hxxps://www[.]youtube[.]com/watch?v=K24yP8hZ288&t=45s

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=K24yP8hZ288&t=45s

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
201	whatismyipaddress.com
202	whatismyipaddress.com
203	whatismyipaddress.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{96E938E7-30F0-4C1C-861A-43A109EFA80B}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5048	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1648	msedge.exe
1648	msedge.exe
2760	identity_helper.exe
2760	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1784	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 4640	1648	msedge.exe	84
PID 1648 wrote to memory of 4640	1648	msedge.exe	84
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 2216	1648	msedge.exe	86
PID 1648 wrote to memory of 1904	1648	msedge.exe	87
PID 1648 wrote to memory of 1904	1648	msedge.exe	87
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88
PID 1648 wrote to memory of 1920	1648	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=K24yP8hZ288&t=45s
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb538f46f8,0x7ffb538f4708,0x7ffb538f4718
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11387319754415373759,1847869249669435046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5972

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\UseJoin.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
fd1f79856510e1cddd8141f1d82aff4f

SHA1
659aa5c13b63adfb1480856cf8da6acd4fa624f4

SHA256
d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4

SHA512
7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
230KB

MD5
00be450e53be4c6908de198044d0d123

SHA1
8791756b3cc3becb7a8daa77d0df718571256c14

SHA256
95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd

SHA512
8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
35KB

MD5
994eaf4ea0bd318e083ce92dbaaa18a5

SHA1
78975ebc52fe50269e9ceb725967cb0f9e23efa7

SHA256
f7d89cd200762bb02136ad999655d852deff77bc66e058758232a51017010022

SHA512
2812f47f31d006c8e89a8fef98c5114e5d5db6255e89127656d0faa12d738b31a9d0c63f62b2c86044ae9504dd78d086d4568f000efbfa95e2e7b1d9bc9906db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
32KB

MD5
bdcf1dd416d169d87ad5f73b2fb38bb2

SHA1
f6f595a5d88f84b54533e34be969f3871ed9942f

SHA256
ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd

SHA512
335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
26d51f80be8b4eba2f2bfd0bf12fd8e1

SHA1
34b25b9da6aa0418b734dfc3ac5303d31bfbb37f

SHA256
a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46

SHA512
5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
3e14359b0f05e10904b2bde617bbb846

SHA1
ad1b1fe9ff4da2bd179a6a2fa61abece0fa8a2bf

SHA256
c41b8a2d243501cf0d2da34e5104d559aae31bb17ad6dab8d464b99a7cd5fce9

SHA512
ce70c2c307918f49834ef12e032717b9fd6f75418565e4ddeccba123492ac4af4b84e75add201ceba9f78ee1d53648f7ef7a62e5e4738b0a8da2b4c51a8f4d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
34KB

MD5
367d6749aabc56bcfd8fe6f68e8ec07f

SHA1
94603bfd837a6cc48b0b413d97e6c21294139f01

SHA256
aba7125a597cbea4846b275de47b9e35fb42202d217c321ad861b09d3b831b5b

SHA512
737b43474c49d945fcc767a082ae79734333de55374c35825993539376577af76175a966e633b8224b4ede6a42738f3298e5c42d7a307f37897857c7c65842c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
53KB

MD5
e680bac4459c2bd460ab00ae6e443d90

SHA1
9aeed4607e01f54c6f3eb9c53ef1dfc1089512a2

SHA256
fb3dcde31e475380e3d0e972dda76a55ff9559c6639ccf12d721d29624157adf

SHA512
f742a74374dda30cc75bcf783d89156de93c939d194fe0dbe83fce113aa3f264438a25d2eabd4143751f8128d5560beae3b2190a2012630525b78bd9251cd0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
457KB

MD5
9f01f300e46d81381a69e64d61b562e0

SHA1
bf78b135b05f1c0bb149dddeab76355ee825221f

SHA256
8693bec113d0c4c0c66699175a52c5ca27d8d451dfbe4b48df5f0a1b8ffec30e

SHA512
d43b8ed40c92f5935c2aaba2d007245542cc8fe73a05e816f9a39c63034f8a5a09f098ddad06fbc1bc55b53693af0447ca7ea92c4cbcc4a2e7f3283b47f80648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f552e0e5ea26969_0

Filesize
54KB

MD5
06f225d2bbe48e7cc12355948f4fb192

SHA1
afa39c105552ee35febd43d356f0d7aec068826d

SHA256
182f8434a9d32f0c7be0c32ac27192000a5315d40f471122517024ced75cf0d8

SHA512
05d899973cfeffd4334d3f13dd4a0c5837bc7a2da0309503b12bbdea7037a23789e5086658de004682541fc3c88deca5ef24f3255a684ffa3452f9117739649b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ac3cc9c9b6cc0242e478576ef255e44c

SHA1
c20700e52b8888fd73586a08e899a5ce75a6beaa

SHA256
099f739c38a11fffdd7caf5e749e3555d485392c9ae26029892b34a2454fed42

SHA512
a00a53efda70e2f52fb7941d80301d6428a04e61a5c59f5b6569e7542be59fd2b52621934c0e0bc4060e16c58ec0bd8647dd4a5a7e084f34f538864368bed522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
98ce020c2ce93b0a8762d8525e74a2d9

SHA1
5c1b80539dab532e82e009476fe95cd15ab00233

SHA256
f57b83e12054985f68d98937aedab6be982bd2789b721c1f1a11ff16e45b0e13

SHA512
e5da4697803da008aa863a88f2b504dded457ecbf1d96cb1b17a42d1b9065383e438dd73278012148c113f73528ca2b09a382c2e252095aa135bfa565ea760aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_64918619ffe83d4c35a17da6cb3a9338.safeframe.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
455fe5035898a9d96a04e756b8d4bd04

SHA1
8e76b48d405b75d478ec6158437b80cf12c14f7a

SHA256
ab78b3e12383faf0f6113b5c15fafa06d159f360816f3b7f4861131c69e08997

SHA512
b8fefcc8ef57b9b94a67ebb1927783ca50c54d21aaafcb9dd54f90e82fdb1eb67e85f2331e552302555b3468f780d34e1a379894efbd5fd01f673cbdf6039a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4c8ea858b3cd6011b9df76142fd249a5

SHA1
6613778de6aabf4bde4d65af3fb52d99c6b71d23

SHA256
8ee6a51f5a853db3bfd94c9038ffa8d11ab49c66555759b2bcb170b3473048db

SHA512
f47c58d83e7449a037a79f759bc98047cf81fc6dc8e6f837a186fc468ce62286a60869e940204150f11bf7de31e48b540fefe812ae0ffcd7881dbe85bb4a0241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
76bb489d8e4c1ab6a2f620a7b14a34e6

SHA1
7c98c224ff87a0de97f84ddb5726c9d0283aff7c

SHA256
b30bf72cb554fe5eaac4ebb5b95c5e5740649aba8e6561ec2abb4afb923e366f

SHA512
57d430f0885eebed9de39e755220620760fb577739908bb0b2b00fe3aa4c2bac75ba11e9e85de70e13d6b3ca0fb53d7681b1e8a84331238dbfee31886c418101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7f21c45b45486151cab7d4470971c16a

SHA1
377fa2bdb72241f5a77d48383cd809db8574bfd2

SHA256
819583488c7f7a1b2a67447138d7d928cd2fb727ac716a69d22df124f9db49e8

SHA512
7d757bd2d59a30a8e9efe3c25cf568451402854e0dd1048e06fcac69c4affa1b4d972d7642c31ee778b621b4167bd8b783f3661cb24c4c2835d9a47244bac1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8bffdff61da0cb9c9ffaa3d1f80619a

SHA1
43c5a310500bb2ef319fe3cc1f09c7bb36a1725b

SHA256
3d229fa6aa77e105d3931fca8ec1c2db3c81e340b5f0387daa533939542e520d

SHA512
7ca252ce7b11c7c7c1c58960743b467bc66d0628c4c6765271b08b32fa1b0e98c04180061b895208e89ba7b9b77940ac805bea49f72f0bcdac18cf5a5c3f3967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
89b432f3f507ab30a0d5d4505c0e09aa

SHA1
e8131823f53d67814c39c0031de5a54bea98331f

SHA256
bf310383ea983d9510c67856f6d3b7eb6824bd67c1e578bb7b8898979c4780c2

SHA512
c8eed85f6812bdca197645baaabd7aa266bb05344db391565c4ac35de0b98a68e7f8565dd2e4eded2e71459938f305f2552b155883b1076e3f98693e50cd0843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca4d9e9c530c3d096790a7d31a32d552

SHA1
301a45bf80dea875bf3dbd6d3fd618d7325c2921

SHA256
fb48fc090a419d50e97e5c2d1fb905a43e38b911c0372f80dbf617065d21a38d

SHA512
62320b00b35a303c3ed4c8c8516640e18b00d6e08c86ff2a6a0670c0ddfd7006ade349dc2a437453c099560bba130647d29bc28b823b70d47cc25bfb5b4edb51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5b8cc2e4912b75232b9699e320251c7a

SHA1
9affa41cacd1838bfcb9d01e105cf3ed88bcbc66

SHA256
3e630298b7ad9208462b35e7c2acf36078ab06700bdeba43f24ac5586d8bc280

SHA512
94f82a1a99212133c688313b49cbc4c002fe5f86d647a3d5ef571b321cfc4c7e723a46c89ccf26dc44ea1b6736f93dd4b94d39442a1aa386ef986ab28dcb04e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c960e37f0b17a354fd8f4c0711197a4

SHA1
84708a07d06e61d48f2ecd283804c1298b661c81

SHA256
acf414a83a3bcaa5df5e43f86d717fc6982261eaf344ac0a2179ce090b7ed605

SHA512
587d3a8912a29c97ae5387394d4f4a126c6ca6412f775b3bc4e0f3cb7d53dbc5c82d871e2464688f358742fa8d9e03de744215192ed0bd6d5b8fea4a16885c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14aed3c7-0ad9-4536-8690-d8811324bc13\index-dir\the-real-index

Filesize
2KB

MD5
023de681dc367007dd8fbcf341468073

SHA1
d496f2fa74b92919323589dbe11166abf3080ce1

SHA256
2dd7b0969333051ef34ea0a42ea1218cb29a3ced6714ef62d7d3511124b3ce24

SHA512
b52b8685177e08403618a52f6ac323c77fc97750a549477a72741bd59f9445e6acb883bb996e8f3d59c005d50479e2fc3e80aef7c75b097b7a617f11ca68921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14aed3c7-0ad9-4536-8690-d8811324bc13\index-dir\the-real-index

Filesize
2KB

MD5
bfdba4ad273fbb109bd29c5232f7e127

SHA1
ee8b2a49e1ea74e4f88298840baf60deb061ae43

SHA256
d59e3e1edbb1e6681ec82efc79d9d147b343d86e9e69331798542a5d463df54b

SHA512
89bc69950dd7ac1905a9669221591a1a85aca57c946fb666e87e3c8e13a0bba30ca375e0491e4be1bd5ebd1d56d1b336b469779eddc3850363faaf3d74b91b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\14aed3c7-0ad9-4536-8690-d8811324bc13\index-dir\the-real-index~RFe57f4ef.TMP

Filesize
48B

MD5
89d15806a8d3474063731f1b9a795aa9

SHA1
fb554a8592a800bc8ccb9f613b0cfc1ba3d386b5

SHA256
a1af1a3a1fd1689f4096042e5cc378d9e7ced0abb458f8798dcfdddb2cac960a

SHA512
3b6562a38de6e977ba5fb9f1fa99eb1dfa8ba581c2d9e7231f86d718bf93f4c2cd800b5fb175a006ac30fe39acaab68d1b7295eadabe9ccdabf4b50f8afd2da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5a1a30fb-47d9-4f33-b1c3-c2105df4f012\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8789ef4-23f4-4a55-bb80-9eceea1a9671\e969d77e575a9dd3_0

Filesize
2KB

MD5
764e28ccab9eacae6bff33a4fcdf83da

SHA1
bf247b6bc565d5a9517b6b69272b8599ed85177a

SHA256
bdd0a809be5b3acccfdef4568429ff8d9a86af2a117eae0966a274cc185af2b5

SHA512
1b87f80d2e92f35446123e8c9cf8c5521d461ca6e247a39ec33600595fc9a230a34aed7e584038ad24dd48c7e305023175268b7c4985ba19ebf58f9d31790e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8789ef4-23f4-4a55-bb80-9eceea1a9671\index-dir\the-real-index

Filesize
624B

MD5
ab52eeaf461629283a1cd67c875ebbdf

SHA1
6c94c95c021012a6d6c2aaa5be7754235ea71485

SHA256
4a1b001d9173496a62c4db58609add692f03321af422dfd1efb12756834e4f58

SHA512
0f221dc1f71099e142fe0fb44a2c190efcac7d31ce61aa2781e8ee875aaa6ded9a7eb4597b4b09535613530d19ace28bdacb392207bdb2364ed516b7d7b7e02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8789ef4-23f4-4a55-bb80-9eceea1a9671\index-dir\the-real-index~RFe58507c.TMP

Filesize
48B

MD5
54f3274f92c404ada751b645320e62f0

SHA1
41a3ad2aab0ad860dde40550a892b59ccfd6b251

SHA256
40474abdcf6a5afc024dbec1049f18f64a400758692ce9a3464d076cce6e1a62

SHA512
170128f3542cc24a5a8114d0d4a42f07d7271a9ba213b9db9fa19d296fb7b250dbe7be6ee7826437a9e295586cb16b61a5191f65dc9c2b4562fd1fee544d0936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
ae67d402c450dfd3ca393a7e298c915a

SHA1
9072b5193c7dff00aa371000e14ee6952cff0112

SHA256
686f60523a4dfad8d5afda2cd3d73f18251d62f2c0312c2f1cb94d38fc2feb53

SHA512
ab36487fde31f42a990fcaca5b86cd28cab89bd6cd1b08ab82082cdf95ef702be1602fd0161fe2ab457f557140bdcd9d148a512ae50b5b6bc1b6732fd09145fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
8a541bcda2189b17339cb7c3378ed373

SHA1
d67fbe1f5b56860af7faa1041eb5f8458d9dcd7f

SHA256
c64f2eed0af8d00567948d9ca32b7a409df4adeb962053c2644efef4750ec36d

SHA512
07b8d445235cf493f4447fee5be1548ad91ce3edff1732b9d0c1b89b8f66eedcb27c4ebc04642fd94899198a136c158ea5248e641334bfe4b426c472d4f1c733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b14a925334b19fb1f8af878a5938bfa9

SHA1
f0b1635ceac4bf6af55a54c3b08f827fd5a27a21

SHA256
c883561c33fd68c3238129c380a4fc1fac8aae9187564456073f97c38dc9a6f3

SHA512
72e0af0b41998eeb97ae897b03062dd1fedf996fec738c3a0e55349ca4f89f5625ac16998e17cdb71e7d764414bd4908b9379ef1b87d4b4981d9131e572ab622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
7b0b1da171318bb75c2303ead4024e6c

SHA1
6886c676c0fdf06f9a5549188b6de2474a8dae7c

SHA256
a085d099b6de1e3ab3b9cf93a2f654df2dc8f3b7a850b889a8d5cd3fa6da3043

SHA512
f4292ffff27a655a8041bae294240ae8654063dde6ae3531aa98827906e540b5228781ddde982f9d9bf8d0595364d439fcebd0acd66b14f184c4be46298eae3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
06fce88ce7eb8f3ff4d26f92b14a3fb7

SHA1
975e255bfb6d358384ecbf117f30205b1f8ea80b

SHA256
91c40b994c3b2956f3d1305f673c53b235a3baa217b757a94739a85fb486f752

SHA512
fd4b852873d68439c6887f2127bb081db44b6ecf5e045e4b7751da7b4407b77011cc006ad4b44c00565956c60e19bc978ff33c52557ed8c863a14988b4e6dd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2f538ef7c6d9e68d73f116a87dbcb8f4

SHA1
9fafcdf2db558f79b21a692ff0d01e7c559c4534

SHA256
6510f01dceff23a185765003a9c8db85f5ffef19a9508da0952362870427e308

SHA512
cfbe361a49e9315d6c9d0757655a76604fb804d22516a6cb4198986d8199dcb665bef9292dae355eef52efb1e18a22dff6396bee231fa4ea05f0c9b9ff4c5d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
649475a1a99d827a9bb06c6057b3ccce

SHA1
0c07ce30baeeb2fe7464c20be8cf8ad42e52efbf

SHA256
59fbb933961a3ec43e369d7b81b8be56c5bb224c04dcbbb709f76f9d3171f5a6

SHA512
c4192c54e8895a8f9548a3b3f2dd249e58c5262f89bea38453f6e71773d44f915a39552baf5cbdf36cec7a39f72354ce148ba1f1fec4f915020c1fdfe40c1404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
b795ae7cc9355d4b2b66785ac5bd4397

SHA1
334d3ee5ed2510cd2949ac09b44af2cbe70ad1a6

SHA256
c65f808f80cbf5309b565a2b71d9fb871241d6cd51afb17ef02d161b72a2e10d

SHA512
ea2f59159f7a31023bdc2ef92c77cff1953bbe61e61608a171efbdc22aac44c31cd907ab326253b8a1fb71c79118ab28eabc8bd5ed74581f7fdb4b8c57d06c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
288877a35043acc6938d35dff5a1fbca

SHA1
1618b19ed41b7ee23c31ad2fb2c9b5edae373143

SHA256
88e8382e9907ccfe725b7ded17eea3bd4ce4e0db987e7f89d4406b9782ed491c

SHA512
1af708c9c8b387c7f27515aaa7110547e1cc486f33aed65bc861737f50c43d4cdaf71f4393b50391a758aff66af9f58424965b10bca9b312d06a9b3d9b550e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57de0c.TMP

Filesize
89B

MD5
66699b856545d32cf50f34052c31c337

SHA1
c960256069d29cd5ee65610776826f7357816e81

SHA256
303558ebd7569e466d169cedad5e915db53d2715f4dc3dd054748b461d856065

SHA512
10d843bab5ecf77cf0205cd44f8adac7fb9b6f3d5aeb32fee3c18c5c439cb1d5ca53655c4388abc7a797c6eb3222b8e976c4a8edcc1632ac46d8e2a80654e3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
cbe5aff6bfa2a2c0a72d1b39b2aa2573

SHA1
0fdb4987278498756b058a081d8ed3c1627a5124

SHA256
f0069a3c43bcd91dfd32e5fa954950f95ff6047610da8feb180e81717b87c594

SHA512
f8744f715315a67786c85424c30482b09027f4e95e9c2550bb6fbff9fccf7433155fa2f5ae6e8acde95ce049eb933dd65a6eeb6cb5a823ff04f05f4a7c7161e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584939.TMP

Filesize
48B

MD5
aadb40787f85211196a8dca51fd13bb4

SHA1
1aa03e9b18281a2d157836444da2b130eb2a6864

SHA256
7dd08736c31fc1c474cd035fbedbc24467bf819f02c23fc90c685b6b1ec91cfa

SHA512
b03819e533580fd1d1642dbb7485d91ee00c3ce13888a9c48655187af5199a9d1a7b43090e04e9c1d69052966433ec8e804d3d817ec1f6d9e78f27c58c96004d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8b8f17be497cb833a18e400e4cbf9406

SHA1
b0cc32f2a48a4d069dad13607f1630f369a2459c

SHA256
802221c6059948960b119a0c650c7568fe5ad78bc5125dc32437aca664719b68

SHA512
c72c478aec2c3f6b2260f419841920122dd2c783f4d23e76107a687a34bb797f029b4bd7656320fea52b811df45b6cf94599c01afe1afbec9cc66d8ef3870c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1824b79f2f213ab4b23bc5b4fd90cf06

SHA1
74957b2eddb2552f6a65eededc774b2691aae2a4

SHA256
7da0f4936c3d6f70ef556a6df518d9db94e298ded9d3aca8533479b2aa915055

SHA512
95ffa35bd25c3a10d83405a876378c5f481943bf51b9c2ad7629181f2b704d3540baafe19830d793c172db83092a7d73bf34531b8918cc0211d27c4f90c798ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c1f82246a432b83fcfbed898504bc136

SHA1
5fd8569fe69acdc975dbe45130394c7da12409d0

SHA256
c59aa2a5bf8c6fb54363071c09cfe8abeb752f804a38abfb66386920c28ab268

SHA512
a373452ee056434b8b85f6856f8928d8729f80b7d9a0d57981b9f462be08c8f65815c170e425a86f27abc2439068981a663e72f471d0ee04c569475e4e604348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
6268132cc6ea8d99b4a03f40f28a0152

SHA1
6795a2985f38f2103ca9ffe43860c009564b6ac4

SHA256
9215203db17f0e41c1a3eddf3a2cc42bc0b4a10dc08e147fab9c3446f7edd33f

SHA512
98f47d7ecc9319153d050915e37fcd4465fb1cbbdda21e7e787a6d140117a48e140db8408ebcd5fe1311e7d1fc3643d46e8294dcab42887a5c5a09726096d4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
acab3e351fdd67d1f7aa9e541762f833

SHA1
262bf2b7149f65ede39122cad7959c608b6138e5

SHA256
d9d10950009fa57be66c6ace8bad006a9c2521fb720d2b8f4406505fee1b2539

SHA512
89a010097d6c54a52f064e48d53df513023988d6f8694e48fc7478184c61b080ea60cef7d4bfd1e68dc2b22210dd6a439f98ec74675346c0d3008a490c6b1bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
0d2cbab178552dc81b0bb3e43a28b9f7

SHA1
7f7e2a116ae3281439225888589ffb5593dadf60

SHA256
ecbcd02a11814e5e28e1f5dd8f0dbc8d2bbf7a550b6796298c20b602bbb9869c

SHA512
40b881b29048fbf3709af0c3df20a250f5b23542603909757dddcd2ebb1cea9f3ebb4567972181d4668ba45eabeff152a09efa2f651b615aed0082ffd7b02dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
68c28ec5fcbd700586298e5ea8289c1c

SHA1
f6f4eb936fc2ed9664b4d0f3947ad187e55b1bc0

SHA256
7df35374cdff8523921cf71adddb383fbb4aeaa077502607d93d2b82bb966b4f

SHA512
91574c35ef4b5517110cd23d276a4fcbd06f7881da3e949e5bbcb12503c52f7c85bfdc1163f26585e2479aa18ba76f07697fa2509040b86447ba4c9eb34a72d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f618.TMP

Filesize
535B

MD5
f202fe4197c52b0c421edcf37114e30b

SHA1
59d81af84d94581543cccd8439e9c2b6e550ee93

SHA256
2814016298ac51fc31481a1a35130ad9e97ee2710c2464d579071ac61dc3b3c9

SHA512
e495003a138aa8ab16b60355463d256c3287f0ddae2b53482d6a51debbf1713594fd55d8b547cee23788fad22e9ee8e4311be58fc12709feab4062d431c46a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdd87720-d94d-4926-861f-03f6a873a57a.tmp

Filesize
6KB

MD5
09a9ca89c7c2d9113dd8028f5c634fd1

SHA1
52d5c5fcf4b7a0ffd7e64803c2157ad02b887fb7

SHA256
c820ae0146f942084dfb610358f2f893ab4620038933028cdff158e4102e0ff1

SHA512
45da746e052d4bfc1aae6ec7342ac36104c7befdb6f90fb37fad2dcd7206d3c4fa4c8771a70f01ef69e5dd95f675b9ab19d9536ee8d295f2cfc79d5f2a0ef179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
22cba59c0d57bc5214ec359f6bd57079

SHA1
e94ef3d0932c7dd2d79213ae45b3dc46a123692f

SHA256
a1b34143de3e2ab16c311a47fe117d12af8968167efec50bacde49c8d2579306

SHA512
5ebea41dfbfaa910b3c3a4d2ef4183933459b5b85a7f9b76b0c1c2dd8e9d37c6a15ece704b3b22fb8827660fd73777ad3053bca026c558c07cab641adfabd0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cab89208bdb1965fa3b48c0a3539f8e7

SHA1
3f6843c613af32947f36e3a59936f455350c5970

SHA256
8d42475f58528eb8ea2ee6d6d7c6fd7a820408dc31fddcb9ecb773af7b32616b

SHA512
5d97f869755212ac709321eea5984d58440f7b26cb28e37b9d0eb160edeedb28f65ad7d8a065a42a2622a473852496a818cf4cafac27d0c19ec5ac2a2f451e58

Download Submit