007FF8AA011000-memory.dmp

Filesize
68KB

Download
memory/1548-1752-0x00007FF8A2BB0000-0x00007FF8A2BC1000-memory.dmp

Filesize
68KB

Download
memory/1548-1751-0x00007FF8A2820000-0x00007FF8A289C000-memory.dmp

Filesize
496KB

Download
memory/1548-1746-0x0000026F515F0000-0x0000026F526A0000-memory.dmp

Filesize
16.7MB

Download
memory/1548-1750-0x00007FF8A2BD0000-0x00007FF8A2BE7000-memory.dmp

Filesize
92KB

Download
memory/1548-1749-0x00007FF8A9E30000-0x00007FF8A9E60000-memory.dmp

Filesize
192KB

Download
memory/1548-1748-0x00007FF8A9EE0000-0x00007FF8A9EF8000-memory.dmp

Filesize
96KB

Download
memory/1548-1731-0x00007FF8B5A00000-0x00007FF8B5A17000-memory.dmp

Filesize
92KB

Download
memory/1548-1742-0x00007FF8B46C0000-0x00007FF8B46D1000-memory.dmp

Filesize
68KB

Download
memory/1548-1741-0x00007FF8B4A20000-0x00007FF8B4A38000-memory.dmp

Filesize
96KB

Download
memory/1548-1740-0x00007FF8B20D0000-0x00007FF8B20F1000-memory.dmp

Filesize
132KB

Download
memory/1548-1739-0x00007FF8A2BF0000-0x00007FF8A2C57000-memory.dmp

Filesize
412KB

Download
memory/1548-1738-0x00007FF8B0E00000-0x00007FF8B0E41000-memory.dmp

Filesize
260KB

Download
memory/1548-1737-0x00007FF8B5390000-0x00007FF8B53A1000-memory.dmp

Filesize
68KB

Download
memory/1548-1734-0x00007FF8B53D0000-0x00007FF8B53E1000-memory.dmp

Filesize
68KB

Download
memory/1548-1729-0x00007FF8A17F0000-0x00007FF8A1AA6000-memory.dmp

Filesize
2.7MB

Download
memory/1548-1733-0x00007FF8B5770000-0x00007FF8B5787000-memory.dmp

Filesize
92KB

Download
memory/1548-1732-0x00007FF8B5790000-0x00007FF8B57A1000-memory.dmp

Filesize
68KB

Download
memory/2608-1701-0x00007FF6F8C70000-0x00007FF6F8D68000-memory.dmp

Filesize
992KB

Download
memory/2608-1702-0x00007FF8B88D0000-0x00007FF8B8904000-memory.dmp

Filesize
208KB

Download
memory/2608-1703-0x00007FF8A17F0000-0x00007FF8A1AA6000-memory.dmp

Filesize
2.7MB

Download
memory/2608-1704-0x00007FF8BC2D0000-0x00007FF8BC2E8000-memory.dmp

Filesize
96KB

Download
memory/2608-1705-0x00007FF8B5A00000-0x00007FF8B5A17000-memory.dmp

Filesize
92KB

Download
memory/2608-1706-0x00007FF8B5790000-0x00007FF8B57A1000-memory.dmp

Filesize
68KB

Download