066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577

Resubmissions

01-07-2024 06:58

240701-hrjjaaydre 1

01-07-2024 05:24

01-07-2024 05:22

01-07-2024 05:15

01-07-2024 05:07

01-07-2024 04:55

Analysis

max time kernel
653s
max time network
649s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

490KB
MD5

901bff5e87be7b3c2c3ee45da179bce4
SHA1

2bd44512efd1923b5fd06b3fe2186e506d0f3d66
SHA256

066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577
SHA512

560265edf67899f2594bba5ba16f2243a4fa50f764df17eec7d09a753ca2f0eec2ac72c9d0d70e1bfe471b060fd7e16cfb6f4dfd0029866bf6f0d34be7b00697
SSDEEP

6144:VOxTA8eA8oA89A8iA81A8dA8ZA8SA8WA8NabK:VoA1A9AcABAEAAAqAxAnAhbK

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

WindowsXPHorrorEdition.exeROTANOTEDKSID-Destructive.exeWipeMBR.exeMouseDraw.exepixels.exegl.exeTextOut.exemasher.exe

pid	process
908	WindowsXPHorrorEdition.exe
4100	ROTANOTEDKSID-Destructive.exe
4664	WipeMBR.exe
1984	MouseDraw.exe
3000	pixels.exe
4716	gl.exe
948	TextOut.exe
388	masher.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

WScript.exe

description	ioc	process
File opened (read-only)	\??\E:	WScript.exe
File opened (read-only)	\??\G:	WScript.exe
File opened (read-only)	\??\R:	WScript.exe
File opened (read-only)	\??\S:	WScript.exe
File opened (read-only)	\??\V:	WScript.exe
File opened (read-only)	\??\Y:	WScript.exe
File opened (read-only)	\??\B:	WScript.exe
File opened (read-only)	\??\I:	WScript.exe
File opened (read-only)	\??\J:	WScript.exe
File opened (read-only)	\??\K:	WScript.exe
File opened (read-only)	\??\M:	WScript.exe
File opened (read-only)	\??\O:	WScript.exe
File opened (read-only)	\??\X:	WScript.exe
File opened (read-only)	\??\Z:	WScript.exe
File opened (read-only)	\??\N:	WScript.exe
File opened (read-only)	\??\P:	WScript.exe
File opened (read-only)	\??\T:	WScript.exe
File opened (read-only)	\??\A:	WScript.exe
File opened (read-only)	\??\H:	WScript.exe
File opened (read-only)	\??\L:	WScript.exe
File opened (read-only)	\??\Q:	WScript.exe
File opened (read-only)	\??\U:	WScript.exe
File opened (read-only)	\??\W:	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
51	raw.githubusercontent.com
193	raw.githubusercontent.com
2	raw.githubusercontent.com
3	camo.githubusercontent.com
14	raw.githubusercontent.com
48	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

WipeMBR.exe

description ioc process

File opened for modification \??\PhysicalDrive0 WipeMBR.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 6 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

200 timeout.exe
2096 timeout.exe
3268 timeout.exe
664 timeout.exe
872 timeout.exe
1480 timeout.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	WipeMBR.exe

pid	process
200	timeout.exe
2096	timeout.exe
3268	timeout.exe
664	timeout.exe
872	timeout.exe
1480	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

5084 taskkill.exe
2984 taskkill.exe

pid	process
5084	taskkill.exe
2984	taskkill.exe

Modifies registry class 3 IoCs

Processes:

cmd.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2198854727-3842442895-2838824242-1000\{C02CF115-B304-4E1B-BE78-84F7127E85B3}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2198854727-3842442895-2838824242-1000\{19FFEB83-6244-4827-9112-47453F306FB1}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2592 reg.exe

pid	process
2592	reg.exe

NTFS ADS 4 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 219074.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 846797.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ROTANOTEDKSID-Destructive.exe:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3620 NOTEPAD.EXE

pid	process
3620	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
760	msedge.exe
760	msedge.exe
1844	msedge.exe
1844	msedge.exe
2812	identity_helper.exe
2812	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
696	msedge.exe
696	msedge.exe
4972	msedge.exe
4972	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
2388	msedge.exe
2388	msedge.exe
1124	msedge.exe
1124	msedge.exe
1956	msedge.exe
1956	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
712	msedge.exe
712	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
3988	msedge.exe
3988	msedge.exe
4032	msedge.exe
4032	msedge.exe
1180	msedge.exe
1180	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

AUDIODG.EXEtaskkill.exeWScript.exetaskkill.exe

description	pid	process
Token: 33	2368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2368	AUDIODG.EXE
Token: SeDebugPrivilege	5084	taskkill.exe
Token: SeShutdownPrivilege	4116	WScript.exe
Token: SeCreatePagefilePrivilege	4116	WScript.exe
Token: SeShutdownPrivilege	4116	WScript.exe
Token: SeCreatePagefilePrivilege	4116	WScript.exe
Token: SeDebugPrivilege	2984	taskkill.exe
Token: SeShutdownPrivilege	4116	WScript.exe
Token: SeCreatePagefilePrivilege	4116	WScript.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

WindowsXPHorrorEdition.exeROTANOTEDKSID-Destructive.exe

pid process

908 WindowsXPHorrorEdition.exe
4100 ROTANOTEDKSID-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1844 wrote to memory of 2184	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 2184	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 4224	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 760	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 760	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe
PID 1844 wrote to memory of 432	1844	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44c53cb8,0x7ffd44c53cc8,0x7ffd44c53cd8
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5092 /prefetch:8
2⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5108 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6600 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe
"C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3717872606136458567,6762926297034379792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6008 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44c53cb8,0x7ffd44c53cc8,0x7ffd44c53cd8
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3524 /prefetch:8
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3500 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
2⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
2⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:8
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5952 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1792,10586036805776588838,16440063612957641151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3988

C:\Users\Admin\Downloads\ROTANOTEDKSID-Destructive.exe
"C:\Users\Admin\Downloads\ROTANOTEDKSID-Destructive.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4100

C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6B41.tmp\6B42.tmp\6B43.vbs //Nologo
3⤵
PID:4348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6B41.tmp\s.cmd" "
4⤵
- Modifies registry class
PID:1884

C:\Windows\system32\taskkill.exe
taskkill /f /im taskmgr.exe
5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5084

C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
5⤵
- Modifies registry key
PID:2592

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\WipeMBR.exe
WipeMBR.exe
5⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4664

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\6B41.tmp\snd.vbs"
5⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:4116

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\note.txt
5⤵
- Opens file in notepad (likely ransom note)
PID:3620

C:\Windows\system32\timeout.exe
timeout 5 /nobreak
5⤵
- Delays execution with timeout.exe
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=help+me+my+computer+has+a+virus
5⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44c53cb8,0x7ffd44c53cc8,0x7ffd44c53cd8
6⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2116 /prefetch:2
6⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
6⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
6⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
6⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
6⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
6⤵
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
6⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10474552895308637564,686004208028948792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
6⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\MouseDraw.exe
MouseDraw.exe
5⤵
- Executes dropped EXE
PID:1984

C:\Windows\system32\timeout.exe
timeout 10 /nobreak
5⤵
- Delays execution with timeout.exe
PID:664

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\pixels.exe
pixels.exe
5⤵
- Executes dropped EXE
PID:3000

C:\Windows\system32\timeout.exe
timeout 10 /nobreak
5⤵
- Delays execution with timeout.exe
PID:872

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\gl.exe
gl.exe
5⤵
- Executes dropped EXE
PID:4716

C:\Windows\system32\timeout.exe
timeout 5 /nobreak
5⤵
- Delays execution with timeout.exe
PID:1480

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\TextOut.exe
TextOut.exe
5⤵
- Executes dropped EXE
PID:948

C:\Windows\system32\timeout.exe
timeout 30 /nobreak
5⤵
- Delays execution with timeout.exe
PID:200

C:\Users\Admin\AppData\Local\Temp\6B41.tmp\masher.exe
masher.exe
5⤵
- Executes dropped EXE
PID:388

C:\Windows\system32\timeout.exe
timeout 15 /nobreak
5⤵
- Delays execution with timeout.exe
PID:2096

C:\Windows\system32\taskkill.exe
taskkill /f /im wininit.exe
5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44c53cb8,0x7ffd44c53cc8,0x7ffd44c53cd8
2⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3066a8b5ee69aa68f709bdfbb468b242

SHA1
a591d71a96bf512bd2cfe17233f368e48790a401

SHA256
76f6f3fcef4b1d989542e7c742ff73810c24158ac4e086cbd54f13b430cc4434

SHA512
ad4d30c7be9466a797943230cb9f2ca98f76bf0f907728a0fa5526de1ed23cd5cf81b130ee402f7b3bb5de1e303b049d2867d98cf2039b5d8cb177d7a410b257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62a3a78040f3b8c2b1d7a43789a24d1

SHA1
322df952b3c2206b3998518869e42b6e32990246

SHA256
1e7d5742b103816f22d6d122166088967d0338a0729fdc1c07bc4a078f9e3a0e

SHA512
5a621de31d19eb0ee9e8d7818da74b00e91980e65f6df345ab106217edceae4c43822e8386096e9dd79a192d5e03a12df57b406331154fd2f4783fd24b8644c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c4605aed5013f25a162a5054965829c

SHA1
4cec67cbc5ec1139df172dbc7a51fe38943360cf

SHA256
5c16c584cda1f348a7030e9cab6e9db9e8e47a283dd19879f8bb6d75e170827f

SHA512
bf2a5602fde0de143f9df334249fef2e36af7abeda389376a20d7613e9ccad59f2ca0447576ac1ed60ecf6ab1526c37e68c4614d79ae15c53e1774d325b4036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9dc006008c2c0f8b9364e118e0d2a5a8

SHA1
11db1e4633b504db36fed7f885548e84e82b3970

SHA256
c08e56b2a962db5fade9aaa79950f3204086432539f55782a8e4cd81bb884d2f

SHA512
1c0caa5187a6770e07007d32c89293f411453bd19d1a9bf80fc5fecc66f3b948a1a716864c7d867e747d011b7e4913baf784567cef1d5e06a6150f7e6d2da90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93303119-2aac-41ca-a5ac-c480687a1a84.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b9ea6cb6091859a0e9df1fe5d17332b2

SHA1
93875673a384656fdf14f94a6a99ef28224de508

SHA256
4dfa5a7ba6e12c824e8aa1f714e36542c4e7750af3c49e57149cc26b2fd56170

SHA512
2097fa4fa0e23e6fa7154534796f4b2a65c88e8b669ede8999a82318b1be86b7445ce7f7563c4bc49bc03c0f04af4f4e00d5f1e9406f0209e6e33f04ca6f1210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
bb8585236e2a7ebb9dcc01a5aae03a98

SHA1
586c0161bf52bd8a17d6c9356e213198da523213

SHA256
6b0ec31e8be4ff8918c42a1044a84b3a0150550f0f84efe5575c944f180163e9

SHA512
5d29e32976ac9d833db1c1b9a43bae8343c44724d305745ec80e25798514e28da0931610dce838ca909abd6e2aeba91d2cd3ebbdaca4ff00c763b6c3a7210398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
7179ecbd8f7da6adf9886a6c29cf4121

SHA1
7209b5dc4525f854010f0e9e536a536fe6c248a6

SHA256
20ed4d5381978d6573e6f9cf5d7d2683b43ac2e2c324c7256c7c523113d313ab

SHA512
ddac68e87d246b78015c89d81cf3547de96e2cbeaf0757416ad61a1a1d14671bbd5ded4df8a08d9aad1d8890b2c188bad2e3d5924e007ab83ae04a39b777685f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
5cda423b740f01406380de7553ff6c80

SHA1
247e460d08d4beb2f44f56d9863d3fed218bde0f

SHA256
e4c012cd01362c370fac2c92d97baaeab80f15b4cfb96dd77857e356d546a859

SHA512
28a476eeab75eb02d5ddfe4bb4bfa39846cd3986fe94ddab55b1fa02188678417a9cf2f27ede6507f5af7e792b972a69f3536f50dbe0f893c36dc733c5248745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
94KB

MD5
bad14138a6c711efd1c0e8a879aed8b4

SHA1
ce3a55bd519fc0c626f1d4b9b6586d1ce45f85bb

SHA256
5950694c80a04cb7cd6db2d15b64276ab5e7f67fc075dcf6c871543445e39f99

SHA512
1b989110e6df847d50432b9ae4f82556ae9d7363d616ba091686fda7a6b90e11c06af99b89960e28e95c53277958c285e64f8379d7de5c7dee99ac0e5e611c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
19KB

MD5
0e598b4e0838f1540edaaa0ebf6d1e68

SHA1
a69cc56bc59a19d8e0da1b74db64b0f6c319e095

SHA256
4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17

SHA512
4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2ceefbb9f4b36e3e3177b729df580600

SHA1
28d655f4ae6eb466b20a18291869c3c680937913

SHA256
bea8c5823705940a73c830efdf09a768e60fb544585c6cd3c5b577e891f44a45

SHA512
71a7cfd7c67c8a4cfc167ca4b428b16a591e21c8feaf74ebaa66ef12ee2597b405d9cf7089d20b8061aceabb38b9e5095707a348c6d41462421f33cca0b9ba11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8cdf11c00f75a1b7567f60fd58e837d4

SHA1
d5e7dfa635b904e496cb3da6b34a20037579ff56

SHA256
f01b121471770af6316381bd5a7176ebc1115d43eed8df77bc7cc9c5e7b60262

SHA512
2d91851cb54da972c5f0c87662aebe84e27eddb471659ade021399fa47142f7856f7c9e5d3c3ece2dec0163b7a07f1723289d917f615695b748a5e7e60f8ba0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
77c3042021f182195237d1756a212aa5

SHA1
c88b5768e5a9012a98a20390693a48547a585d0f

SHA256
87a5c73f2d9196f0abcd8e1a46208bcff5aec0aa8ff92588d204ebab23d32b78

SHA512
795952ff39b12d7d0a790655f03b423987e6f64c1cd5ac895b0fd44d8dfad76cf371f3900f240c18e0a6a4de32b2db50612149c90e6eb9a7448f56b95dea62fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6a5c08b2d42fc29c7da708e945611748

SHA1
c3b54d8bc8bb617a59f328daecc08bcbaed1b59f

SHA256
3d877f6219be01963aaaeb544707d008017e97f95ad5ceb1c2f46d9d8d89be03

SHA512
02c4b505ef93ba5b06a5250563c54392d5b6aee858738d0ffd946e56bdb22ab84ec3b54825e30484efba67ff0371eb5e8407e067f1495a22cd694865c5070120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ae16df2f20ec13843bf967eb57c646e0

SHA1
0744b643e1e43ef308bce71e376d5f9764e84d72

SHA256
e99634c7ea61dc8384f6dd050cebe42351acbe114917bdfafcf778bae2bd98aa

SHA512
7c81cbf82a3663fa49f0bf76dcd863428c7921dca58d95ef46025bbcf53bb79cef7195dc8198fa473cd5b9a7e6681426f87ab5356b30adaa95e749e563999a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
742f4e2006dd8f517ee17fb0e485fc1b

SHA1
72cfd8cc5b5f3060734bca5a0bea4073fc99becf

SHA256
5d4a708860f4869ff8ad33c6be5e919efd29205afb3865eacdfabff31ccc0392

SHA512
0164a5f155b98b1c41d062ac6fc6a439e6dd5a155a4df0ab3331567c8278dd13d8e74f0543cea6ba9be2f4af8afeba7c7b0781206fe901c169434f51024e1077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
72ca4906c88f5d7218f7fe6b9922824a

SHA1
f5993b6d24700561f7794cf7aea165d27fc519e1

SHA256
e76992011d25dc88026dcb387aee8dc815e77f66ca0f61f0a255d0c2228fcf96

SHA512
5c0cda6f328798022fd1768fbe5c76723a962822d43e93aeb6feff269be649130e5f71ca228d670c8a336c5cce69921f8ae7e2a251a7684ac3af4b8b90c4b8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8cbf9b2a79c284d7415cccf76e75cbf0

SHA1
c6f1ed1e45ebfbbe5b729a8f28ef79aee495bb69

SHA256
9ce919c7834484700ae8c921f36b769ca2a91d4ca24214cc342dca357841bf79

SHA512
f2517f7d93dad5e19381a9b6c3cc1949a20cc8b983c40e48b746b70b5009e1f7786a25d2a5315f25d2c21ff968cf3c82dbd31990aeca5a6eeb91f091a1c77e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
9d98ceadbd7c8a2f74002d34cf2b1853

SHA1
804e25e0db64ae59542760af2b66d7bcf39bb0ee

SHA256
41d40b72798f4d407c146c0c176e413e9bff3940432741bafd29d6f82ffde117

SHA512
6248085e7abc5d8641b67deca45b45a032a42c0992304cdbca944a4e0c1876e4dc0e2f05043448621047628e16d2e290a44be075eb886de12a7731f4a41f1090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
5e346933206d308306f2fd9bd552221b

SHA1
745dbebc6a8d883439b53df1c5135ebcec0b5eb6

SHA256
08953315ea63596e15c915a3f26623f113666c18e5eab3d7f229a927a0b66410

SHA512
53f5caee6b3deedde8e263b0cbc352a10ae636dc70db98a833a612346c860ae5e04ffc707df77dda7a263e8f07d7698b2edbef7d23cb6d915201b0d8e22cba9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
7e6559d57510fbe09ca5bcd616eac02a

SHA1
3f470f1d1fa74348fc184d6ca7d9b1aee2bf91f8

SHA256
d68b12909598245bd778f4ee47c92b64326ef9ca7e037f3f63e43d07c320a13c

SHA512
9580c4250ae472ed7e83915beeeae0beeb61fdbe8260c358ce0f83d3680576054f8ee2d7a32db53c5b9975a43570c8f8aeef030924efe8aaa34321c71d01b422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
98c2a83114527c4e5784a350a3f980c7

SHA1
78fed694c9d6094a97072883af823270de0e181d

SHA256
cdf308c94a9ab2bd5528cc3dc223849c705158453fe197408b3914f6b3360f5d

SHA512
80fdf8f111ffed6178c8e76b827c530f1da6933fbc9a21d4ca7940d0ca9249fa72fb27d3e2d7b97724873628cc6f517e67a6626e34cc5771458a2176cebe147e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88ae98986ba4cb447538e1e901c58305

SHA1
d7471c4f63361178b7ec80f21d5d89baa2c62155

SHA256
a765878d8b0442e4ce94e6b0def0c36bfb311ae044ef656404ad4e40177bcc69

SHA512
67a1f0b7c1501f2213a7409c71151083100afb773a4108100025f8d9f5b41de19f73f03c4c2dbf2a139b3510615d2c8e826417ac07197d8251b936798d358ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e6397399ba8e44c3fc4df5fcd8ee8c81

SHA1
01f9306946abb675aa947ddb7586dcdd57f7313d

SHA256
34680458e8b4ea24c65c17a3922d55295067f69f2f889a25bd86362317d95f9c

SHA512
ae7b557c2fd6ec622e2aed5cbd43453edbcb3a5d73362939d3f009e69af1dc07730d93abe7f7026d99147108b2cde8ae231d349a0a8b821f500e04c48ea65e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2b231285a01fec55eefbf27b0e250c71

SHA1
18a3ad42a3502f8bb83e56cad90cc7814946f11a

SHA256
44d9137e0367c61811722b842a9524849f299a797c8340c131682d0b787506fa

SHA512
8e39298dddb4fb853fb98f7b345ff7b9c9da16bc05b8ad893297cc490d81b423941a45ac3ea2271ae89d14d81fbd18dbd305287e216649a69cce2a55776a859f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
6227c7296f0c73b88b3f6df6503d9f11

SHA1
d02e5715f2472221bb8ca4a7255818b7abb8386b

SHA256
c2b46935482ec32f864e43208d833b69b5f42e40d02afad409b6c1fdefecee4c

SHA512
6fa2c3a8cf53a7ab8e6e27a7b0dcf9170391c6c20604a710941242517de3d1b9c4f0ca3251667987b7f60f51ac3c779c63671069bd4eac787fc080be4149d85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ca1c1cb73dedb95d8b0554038bc39406

SHA1
b5fb99742118261ac9ac5485a277143ea7f727bb

SHA256
a2c5ce534c14891e37263a267fcfc14de9af71cd90650dad7981d2c7b9030341

SHA512
a397f5efb13440b313d10f2016cb08362eb2465905f15bfd3361ba8c66f68e320b612ae6947922efb5a5d2245272da9f5ace17cba60ab5faf035a002b70cee2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87178b8f8d5ef4e5569f7ca8250a2edc

SHA1
1dbbd1041138dbfefb4c8735bf918f1b3fd591eb

SHA256
c633222663231c7e3b17b208fc324063a1d7eb287c975589d1ec85b0a247381d

SHA512
23df607891e3941028b36960ecaa5be4dd71d7905ad80e68ffe62da326816b52d2597bb6761a49c0883e7ed1039e9f91e924d02c60edecd9ced9708ad6a48f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f70e09544577d1595bcaca557477b0f3

SHA1
400b4b194d45f769fdef4a80a44f75d214ccf8f7

SHA256
b52e415c4999eeb8632795308d951846f4879ab3a975f25a69d61385f40bf206

SHA512
b588f26fccedc4f2fcd11d5b767349b5caa19a35dd37af691b8b3e31f5149b5c923da368b2e43399209bcad571ef1ba8e0d27673e6e4a08fbbb89e6573085aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94cc200fe37ba3a7b1c297e43ac6ea5c

SHA1
d1774d800051e5842282b3066db40d985fed4537

SHA256
aad73dfa5e502494c8ded501ef20313a68a189671b3a7b0a0fe04147e21cecae

SHA512
12e8721b75e344fed5cbe42909a19c7313d43318c3c344891736dfb01082b687d4f931dd63dea67341cfa899067cdb85d18a618f6af02afe0f237e376c139c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
58f11cf5bba8b580227f359dbf2b066d

SHA1
a3a7b063cc771e61c87468c04b16c1e302344fa9

SHA256
b6993083caa2f6b8aed84f21084dd2f2f5a49706d2fe4c53665337f16d50c579

SHA512
90dbe7da1f33023b2bf2984fa4927d000b08f173439bbb1ea62490721c1d27225f165110b23b5343cc28329b93f54fbd8d07156826c04c078dbe33b9467550db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc7ff33c51753ee81571a718cad9523b

SHA1
4286c5bbe76d4d9b7a14f3ca2e3bf897bae888b6

SHA256
62c5fc3a45a6eb2e7314fa827265265ed89e71c6d33f2ea4558b08757acfb0f6

SHA512
db81fd7a06d42c230ec3570b09b7a6f0a8f29e757bc1c84c7ba3edb150901332e6c2e658d3bf368e112e25f25c18353607e3f1ef2f92e53052470f3d693d5be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42f0b2854641f22ac75fb4652f67b8a8

SHA1
696fba49b242d10ab32184e1b8bb213f90366672

SHA256
da4bcf70e4b34f2ac6e7beefc29b61f8e8cd8f56ecffa5044f52e6379a9f8ae6

SHA512
519857f10ef6c3f0931a63ba7eb2dae3089a8ca419d1e336633185bb17cc5ff32a14fa6a1423c374e5cfd087c4991fa121f4b0fd33037c4c2ea121c57e3eceb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d45e799fb0f78ba7f81a5d835eefcbe

SHA1
cd3c5e4024daa3262bf948bfe602034779445f26

SHA256
e6f7997b5d5e8cfe80f1d49722f04c0a1f7a6ea40cf4f590ebc89c6f7b86447a

SHA512
3f204dd84876f17b7346b434d5e37dfe4b95a38559ceb7a569d49bca4acd7c3c23b8685fbdfab8ff6e3d9d2c3c67b3383dccbe38c6525f99d363b77726a11113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e5cca4707f4eed1b5751f8429375d6c4

SHA1
6d2814acf736bbf91406cf470b4664906c25b538

SHA256
62bf5792ddedb342c176a276497981b25cd83f09db451966a5b9c04e7e21d254

SHA512
a98c8e3467b7840446431e692ca45dc35f7fbd721136b2c427733b257a84260cceb7fe88fe2812d87cf644a7ef74977c1d8b4a6f521acd68433500ac3053634c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a86633f149c0eb6fe59c2752163d2131

SHA1
c0cd5af445c0173b6482f104aa7273722f250864

SHA256
50d9ec437ae613f981b2468bfacdaf9c1072bd2f060ece693480b1541e6561fb

SHA512
70f6cf4b69ec4c780f4514d85ac9e7e910a3081ab5ced708815f1194bb6a23c33e67dd378888d379e600e5ca89e3a812daae5aeec5d6f33b84ecc8fb37958051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34b4029e47a519d2d9f12518b95bd3b8

SHA1
619ae44945cd3b680fbede538f47be5487a9a2f6

SHA256
a5af3c360db39dd2be0ffd7175f4b3528264806a16c2544d141f941a6bd80499

SHA512
1933d9e2935f23e5a1a734200b0c26ab85e4436367ef68538c6b245abad6fb8160801c6f3c48f0cdf44615098ab607df40e5907f73ff33ea1ee13ad077d9f65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ae9d795bbf3f2eb135cac1b61800504

SHA1
6e43e0792883fd35377eee053db1d4e75ac843ff

SHA256
90a2e1e8f08026bc90df59c4cd512b8222297ced68f5a54bf573e3c59313430e

SHA512
244d2938cb76263eb7a7fd97fbd71e6d3911557de4d57fee643fdccf56f21c76b0d1fbb9ebdd25b61be794fb61d5209ef85e997e22d4b6ce2bf85069bfb01aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d0fafc3fbd3b0f10064b203091a30d48

SHA1
e2a3e69eeac15be905afa7ebdf54312b8d1abb22

SHA256
e68b6a93de48fb5f766d4095288da72ace356cea32e3d331ddcb23634b67eb71

SHA512
369bc73c0b92f156b1fb896d2ab0a599917518913126309aaf09fba44567d12be7f56521e2269dbbf3370b0fb6955d357ac639d8be3db990fae09c0dbbe1f8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86af4d4c4f9c46b4c361dec79ce871ab

SHA1
6e212e5a49b0501fbe32749b0fc330d494f881be

SHA256
25d480842f352f1c929b64cecfc2a7aecaa2cab4dca8074ed110cd88f91c39bd

SHA512
74ed1044428f31666ed7984c8deb3bb8ede0c19cedde958634eee9aadf92c2e866138959a4ccd43ca7ab47fd3dc3fab86a063079c2e114ff3d4e077f79059ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6eab8a4f20452d34c83c986ca853fb2

SHA1
4e6e46151089330ebd460bd9458db031d967cc0a

SHA256
37397625b137b0aa8762052ea21a1081b45277b568394400be38bb74c9967b05

SHA512
26e2e47d1c07bd92cc340e9e825bcddfe1bcbea1ed7a347697b69ae3da00bdf182d5916f862b3ffee68a74725f00e6d297e3f99e423d4688f6f5fef81ed04081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
de93fcc1f3e2958c674c01270eef8cb8

SHA1
0ef59086dddd4cab5b0239d62c5b88415758a562

SHA256
102d9b7ed4e208b77fe6cf4318cef417fe330c5208a96cbc4ed587f47ce95803

SHA512
eda967d13da4038881a96ecc9086f947b65a0ca690255a6e52914eb919f4be9bbc52e7903d95426e5e6c990a67dcd1536f30dc0b45b9100303c9d91d5476e826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffe464726d1d470bd45ad1b1fdb8509c

SHA1
3d12baead77b98a16f60cdda80b7d68c6d306c61

SHA256
e9bcd177edbffa564e29ec64da76562fcee89602b2b3abcc49b893e791536095

SHA512
fdc5c62bbc7cb47a6ef0f78b9eee9a2387dd2af3657a02b4e506e55428ee69a071cc87c2f725ecc595e5cdb5bc35deebc1f72719571bc668ab0d949c343767a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30d6190b-a409-4e09-89df-64b3ada8b62a\b9ed6afd3d0638f9_0

Filesize
2KB

MD5
fdbb2d3da462b57aadd65626e3a5362b

SHA1
7d0cb6bff32c244d25726eef23b91deb50524e1c

SHA256
00716b5cd47d5e48513b225176fae44087f9ba098944a59240e0fc9185a61bee

SHA512
bbf24dc7a24cf6f6fcc7e1923b1d26d64d4d694bf8d2eb31b6334090f1e90ab5a6b2f5d557f897d6c42fa95a06e5160bc1e9f07472da006222ef581d3bf2fe03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30d6190b-a409-4e09-89df-64b3ada8b62a\index-dir\the-real-index

Filesize
624B

MD5
20ef63e3490f8d81336c6dd105bed56f

SHA1
2bf5416d198d248d89bc1b65bce4e3d8ac2f8786

SHA256
4c6592b453e18db1ee144237eb6ec7bc67c36f509885258f10774b95801df28d

SHA512
ad06626a702c539881cde84d2246e91173e837d21f00f553bf4ae25e8fc71d7be289c56764bb5e25333ee3c5182c2a7b9c8940c7af5ea8aa0a11ebcb6689a1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30d6190b-a409-4e09-89df-64b3ada8b62a\index-dir\the-real-index~RFe5fcb48.TMP

Filesize
48B

MD5
3c9cbfc66dad1801effa839db419836b

SHA1
28d050ad036c9481426ff2fb54a9db6eb4b4a7a7

SHA256
b630a020f739507b2dd1348059664c817cef43ae96cd759e5d1565cab6fc77bd

SHA512
0b91fe461297e72ff0db2f5978b361870e9c787efcad353d1a782ca003f88801fd126c5cf316a1699783a2218f0d7f4e234badec0880d85e79577cec247e6f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebbeeba8-d26d-42ca-933f-91d87720fdcd\index-dir\the-real-index

Filesize
2KB

MD5
fca0a8f79c1a96b2d9751be7460127f4

SHA1
f141a13cdb2f29106bb6c4b15129a4fa45425eac

SHA256
9fd39b5c61d7b5faa50bfdfbf9209612450f30fb997c03f8ab4694c38cf091e1

SHA512
5defd31acf029ec97bf24050d5db3a68445c214409e70616dd1fe7ec38c5db1931a5a4dd69bdb1ff6d7faa0526ee8ef1d200bd3b9478aec2778e2555b9b67e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebbeeba8-d26d-42ca-933f-91d87720fdcd\index-dir\the-real-index

Filesize
2KB

MD5
fa16b71bc0fc82af04965e181821afa2

SHA1
42977afd6a646e756e12e26e5bc5aa83b5b84156

SHA256
72f7c1d479684d0e498e79054eaa94a32640e81380db46b241272865b5a807b5

SHA512
ae69b14b105e0463e0d5003d99dd93e8299b67b369ef98cea4e7cdcb74ed5e43551e1a29ff7defd27c7e9d4ee7ab77530082006b6a3e2e37552e0c57bbdd1a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebbeeba8-d26d-42ca-933f-91d87720fdcd\index-dir\the-real-index

Filesize
2KB

MD5
0498cc6fc67154e674667a42f8b7ec2a

SHA1
1d1ed23f11c8b88159c356f73f91115a87ab4551

SHA256
4a926a365457e6acc42bd759734e0825d7c45d6fea976348e34bd137e05bf8e5

SHA512
d1a3032b3b175c7831cf7be6e7516ba034283f9caa9a878b9dbf256a1420b4f2bfeade6156e96b9ed6ed0cf7e796b48dd9a1424607d8467997fee7156928ea8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ebbeeba8-d26d-42ca-933f-91d87720fdcd\index-dir\the-real-index~RFe5f73d1.TMP

Filesize
48B

MD5
08925125f64d5e36f9d7d0ba71650e8c

SHA1
38388075370584787dcf38755b627bd05078fe50

SHA256
3207fb83306fcf69e122fae5a89fc1f807bd35168fda2dd496adc117ccca063d

SHA512
9af84114b9c207b259f5737d12777131896f5adc8e231353cb98c014eee148753a5c211c1426d1d943cc97f762f19154041e9395a074f3d12948b94769c8ab17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
6f7f3b0d6e4a52c06911b2e7d09c4379

SHA1
0eae3b0c37ec217090729b070301106bbc396fd7

SHA256
93225fa1b9c7ee694f0d5125685f7fbba40bfc36438127394a4ba9ab912c96b2

SHA512
97aa368fab5a8162933c8ee9d9437323791dccb4441c4422c227f12f8fab6d782da27abe4419b567a165e134bb436d7676ea85fecb3c8813e0138e6979cb7035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
fb3ad8ab5f80d7dfd658f56b723645bc

SHA1
8412b5bbb3b730e5d6fce6cc73bd49968422571d

SHA256
7a5daaf4959e2357fafb1cd871047114cfba6237dccf3cf1097527c161a5127b

SHA512
1c5a6d9d3d7372b6b8843139cb7e5e5fef21483b8677b425fe5f340df027b4a87beb2b70f64d2a312f0b6f11e5ddbfe7893b7d0c9eda09479cfa3011983a855a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
ceecfd4c63a359fe09280d09400de7d4

SHA1
12b24beb15a7d7f1827f79aa3e5e28f0431b91f0

SHA256
47916b99db06360f94e6c4c709b1e4f009a6c6ca9678f3b11667499995119110

SHA512
09e190d9e3ec491899d71761736edf04d41086d764883548d8fc4c45b73a3a902f858c2c76b6a68c1ab8bf3de0c06731dd232d46eadc7fd2d2cdd10fc95676a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
3873cf590f136b521951895e91469a38

SHA1
bc4b4dcfe9622b9d611566e9ce0e887615e19c51

SHA256
9bc5598dd3034d868d55038f56ce351977c5a23f019d8043fc69713909a4d442

SHA512
6eaab7c02dfe62ffa7aaed18aa6aba05d6e4a9d94dce82e6b93b1fc3a9592f5b50319c340564dd17d4ffd098b967f7a8c50f66d975f4a743be8236886f6f96b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3839c82caaec2642d491ae8e55060e90

SHA1
973b57891895f76c8fc1e4ece3b267b7f554246a

SHA256
e1877de108669e2d5ac4503d5e7e76966b737eac539883f204299852474e790a

SHA512
4ac1541625757a8cf2fa4253a59c721b4ab59d849b1ce7b3f47c2ce631a6d994780a506c9f9cd399b93d37ccd45f0080c8b32b0becd85072de9ad6a1282c717e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
3e9a37fac1377eb20e4d377e16795dc9

SHA1
4d6c6fac8ae6bd76be4befe7caf89de2baca746b

SHA256
d2b5fe019e3c25bd761c5b26f68e031493572f67057b64206eae1f76ef67f762

SHA512
10b0e6a073422547bf0fa2f2b11e4c80af814b4fb95562d36b11cf7fb7d20e2a4f7ece1050d2c8734aeec9ce7c1b69bc80f72764f4a04c5c66cce48d07a80f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ec1d46f48802da1a9dbfba1752356853

SHA1
15c52761e68bc23d67e34318cac7873d95bf3088

SHA256
1e8cf2400bdc0da7950ddff93e69cc4532799d9868b3c451c00c81d30249936d

SHA512
7581fe9836ec2dbc30a060d11a28d763a18cec0f0be12b7ceee0ef5495005f2ffb7631073b5eca8f78e4cdd07737ffbefdb6d9ce82b17955b1ff298ac64e4211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
115caff1c2c7739564c5487657d80302

SHA1
c88dd3727d0bc2d5d4183eb51a5b5c67918d908d

SHA256
bba3385b326d196624073d9b0a2d9c6d0e71917a0ea8ecc4c71ba4d1fe8b1fd5

SHA512
7f4b5c6354c8439e26b44b29e86287c9008aff7bcbea9c3f1d2fc65fec403cd3de6a97c2346775e55385b0c3a46c88ee16d87b3e7beede6c2820eb1f7c1988a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\c3b561d9-02ad-4b6f-a949-0769ef3312ed\index-dir\the-real-index

Filesize
1KB

MD5
c12bb8f9b5ad197022bed337770e2604

SHA1
ddff2a27b99b7e9df8d2b36f936fcbcd4856d166

SHA256
84c8675ed96579d1f9ab58c0daca5115d9efb7589dd1fcf72e5e459cd8e09278

SHA512
ce38f495b3c8c4d08f193996cf00dbad1709d1f6341da4234d548dccec669c6c3ecd87f6288a2882e0f949741bb445d49a62939ad2baa994a58c514e7100e640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\c3b561d9-02ad-4b6f-a949-0769ef3312ed\index-dir\the-real-index~RFe5f3e5a.TMP

Filesize
48B

MD5
6583d2c4b3d0f3eb28c86c0bd4be5b8a

SHA1
ab1596f69f764d72c5ceda648f1b9d365b904915

SHA256
6d59e21f86478a62f791c59dfd293cee537cabb1c418c53a320d968808bc9c8e

SHA512
e88961822d9dfa7f4be1e03cc76ce45abcb7b4a10d8131e2ee3886d1fb8e9b4664809cc81b321e00859482c102e09f7c772c5b6dd1134e22e82c987e86808630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
2c87e378270dc528a1d0ddc718a4c857

SHA1
150d76bbf4c3941ff31c7c3539ffed055473d009

SHA256
c791d6b3ef251797d425412bc7651954ba731dc131f6bf830ef2c4d2867833f3

SHA512
6833801458661cf84d4d15687c344b010d9206e662748b63783b7c4431650c9f9c4b02f3471a51737f2e374963e7a73688d8e9aa1224c53a07fe7bc320886949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
a0d24a8e28f07f4aef9ead3e4f888ded

SHA1
a7a9876002fe57e8e2dc6ad0e7b1a5fae359e91a

SHA256
acacd73c226d78fa1b19b070c6dbbf111c36632d96d811be12194351e40e8b65

SHA512
6e6071e354b3dd26d9bb48400ea1836dc38747606b314dc04e2096f25c43be7e2f5339670ba713867fae36f5b9177780edcde1a9bd52e0c5dbf6caf6974577fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
c78c7f435efa6ee8d2617bb89e1d353a

SHA1
c75d1a37671bf407097df053780e87cce9364aed

SHA256
3a057466ba785b0d2bce1b92affab3e1f7f83b6d1cc500bd69a88f2a8b31e4c9

SHA512
cf6c7af31a1b526c932c32ebd407c9cf331fdee42d9a932b2ad4db03a96391a4cccb8dd34264c6c3619775fc37f320dc7053447e518065cf42c3b6f35ffcdac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
ce3588687845837bd4e7cb60db85dac0

SHA1
14d7085cf5f3e5b516063080f2d394304ef72a8f

SHA256
8ee62173867c5f55a7ca735b8093f1d29b4bf9b33cc673be9a87fb8b79cee5f7

SHA512
45749f3722284c2423d2212a89c8ca9506b791f344da39779f40b5cdd206d75071a45032eee83b6f49f3087e27123d87d3c7a0fc26bb9c31cdd39c3425eb4c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
aed09cb7c20b3459b427be391181a2e6

SHA1
5b0eb862c0370d4ba3e01d6b45ad5d903a0b4197

SHA256
6988a6c6ce866aaa0979c699ad28e848ab7dd8337d4f1f091a374ab202a6aa1c

SHA512
50a0b71fc112dfa7bc16d3e6a4ba2e5eb4079c0ba7ad09149238a35be9c279d324e43b54d5b1810dafffa02f20654b05c8c93fa8c0ca5c3139a3f15d989e8dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5fc5aa.TMP

Filesize
48B

MD5
281cc63fdcbfb024b1b3b5991d005df6

SHA1
e5e0b18e2d93978c247ce9c3f1ecd6db8c32f2fe

SHA256
3eb9a5eeb9a24a28df089af195aa09b8c86218a0f09c327853311ee418d584f3

SHA512
081249a3339e6784c8f6a791b7a01fb64424300ebb15512edd85791d90cefad1a6235e8657e1cef4af1cafd2ed660c55d7800509f7a58f637788c08a660c71d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
b444bafc88b4dc8f91d8ef7ef3f29f46

SHA1
969d67d46282e94d71d665320d14762a6d5ccfc3

SHA256
1f669fb059b5bb0a829ed455c970e4e143c404c4b739c1aadf63502320c91bcb

SHA512
4d7205f07d672174f87c0af0f2aa0a13705d6ed747b6f746e59f09d117ae432216a7935039173dd5ee70731a28b1d0f31e3740673506ad8b56ceae96107b2efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
bdb70513e4e85661537f30c11cc78923

SHA1
b710ad81cfc456c64e0459743c0185fb042dc71d

SHA256
c9e1e0cca353d934f50471f9961471cbeed4689250e189b42cac70d339b1d3a9

SHA512
b9b829624cf35f89e3222a0ffc3dab169cd9e646adaa9c33769f485ca06f71523bc9104ebaec5dfd49c271a556b167b5aa8be3cda4004add085cbf84f6c23852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364285106361009

Filesize
12KB

MD5
41f50694278b032f5b6b7ea776731b0d

SHA1
13178f58e795711eb8e31bcbd97f25cbf67098bb

SHA256
27c1f993cd6b164b34b4dbcb1047f637ef8c6b4778418c709d58e498d4853a21

SHA512
c906c615bf125d6c4c26c1e1bc80dab4e607d73c57e79b1d85aa0c99a7f507b4e83aadb3395ffa98c4739c54aa1979c0f1a43d1d4b352cc49a7f19f3c86fa789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
f59389f0b6f1d7f3b525c08362a58c87

SHA1
cf77b1f973977ecd7b40403748e509e0316399ff

SHA256
5818d1c078f8dab78304ed92daf6ed95a22a6e74c46837eb363cac0bc0ebc71f

SHA512
130127a0020b9e6e7e4c33174f96c692329acd8249057471878312e8bc5b983534f92c1e718b4b66bc0ad08e659b0c9c87e5fc48f6a551d8a5ed37b19fe5c475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
4a83cb9938198eec1fa10b68fa055710

SHA1
8365ae2f4d686ebc4daae82bbf85341f4f739aff

SHA256
544f9a957aa5d54478daa06f21dea8675cc08369d581f38608f8acd86de196e8

SHA512
1758727ce7764ce1943d769fffadabc1ea773092516bba5bb69cc080db5c40cb996cf7a1c171f42ce6a5e5204c8f292e3de7cde99ca8e7e77724a8a061074c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
037ea172ed681623ebbc5167e925699e

SHA1
6d8e66d870765f25c7f80b81f8dc501a3aa6ff15

SHA256
beddc610fb98a991fd4cad3ddf9ad4d4da5330f50eb5b08d6f19fab77f8d5487

SHA512
b2dc3a6939bd319144fe60ea0a40179471aa92484db142b26343819a4123e1645cb5bd337d14d8be442b33817baf270e19019287275e5d4e1e32f3902069d962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82689262566aa9fac46f8d85d6ff8550

SHA1
2bfb14e01bf4869d1668b2573a8ce005a1c701b5

SHA256
47c62eafdcc3d9f2223c52db7051ae1b285e7bb67908ff33271a92d0493d74a5

SHA512
d7faf76c5bccfe365017cde3aa89ee5bb6a439cb06c1973651606529f04430561afa3d7b776664deaab53d95b19cb36544423f68098b6d6e6bce9829471c03ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5f28e3f904e2d24cf2cf3adabc259b7

SHA1
acf63fe087287a7f462a5ac7bfcfe3a76cb64438

SHA256
fca4b28f8fec6919637dcbc77400c9d1b96e73f3f519074657e9e235e81760b2

SHA512
7e1f66837af1720e8b3b3ae9909356ac1f5e1d31fbfb83910f74e840517c43b5354cae1e5a7ff657cedeb4cef9c7e87eab279f3b1fe72b836c5fb12f6b09371c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ec654c85a8347abcc24a418c7893a3b

SHA1
79aee789016d779ac6e8d7d448619f3400310157

SHA256
d138c52e545a4889771cea267813abb1dbf1519956a7c1ef55436f831539b2d4

SHA512
ae16d09fdce99b9d17633643ede87e2d5fe53ad5ea29fb84ea33c29d93efcf415ab7ebe5737f57292e2426f925e57071d6864b57820d4fa7aa927dbeb9dae702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
32e83ac0b3ff1d4892f07187f2652747

SHA1
ea6a7a85434a720b299b83e893d07d3bc738a729

SHA256
7935b369863f237ab6926df6b0bcbacdb0ff704887d096a6e823551442ce9aba

SHA512
1ef2063aeada7a190f065f00bbf0ea510801a48d86089b32c7b60b8cdc5d00006aa334aa05b43630045c426332af19d6ac54e8fc458c6ea63dcd342bbd156928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0b0ee3fee923a8b13f43247c780a3a2

SHA1
6c217a127d812e1c4be29d2ce5fe9ca9443cf599

SHA256
5ce36440c5c52a5e7a7183d253bc57e34e7dbadf8f8809fc6968276b7a518c2f

SHA512
5815486afcc288d44d0452308dd2114e833b54e5caf99093bfb2a9fd113d3f1e607694c06d8b40ea8f50afbe0967e15eec525a0da91df2a7882f11f3f6b6c2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55061616a63fbba4acab994cdd2b6c1a

SHA1
21212ef6e2f18c972ca29ae4bb24ab2e4bfd6d8a

SHA256
dba600a059e0cfa220e96af502520f36baef3cc368816acf74ecf1f8ec05f5dc

SHA512
9357036938da1c81003f045e16259c721806acc1612bbb6d0d603788a916355788e66a7ef9af347bb2023602959d37b932aaf69b6cf87c98feabbb3d0859f521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8874934e4c1a6424b3b1df1628523772

SHA1
74e36f34e4ff4971d3cdfdbe3b4eb685fc22122e

SHA256
6afe271e1b257b6b0d91a6d870944bc7d8ddef08be0279eba9c3450f4206cefb

SHA512
4ec9a406ec9809d9b169e2e6a1a5641f9211779b665a08c6dda8a36aceb16bc2d6cd142ceee3a9d3ce678cca87d583d4b54d3a8de1040187e25392dcf2d67276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2dd9f385ce6ace9e1df914400e0c690

SHA1
c69ba3f6cfa13e833c3e19e7cccb868efe8997ef

SHA256
565f9f4998f2f23829bc9d3d903a97a0fedbd99dd64980c355e7db69d7b8b3f0

SHA512
43a76118ba77fa830ded67f7c6974889ed62c1ac29f933402ae41de72e83f1a45f593f3c558f7a6002b7f87c64239949956c1399f665451393ab07f118b58b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
00ba428cad42ee31f5e12a8fdb7e808d

SHA1
a849dd18a7239577c9f0db9dc682c48d8d9ed4e8

SHA256
df87cebc4d72f8f9d7d6b27330ce60232a2b5e99df57f0d46b8b6e64b9e6d026

SHA512
89de4596162ec9a8392c842b05832d149051bcaa85d9c7fc4f2ab70fa289723efdbd4fef6d8044838969f85d9ec2b6a27419ae8d0821d3b22b8e4cc26a6b565a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ee53.TMP

Filesize
871B

MD5
35dee3f57d73d6b976e1fbc749fca41f

SHA1
95f0e681acdc17aef2746d91e7235a0eecb38a31

SHA256
8e7dee91ddf98c39213e193e7badad96f717cb5d1d0f073795602bef1c30bf1a

SHA512
0c2a6150548f0204e5fa363038acd0ed859daef513f02869d726ef0531a5f69aa24757442f83d39c4840cdbecde3f73686ad6c87c50ac2f860cb25955c770340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
46495ef41edc11b4bf31c6a24646f614

SHA1
8631310448f6d5880717b371f32f7d2890b0814e

SHA256
30ad0e6ee8216cb8b80b068b18f4a1b2c964dab9e0f22ceb90bcfbb0958be87a

SHA512
7e2b762f8f372f9a1668b63a83c32751d5ed6fdd04853b7ea81d5b0e6fcb464218903fc960a64b14857dd35afbb77b35c858b051e742c0d6b50c628f26a3f6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
6196de92776fff321d63013e98c54e89

SHA1
5e15f57d3458797d00129c4f1353985a8d9a41dc

SHA256
7ef5b34dddcc01c3de53e220ebf96061c03c5a5c076a611c36280f7bd0342121

SHA512
4a4e3e81812e9bf8f7520abea346ae0aa3f3c4091685f4feef092785e0125fe26d14edc8663c78a74c56f1a7304f405279fe99e206662302b7e93113f3364962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
61a6b880124dd551af7bd1212482ff02

SHA1
8ef45a80df8a69792efd653aa443f620869b36eb

SHA256
7e76ce888890de4980e94f027778e65be16600513bc556c393fdcdb657872e48

SHA512
ade9cd0a6510de5701ea709dbba26806efa7c87d730abbe2aefc8ccd0d283ddd2244102f6e665736007b7ce50488c83ee39190296c081604c21fde0701b9ce9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
36KB

MD5
d6d4696162569419344223c01e3c17b1

SHA1
2bcfaf6dc930300f8eb25526bac130903b4e63e8

SHA256
828acaf5d79cc4407dc4cce740e9f7981cfc5103ab856971ff2f550864f87880

SHA512
4a5e286d84bd962b468b093930adb913140ad402be44c4aa531fd10b77734d2c5f04eee556d6fbfa9ec5eede9e726569c73b15937760f729fc80ad207517e36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6b4af8c92e8f5a85a0bfb7459f431a37

SHA1
cb62881010976eff48b4f23cc0c221a4702fe1c2

SHA256
b856287dde4e83e549e5b72d5f1c5ca2f3ff6fcc90cd0868a107ad554b9c31a5

SHA512
864831b1ca59291502d0a006f4dd2652623a8d19d5ddac04b37d9052fa6260159abdc5bfceaefa7141abb90d999f16ce58103e977031cf09f06be6d4dd4aa3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e684be4d8c600f29b2ad512f23641113

SHA1
60e2281a347486eeadae2a136765ad19cfd78a5e

SHA256
2ec186354cc4fd4f01f2c6aabdd2a290f5f95817212ed8f6610c816455a2fa9e

SHA512
4abedd6563524ff40b6b894ceb5599948d2aec2d91917ed9dc6a7cc23bdce628c8cd7a3f8a782d69260b310a212fe922f2cf487ec04b341d8f1a26d3fc35b42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
186bef5707d1e6885043eeec83b5b909

SHA1
d75c1c1ed08927c770fff3f22c4d7846810967f4

SHA256
f55a388f726509e0b555357a05563276eb8ef40ea0d29f055ef1c019c8ed1477

SHA512
95eb1c34cccbbb42dacf4737608ec4d24a20d160c81d31181d6965151621ea78b17ea7e29bb4d051b5f0e033262b8c2f52cc3b10bc11206c93db1c4228d6037d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ede39ee143542d1e9d7ec68f4b5bf35e

SHA1
31b10931d8a0e51c75a21f53fab5f964bcba438d

SHA256
29ae47a2833e9f6f7e973861c00106467c89647d49ec8e4153fa3f26206bc023

SHA512
b77900f212936cb3229cdbb52d39f40123213bd8bd0ce4989f7c19b59b4dbf993a279d7e78bd7cf89089dd799ee144a7e8eac763aaff5e611343b22f05b0808c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
8149c4ae4eca386a5d8045dc3d548dc4

SHA1
2da9367b9e84a231b0505d33034619afebea058d

SHA256
aeac253d90a90eebfe4eeb90efd73767a6247b0a56a44d9ba43233f2e02d675f

SHA512
58a458b16c938df9309cb272546a52fb0d2c58b263f2f114b9affdae14e5c05b03bbe61760e3e63beaa5d18b66da45a156f82d48dea2bdff04cc0e2e16dc28a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d4a128328719a1cf78c70b8716c77f31

SHA1
002e830c22da05fe2e0757fb9a8c1cfeddaa8340

SHA256
81cf9809f7efcaaca13d4d7df5a24feb67d9d2b3ae10ee4fadba1a355963c63e

SHA512
73040d9157be07c97cac0544b4771e477c219ce07ba44c5577a733294a52d33c3194ae1f6b14e90ea393c0f10d8d4b6fa9ab175447ed9425f0602892a2805450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e63b59c64bd9d816f44bf59251a59f1

SHA1
bfb74eac2027c87016d6271a3ec87af8925ee6d8

SHA256
c89f638508909881d1fa01c4b43df802e3e0a6384ae128dac381368c214326a9

SHA512
3f5a26cd10c7a751a23a54bef52cb7fadf362d5c2f1f5bfe5f3790b438282b05c8b7b11afc65f328e84431f3a9560e183e81fd99cf06c4d52df05f9c75418a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
327b997fb87e5f2c76057c0bb9d5d253

SHA1
a4a763b3ae68fc5b897272549cd08777abce8b18

SHA256
992a4f861ae5de23ee24515ce896b5c18675efe81d22275adf257dd72531d1d6

SHA512
48579cf96ba95872f6272edbba2b01a0e2c5e14f552815a1fbae036016e68032fc70d9362ababec4980fb984f1f15e6e877ecefcb11e97f6b1525bf167cd2fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2860261681dee67fc779e267001d53f2

SHA1
e53b3e69963f660b3c57ef25449dfd4ba9fd61e5

SHA256
a8c643f068be5ff555b07f6e1f54eaa62414442ee427f56e13e8d80194c7a92b

SHA512
dffb3b4eb0a6c2c0a0e3190fc95e47e28f3bcac35978ee2e6d0ab8442fe7fb2548f5adfa329fc0e4d017db9598739b1afaed5e896792364f12c4bf25c3c88668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71890d190e447e6e46765a6b8f92f073

SHA1
0179b25a0270ab8fd45fc62c451f18cafbb601e0

SHA256
92de502cb404aa50defe805e04c9e0afe106aef9137d3b59c86a7770ca8fdb0d

SHA512
6397c96849cb4f339a0f0ff169ad79ba6af0d5ead2ea8a9db651b96a4f312c4ddc52722c9353904def0bd47892da09951fd9abccc312a60e38ac13719884b175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b9605e4959e2d219c089ec32c873b0a

SHA1
13c2d0cdad0bb705487659eec8b016aa66a339e7

SHA256
a36f1ac4ac244ee301e3b5c731358b553dddfad3c97ef4e406ae29e302db5b7f

SHA512
79a5abe68421e7cb29bfae4460e0fdc4975f9a16bfbd0e98612601bb811068eea134dec56865ed37750429862b856a13cd7b2c4c60a1165b95c54b7d70998023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5778d7919fd1a42c4eb1b81ccce9e5a8

SHA1
4c88919e9cb3f43492b400cacf55ca358ca47cf3

SHA256
c30a4200a4b3fab2d925b0a3a2259e996814df725ad8596f3dd208d555f1a3c1

SHA512
1391f495fdb66c307386f57935bd22be9e3e3619f37f349a01bbe2c7d2760bc4c94f3f0b5bc0ae2892141bd34b7f7b12b05055b22f0d9a1ef5242dc0f719bddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c888787178a869582da8746eabbcbf51

SHA1
52c820f6102ad9146e72bab454b0ac5b83d4acc4

SHA256
dcd0c9b10924f948a3e65d7b828ae8262367a98eabcd3081ba6fcc4e96899ead

SHA512
09f91e7dc87d91c1e0e6affa323ab188f8d8ae0ef4d88b4c7afebe7fd6a180688f2958bda35e9c9b0b53e5736c0906dcc8bacbda8322b4f3f2948b60388693bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
640KB

MD5
4002181a8573c6f43d6a16c5636b8384

SHA1
58f170b730b8715bb079e00e1e0a977d4f0c4d62

SHA256
cb7cc8f0d487ea4e8fd529e1861d29ab2a50447ace4a476742eedd2baa65e94a

SHA512
ae735b348b3cf5c7a63caf6d85897d8a804bd7f8cb391bb346d6d324940802ecd85c0358f546dcf7bfb8cc54756bc6db21dba10766f8ddbe9664031aa3e41146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
61b08b7eb18c76a2de97766ef0feb7b7

SHA1
08077fe49570314e95f258a7fac15d035d71dd04

SHA256
9a705aad48fb772150c45120b759d4ca4236635c6d3115ca35f13321d063e2e7

SHA512
12760c550a9da8090ef67c9b64995ed3d63142cdd2e9d3edbda60922c8deac6edc47a2ea3242739703c43c1ec302652d244059ac9d7b8e48397b7c2fdde3853e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 846797.crdownload

Filesize
17.9MB

MD5
8b93e46a7e9e681b2124ffe7647bbba1

SHA1
dee59152e78de697f1d23b350cd0f1e14b648960

SHA256
c9b88b16d87992287ef72834bae3ac45db9eba4e32dcc8db4756bf6349d97a25

SHA512
47618d6f367b99a0b9688dd2bdfba9e2999195c556dc8c4defb4284998093d737b586911de280dfaf51fe76ca628fc6d47096dd4077ce2224c4df3272439e138

Download Submit
C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_1844_KNPFCNZZBKURYJDO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/388-2337-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/908-490-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-481-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-491-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-492-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-464-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-482-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-452-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-483-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-484-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-485-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-486-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-462-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-487-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-488-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-489-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-463-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-480-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-467-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-470-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-493-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-494-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/908-495-0x0000000000400000-0x00000000037B4000-memory.dmp

Filesize
51.7MB

Download
memory/948-2320-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2332-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2312-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2316-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2321-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2326-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2309-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2338-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2344-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-2350-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3000-2313-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4116-2199-0x0000016E8F390000-0x0000016E8F5B4000-memory.dmp

Filesize
2.1MB

Download
memory/4664-1977-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4716-2318-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download